tomo 0.1.0

data/lib/tomo/ssh/connection.rb

@@ -0,0 +1,82 @@
+require "fileutils"
+require "securerandom"
+require "tmpdir"
+
+module Tomo
+  module SSH
+    class Connection
+      def self.dry_run(host, options)
+        new(
+          host,
+          options,
+          exec_proc: proc { exit(0) },
+          child_proc: proc { Result.empty_success }
+        )
+      end
+
+      attr_reader :host
+
+      def initialize(host, options, exec_proc: nil, child_proc: nil)
+        @host = host
+        @options = options
+        @exec_proc = exec_proc || Process.method(:exec)
+        @child_proc = child_proc || ChildProcess.method(:execute)
+      end
+
+      def ssh_exec(script)
+        ssh_args = build_args(script)
+        logger.script_start(script)
+        Tomo.logger.debug ssh_args.map(&:shellescape).join(" ")
+        exec_proc.call(*ssh_args)
+      end
+
+      def ssh_subprocess(script, verbose: false)
+        ssh_args = build_args(script, verbose)
+        handle_data = ->(data) { logger.script_output(script, data) }
+
+        logger.script_start(script)
+        result = child_proc.call(*ssh_args, on_data: handle_data)
+        logger.script_end(script, result)
+
+        if result.failure? && script.raise_on_error?
+          raise_run_error(script, ssh_args, result)
+        end
+
+        result
+      end
+
+      def close
+        FileUtils.rm_f(control_path)
+      end
+
+      private
+
+      attr_reader :options, :exec_proc, :child_proc
+
+      def logger
+        Tomo.logger
+      end
+
+      def build_args(script, verbose=false)
+        options.build_args(host, script, control_path, verbose)
+      end
+
+      def control_path
+        @control_path ||= begin
+          token = SecureRandom.hex(8)
+          File.join(Dir.tmpdir, "tomo_ssh_#{token}")
+        end
+      end
+
+      def raise_run_error(script, ssh_args, result)
+        ScriptError.raise_with(
+          result.output,
+          host: host,
+          result: result,
+          script: script,
+          ssh_args: ssh_args
+        )
+      end
+    end
+  end
+end

data/lib/tomo/ssh/connection_error.rb

@@ -0,0 +1,16 @@
+module Tomo
+  module SSH
+    class ConnectionError < Error
+      def to_console
+        msg = <<~ERROR
+          Unable to connect via SSH to #{yellow(host.address)} on port #{yellow(host.port)}.
+
+          Make sure the hostname and port are correct and that you have the
+          necessary network (or VPN) access.
+        ERROR
+
+        [msg, super].join("\n")
+      end
+    end
+  end
+end

data/lib/tomo/ssh/connection_validator.rb

@@ -0,0 +1,87 @@
+require "forwardable"
+
+module Tomo
+  module SSH
+    class ConnectionValidator
+      MINIMUM_OPENSSH_VERSION = 7.4
+      private_constant :MINIMUM_OPENSSH_VERSION
+
+      extend Forwardable
+
+      def initialize(executable, connection)
+        @executable = executable
+        @connection = connection
+      end
+
+      def assert_valid_executable!
+        result = begin
+                   ChildProcess.execute(executable, "-V")
+                 rescue StandardError => e
+                   handle_bad_executable(e)
+                 end
+
+        Tomo.logger.debug(result.output)
+        return if result.success? && supported?(result.output)
+
+        raise_unsupported_version(result.output)
+      end
+
+      def assert_valid_connection!
+        script = Script.new(
+          "echo hi",
+          silent: !Tomo.debug?, echo: false, raise_on_error: false
+        )
+        res = connection.ssh_subprocess(script, verbose: Tomo.debug?)
+        raise_connection_failure(res) if res.exit_status == 255
+        raise_unknown_error(res) if res.failure? || res.stdout.chomp != "hi"
+      end
+
+      def dump_env
+        script = Script.new("env", silent: true, echo: false)
+        res = connection.ssh_subprocess(script)
+        Tomo.logger.debug("#{host} environment:\n#{res.stdout.strip}")
+      end
+
+      private
+
+      def_delegators :connection, :host
+      attr_reader :executable, :connection
+
+      def supported?(version)
+        version[/OpenSSH_(\d+\.\d+)/i, 1].to_f >= MINIMUM_OPENSSH_VERSION
+      end
+
+      def handle_bad_executable(error)
+        ExecutableError.raise_with(error, executable: executable)
+      end
+
+      def raise_unsupported_version(ver)
+        UnsupportedVersionError.raise_with(
+          ver,
+          host: host,
+          command: "#{executable} -V",
+          expected_version: "OpenSSH_#{MINIMUM_OPENSSH_VERSION}"
+        )
+      end
+
+      def raise_connection_failure(result)
+        case result.output
+        when /Permission denied/i
+          PermissionError.raise_with(result.output, host: host)
+        when /(Could not resolve|Operation timed out|Connection refused)/i
+          ConnectionError.raise_with(result.output, host: host)
+        else
+          UnknownError.raise_with(result.output, host: host)
+        end
+      end
+
+      def raise_unknown_error(result)
+        UnknownError.raise_with(<<~ERROR.strip, host: host)
+          Unexpected output from `ssh`. Expected `echo hi` to return "hi" but got:
+          #{result.output}
+          (exited with code #{result.exit_status})
+        ERROR
+      end
+    end
+  end
+end

data/lib/tomo/ssh/error.rb

@@ -0,0 +1,11 @@
+module Tomo
+  module SSH
+    class Error < Tomo::Error
+      attr_accessor :host
+
+      def to_console
+        [debug_suggestion, red(message.strip)].compact.join("\n\n")
+      end
+    end
+  end
+end

data/lib/tomo/ssh/executable_error.rb

@@ -0,0 +1,21 @@
+module Tomo
+  module SSH
+    class ExecutableError < Error
+      attr_accessor :executable
+
+      def to_console
+        hint = if executable.to_s.include?("/")
+                 "Is the ssh binary properly installed in this location?"
+               else
+                 "Is #{yellow(executable)} installed and in your "\
+                 "#{blue('$PATH')}?"
+               end
+
+        <<~ERROR
+          Failed to execute #{yellow(executable)}.
+          #{hint}
+        ERROR
+      end
+    end
+  end
+end

data/lib/tomo/ssh/options.rb

@@ -0,0 +1,67 @@
+module Tomo
+  module SSH
+    class Options
+      attr_reader :executable
+
+      def initialize(settings)
+        @executable = settings.fetch(:ssh_executable)
+        @extra_opts = settings.fetch(:ssh_extra_opts)
+        @forward_agent = settings.fetch(:ssh_forward_agent)
+        @reuse_connections = settings.fetch(:ssh_reuse_connections)
+        @connect_timeout = settings.fetch(:ssh_connect_timeout)
+        @strict_host_key_checking = settings.fetch(
+          :ssh_strict_host_key_checking
+        )
+        freeze
+      end
+
+      # rubocop:disable Metrics/AbcSize
+      def build_args(host, script, control_path, verbose)
+        args = [verbose ? "-v" : ["-o", "LogLevel=ERROR"]]
+        args << "-A" if forward_agent
+        args << connect_timeout_option
+        args << strict_host_key_checking_option
+        args.push(*control_opts(control_path, verbose)) if reuse_connections
+        args.push(*extra_opts) if extra_opts
+        args << "-tt" if script.pty?
+        args << host.to_ssh_args
+        args << "--"
+
+        [executable, args, script.to_s].flatten
+      end
+      # rubocop:enable Metrics/AbcSize
+
+      private
+
+      attr_reader :connect_timeout, :extra_opts, :forward_agent,
+                  :reuse_connections, :strict_host_key_checking
+
+      def control_opts(path, verbose)
+        opts = [
+          "-o", "ControlMaster=auto",
+          "-o", "ControlPath=#{path}",
+          "-o"
+        ]
+        opts << (verbose ? "ControlPersist=1s" : "ControlPersist=30s")
+      end
+
+      def connect_timeout_option
+        return [] if connect_timeout.nil?
+
+        ["-o", "ConnectTimeout=#{connect_timeout}"]
+      end
+
+      def strict_host_key_checking_option
+        return [] if strict_host_key_checking.nil?
+
+        value = case strict_host_key_checking
+                when true then "yes"
+                when false then "no"
+                else strict_host_key_checking
+                end
+
+        ["-o", "StrictHostKeyChecking=#{value}"]
+      end
+    end
+  end
+end

data/lib/tomo/ssh/permission_error.rb

@@ -0,0 +1,18 @@
+module Tomo
+  module SSH
+    class PermissionError < Error
+      def to_console
+        as_user = host.user && " as user #{yellow(host.user)}"
+
+        msg = <<~ERROR
+          Unable to connect via SSH to #{yellow(host.address)}#{as_user}.
+
+          Check that you’ve specified the correct username and that your public key
+          is properly installed on the server.
+        ERROR
+
+        [msg, super].join("\n")
+      end
+    end
+  end
+end

data/lib/tomo/ssh/script_error.rb

@@ -0,0 +1,23 @@
+require "shellwords"
+
+module Tomo
+  module SSH
+    class ScriptError < Error
+      attr_accessor :result, :script, :ssh_args
+
+      def to_console
+        msg = <<~ERROR
+          The following script failed on #{yellow(host)} (exit status #{red(result.exit_status)}).
+
+            #{yellow(script)}
+
+          You can manually re-execute the script via SSH as follows:
+
+            #{gray(ssh_args.map(&:shellescape).join(' '))}
+        ERROR
+
+        [msg, super].join("\n")
+      end
+    end
+  end
+end

data/lib/tomo/ssh/unknown_error.rb

@@ -0,0 +1,13 @@
+module Tomo
+  module SSH
+    class UnknownError < Error
+      def to_console
+        msg = <<~ERROR
+          An unknown error occurred trying to SSH to #{yellow(host)}.
+        ERROR
+
+        [msg, super].join("\n")
+      end
+    end
+  end
+end

data/lib/tomo/ssh/unsupported_version_error.rb

@@ -0,0 +1,15 @@
+module Tomo
+  module SSH
+    class UnsupportedVersionError < Error
+      attr_accessor :command, :expected_version
+
+      def to_console
+        msg = <<~ERROR
+          Expected #{yellow(command)} to return #{blue(expected_version)} or higher.
+        ERROR
+
+        [msg, super].join("\n")
+      end
+    end
+  end
+end

data/lib/tomo/ssh.rb

@@ -0,0 +1,36 @@
+module Tomo
+  module SSH
+    autoload :ChildProcess, "tomo/ssh/child_process"
+    autoload :Connection, "tomo/ssh/connection"
+    autoload :ConnectionValidator, "tomo/ssh/connection_validator"
+    autoload :ConnectionError, "tomo/ssh/connection_error"
+    autoload :Error, "tomo/ssh/error"
+    autoload :ExecutableError, "tomo/ssh/executable_error"
+    autoload :Options, "tomo/ssh/options"
+    autoload :PermissionError, "tomo/ssh/permission_error"
+    autoload :ScriptError, "tomo/ssh/script_error"
+    autoload :UnknownError, "tomo/ssh/unknown_error"
+    autoload :UnsupportedVersionError, "tomo/ssh/unsupported_version_error"
+
+    class << self
+      def connect(host:, options:)
+        Tomo.logger.connect(host)
+        return Connection.dry_run(host, options) if Tomo.dry_run?
+
+        build_connection(host, options)
+      end
+
+      private
+
+      def build_connection(host, options)
+        conn = Connection.new(host, options)
+        validator = ConnectionValidator.new(options.executable, conn)
+        validator.assert_valid_executable!
+        validator.assert_valid_connection!
+        validator.dump_env if Tomo.debug?
+
+        conn
+      end
+    end
+  end
+end

data/lib/tomo/task_library.rb

@@ -0,0 +1,51 @@
+require "forwardable"
+
+module Tomo
+  class TaskLibrary
+    extend Forwardable
+
+    def initialize(context)
+      @context = context
+    end
+
+    private
+
+    def_delegators :context, :paths, :settings
+    attr_reader :context
+
+    def die(reason)
+      Runtime::TaskAbortedError.raise_with(
+        reason,
+        task: context.current_task,
+        host: remote.host
+      )
+    end
+
+    def dry_run?
+      Tomo.dry_run?
+    end
+
+    def logger
+      Tomo.logger
+    end
+
+    def raw(string)
+      ShellBuilder.raw(string)
+    end
+
+    def remote
+      context.current_remote
+    end
+
+    def require_setting(*names)
+      missing = names.flatten.select { |sett| settings[sett].nil? }
+      return if missing.empty?
+
+      Runtime::SettingsRequiredError.raise_with(
+        settings: missing,
+        task: context.current_task
+      )
+    end
+    alias require_settings require_setting
+  end
+end

data/lib/tomo/templates/config.rb.erb

@@ -0,0 +1,66 @@
+plugin "git"
+plugin "env"
+plugin "bundler"
+plugin "rails"
+plugin "nvm"
+plugin "puma"
+plugin "rbenv"
+plugin "./plugins/<%= app %>.rb"
+
+host "user@hostname.or.ip.address"
+
+set application: <%= app.inspect %>
+set deploy_to: "/var/www/%<application>"
+set nvm_node_version: <%= node_version&.inspect || "nil # FIXME" %>
+set nvm_yarn_version: <%= yarn_version.inspect %>
+set rbenv_ruby_version: <%= RUBY_VERSION.inspect %>
+set git_url: <%= git_origin_url&.inspect || "nil # FIXME" %>
+set git_branch: "master"
+set git_exclusions: %w[
+  .tomo/
+  spec/
+  test/
+]
+set env_vars: {
+  RAILS_ENV: "production",
+  RACK_ENV: "production",
+  DATABASE_URL: :prompt,
+  SECRET_KEY_BASE: :prompt
+}
+set linked_dirs: %w[
+  .bundle
+  log
+  node_modules
+  public/assets
+]
+
+setup do
+  run "env:setup"
+  run "core:setup_directories"
+  run "git:clone"
+  run "git:create_release"
+  run "core:symlink_shared"
+  run "nvm:install"
+  run "rbenv:install"
+  run "bundler:upgrade_bundler"
+  run "bundler:install"
+  run "rails:db_create"
+  run "rails:db_schema_load"
+  run "rails:db_seed"
+end
+
+deploy do
+  run "env:update"
+  run "git:create_release"
+  run "core:symlink_shared"
+  run "core:write_release_json"
+  run "bundler:install"
+  run "rails:db_migrate"
+  run "rails:db_seed"
+  run "rails:assets_precompile"
+  run "core:symlink_current"
+  run "puma:restart"
+  run "core:clean_releases"
+  run "bundler:clean"
+  run "core:log_revision"
+end

data/lib/tomo/testing/Dockerfile

@@ -0,0 +1,10 @@
+FROM ubuntu:18.04
+WORKDIR /provision
+COPY ./tomo_test_ed25519.pub /root/.ssh/authorized_keys
+COPY ./ubuntu_setup.sh ./
+RUN ./ubuntu_setup.sh
+COPY ./custom_setup.sh ./
+RUN ./custom_setup.sh
+EXPOSE 22
+EXPOSE 3000
+CMD ["/usr/sbin/sshd", "-D"]

data/lib/tomo/testing/connection.rb

@@ -0,0 +1,34 @@
+module Tomo
+  module Testing
+    class Connection < Tomo::SSH::Connection
+      def initialize(host, options)
+        super(
+          host,
+          options,
+          exec_proc: proc { raise MockedExecError },
+          child_proc: method(:mock_child_process)
+        )
+      end
+
+      def ssh_exec(script)
+        host.scripts << script
+        super
+      end
+
+      def ssh_subprocess(script, verbose: false)
+        host.scripts << script
+        super
+      end
+
+      private
+
+      def mock_child_process(*_ssh_args, on_data:)
+        result = host.result_for(host.scripts.last)
+
+        on_data.call(result.stdout) unless result.stdout.empty?
+        on_data.call(result.stderr) unless result.stderr.empty?
+        result
+      end
+    end
+  end
+end

data/lib/tomo/testing/docker_image.rb

@@ -0,0 +1,115 @@
+require "fileutils"
+require "open3"
+require "securerandom"
+require "shellwords"
+require "tmpdir"
+
+at_exit { Tomo::Testing::DockerImage.running_images.each(&:stop) }
+
+module Tomo
+  module Testing
+    class DockerImage
+      class << self
+        attr_reader :running_images
+      end
+      @running_images = []
+
+      attr_accessor :setup_script
+      attr_reader :host
+
+      def initialize
+        @setup_script = "#!/bin/bash\n"
+      end
+
+      def build_and_run
+        raise "Already running!" if frozen?
+
+        set_up_build_dir
+        pull_base_image_if_needed
+        @image_id = build_image
+        @container_id = start_container
+        @host = Host.parse("deployer@localhost", port: find_ssh_port)
+        DockerImage.running_images << self
+        freeze
+      end
+
+      def stop
+        DockerImage.running_images.delete(self)
+        Local.capture("docker stop #{container_id}", raise_on_error: false)
+        nil
+      end
+
+      def puma_port
+        return 3000 if ENV["_TOMO_CONTAINER"]
+
+        Local.capture("docker port #{container_id} 3000")[/:(\d+)/, 1].to_i
+      end
+
+      # Connecting to SSH servers on local docker containers often triggers
+      # known_hosts errors due to each container potentially having a
+      # different host key. Work around this by using an empty blank temp file
+      # for storing known_hosts.
+      def ssh_settings
+        hosts_file = File.join(Dir.tmpdir, "tomo_#{SecureRandom.hex(8)}_hosts")
+        key_file = File.expand_path("tomo_test_ed25519", __dir__)
+        FileUtils.chmod(0o600, key_file)
+
+        {
+          ssh_extra_opts: [
+            "-o", "UserKnownHostsFile=#{hosts_file}",
+            "-o", "IdentityFile=#{key_file}"
+          ],
+          ssh_strict_host_key_checking: false
+        }
+      end
+
+      private
+
+      attr_reader :container_id, :image_id
+
+      def pull_base_image_if_needed
+        images = Local.capture('docker images --format "{{.ID}}" ubuntu:18.04')
+        Local.capture("docker pull ubuntu:18.04") if images.strip.empty?
+      end
+
+      def build_image
+        Local.capture(
+          "docker build #{build_dir}"
+        )[/Successfully built (\S+)$/i, 1]
+      end
+
+      def start_container
+        host_container = ENV["_TOMO_CONTAINER"]
+        args = "--detach --init #{image_id}"
+        if host_container
+          args.prepend("--network=container:#{host_container} ")
+        else
+          args.prepend("--publish-all ")
+        end
+        Local.capture("docker run #{args}")[/\S+/]
+      end
+
+      def find_ssh_port
+        return 22 if ENV["_TOMO_CONTAINER"]
+
+        Local.capture("docker port #{container_id} 22")[/:(\d+)/, 1].to_i
+      end
+
+      def set_up_build_dir
+        FileUtils.mkdir_p(build_dir)
+        files = %w[Dockerfile tomo_test_ed25519.pub ubuntu_setup.sh]
+        files.each do |file|
+          FileUtils.cp(File.expand_path(file, __dir__), build_dir)
+        end
+        IO.write(File.join(build_dir, "custom_setup.sh"), setup_script)
+        FileUtils.chmod(0o755, File.join(build_dir, "custom_setup.sh"))
+      end
+
+      def build_dir
+        @_build_dir ||= begin
+          File.join(Dir.tmpdir, "tomo_docker_#{SecureRandom.hex(8)}")
+        end
+      end
+    end
+  end
+end