dokku-compose 0.9.2 → 0.10.0

package/README.md

@@ -124,6 +124,7 @@ All features are idempotent — running `up` twice produces no changes.
 | Zero-Downtime Checks | Configure deploy checks, disable per process type | [checks](docs/reference/checks.md) |
 | Log Management | Log retention and vector sink configuration | [logs](docs/reference/logs.md) |
 | Plugins | Install Dokku plugins declaratively | [plugins](docs/reference/plugins.md) |
+| Docker Auth | Authenticate the host docker daemon to private registries (e.g. ghcr.io) for `git:from-image` flows | [docker_auth](docs/reference/docker_auth.md) |
 | Postgres | Postgres services with optional S3 backups | [postgres](docs/reference/postgres.md) |
 | Redis | Redis service instances | [redis](docs/reference/redis.md) |
 | Service Links | Link postgres/redis services to apps | [plugins](docs/reference/plugins.md#linking-services-to-apps-appsapplinks) |

package/dist/index.js

@@ -68,15 +68,15 @@ var AppSchema = z.object({
   git: GitSchema.optional()
 });
 var ServiceBackupAuthSchema = z.object({
-  access_key_id: z.string(),
-  secret_access_key: z.string(),
-  region: z.string(),
-  signature_version: z.string(),
-  endpoint: z.string()
+  access_key_id: z.string().min(1),
+  secret_access_key: z.string().min(1),
+  region: z.string().min(1),
+  signature_version: z.string().min(1),
+  endpoint: z.string().min(1)
 });
 var ServiceBackupSchema = z.object({
-  schedule: z.string(),
-  bucket: z.string(),
+  schedule: z.string().min(1),
+  bucket: z.string().min(1),
   auth: ServiceBackupAuthSchema
 });
 var PostgresSchema = z.object({
@@ -92,11 +92,16 @@ var PluginSchema = z.object({
   url: z.string().url(),
   version: z.string().optional()
 });
+var DockerAuthEntrySchema = z.object({
+  username: z.string().min(1),
+  password: z.string().min(1)
+});
 var ConfigSchema = z.object({
   dokku: z.object({
     version: z.string().optional()
   }).optional(),
   plugins: z.record(z.string(), PluginSchema).optional(),
+  docker_auth: z.record(z.string(), DockerAuthEntrySchema).optional(),
   networks: z.array(z.string()).optional(),
   postgres: z.record(z.string(), PostgresSchema).optional(),
   redis: z.record(z.string(), RedisSchema).optional(),
@@ -113,7 +118,22 @@ function parseConfig(raw) {
 
 // src/core/config.ts
 function interpolateEnvVars(content) {
-  return content.replace(/\$\{([^}]+)\}/g, (_, name) => process.env[name] ?? "");
+  const missing = [];
+  const result = content.replace(/\$\{([^}]+)\}/g, (_, name) => {
+    const value = process.env[name];
+    if (value === void 0 || value === "") {
+      missing.push(name);
+      return "";
+    }
+    return value;
+  });
+  if (missing.length > 0) {
+    const unique = Array.from(new Set(missing));
+    throw new Error(
+      `Unset environment variable(s) referenced in config: ${unique.join(", ")}`
+    );
+  }
+  return result;
 }
 function loadConfig(filePath) {
   if (!fs.existsSync(filePath)) {
@@ -790,6 +810,15 @@ async function ensurePlugins(ctx, plugins) {
   }
 }
 
+// src/modules/docker-auth.ts
+async function ensureDockerAuth(ctx, config) {
+  for (const [server, creds] of Object.entries(config)) {
+    logAction("docker-auth", `Logging in to ${server} as ${creds.username}`);
+    await ctx.run("registry:login", server, creds.username, creds.password);
+    logDone();
+  }
+}
+
 // src/modules/network.ts
 async function ensureNetworks(ctx, networks) {
   for (const net of networks) {
@@ -844,7 +873,6 @@ async function ensurePostgresBackups(ctx, services) {
       continue;
     }
     const { schedule, bucket, auth } = config.backup;
-    await ctx.run("postgres:backup-deauth", name);
     await ctx.run(
       "postgres:backup-auth",
       name,
@@ -855,6 +883,12 @@ async function ensurePostgresBackups(ctx, services) {
       auth.endpoint
     );
     await ctx.run("postgres:backup-schedule", name, schedule, bucket);
+    const cronOutput = await ctx.query("postgres:backup-schedule-cat", name);
+    if (!parseBackupSchedule(cronOutput)) {
+      throw new Error(
+        `Backup schedule for ${name} was not installed after backup-schedule ran`
+      );
+    }
     await ctx.run("config:set", "--global", `${hashKey}=${desiredHash}`);
     logDone();
   }
@@ -1061,6 +1095,7 @@ async function ensureGlobalNginx(ctx, nginx) {
 async function runUp(ctx, config, appFilter) {
   const apps = appFilter.length > 0 ? appFilter : Object.keys(config.apps);
   if (config.plugins) await ensurePlugins(ctx, config.plugins);
+  if (config.docker_auth) await ensureDockerAuth(ctx, config.docker_auth);
   if (config.domains !== void 0) await ensureGlobalDomains(ctx, config.domains);
   if (config.env !== void 0) await ensureGlobalConfig(ctx, config.env);
   if (config.logs !== void 0) await ensureGlobalLogs(ctx, config.logs);
@@ -1220,9 +1255,14 @@ function maskValue(value) {
   return `****${value.slice(-4)}`;
 }
 function maskSensitiveArgs(cmd) {
-  return cmd.replace(/([^\s=]*(?:TOKEN|SECRET|PASSWORD|KEY|AUTH|CREDENTIAL)[^\s=]*)=(\S+)/gi, (_, key, value) => {
+  let masked = cmd.replace(/([^\s=]*(?:TOKEN|SECRET|PASSWORD|KEY|AUTH|CREDENTIAL)[^\s=]*)=(\S+)/gi, (_, key, value) => {
     return `${key}=${maskValue(value)}`;
   });
+  masked = masked.replace(
+    /^(registry:login\s+\S+\s+\S+\s+)(\S+)/,
+    (_, prefix, password) => `${prefix}${maskValue(password)}`
+  );
+  return masked;
 }
 function maskSensitiveData(data) {
   if (data === null || data === void 0) return data;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dokku-compose",
-  "version": "0.9.2",
+  "version": "0.10.0",
   "description": "Docker Compose for Dokku — declare your entire server in a single YAML file.",
   "main": "dist/index.js",
   "exports": "./dist/index.js",