From 0ff1450a74ce04d75d6cfd24fabfdbd56682cecf Mon Sep 17 00:00:00 2001 From: Eric Hutzelman Date: Tue, 1 Oct 2024 18:49:08 -0500 Subject: [PATCH 01/28] Update init description for kamal secrets No longer uses .env stub, replace with secrets stub in .kamal directory. --- lib/kamal/cli/main.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/cli/main.rb b/lib/kamal/cli/main.rb index 69735f2a3..5fdb5469a 100644 --- a/lib/kamal/cli/main.rb +++ b/lib/kamal/cli/main.rb @@ -135,7 +135,7 @@ def docs(section = nil) puts "No documentation found for #{section}" end - desc "init", "Create config stub in config/deploy.yml and env stub in .env" + desc "init", "Create config stub in config/deploy.yml and secrets stub in .kamal" option :bundle, type: :boolean, default: false, desc: "Add Kamal to the Gemfile and create a bin/kamal binstub" def init require "fileutils" From 4f7ebd73a35640962e50113fdc79f2c724dbfbfc Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 2 Oct 2024 16:30:32 -0700 Subject: [PATCH 02/28] Specifics#accessory_hosts was being filtered out by role host check --- lib/kamal/commander/specifics.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/kamal/commander/specifics.rb b/lib/kamal/commander/specifics.rb index 190d2b69a..238cc012e 100644 --- a/lib/kamal/commander/specifics.rb +++ b/lib/kamal/commander/specifics.rb @@ -43,7 +43,12 @@ def specified_roles end def specified_hosts - (specific_hosts || config.all_hosts) \ - .select { |host| (specific_roles || config.roles).flat_map(&:hosts).include?(host) } + specified_hosts = specific_hosts || config.all_hosts + + if (specific_role_hosts = specific_roles&.flat_map(&:hosts)).present? + specified_hosts.select { |host| specific_role_hosts.include?(host) } + else + specified_hosts + end end end From 7be2e7e0bafd5cdf48508afdf33babbf73e5b1ea Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 2 Oct 2024 17:03:30 -0700 Subject: [PATCH 03/28] Test accessory_hosts with roles and without filtering --- test/commander_test.rb | 21 ++++++++++++++ test/fixtures/deploy_with_accessories.yml | 2 +- .../fixtures/deploy_with_single_accessory.yml | 29 +++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 test/fixtures/deploy_with_single_accessory.yml diff --git a/test/commander_test.rb b/test/commander_test.rb index 54031e803..b6b61e168 100644 --- a/test/commander_test.rb +++ b/test/commander_test.rb @@ -150,6 +150,27 @@ class CommanderTest < ActiveSupport::TestCase assert_equal [ "1.1.1.2" ], @kamal.proxy_hosts end + test "accessory hosts without filtering" do + configure_with(:deploy_with_single_accessory) + assert_equal [ "1.1.1.5" ], @kamal.accessory_hosts + + configure_with(:deploy_with_accessories) + assert_equal [ "1.1.1.5", "1.1.1.1", "1.1.1.2" ], @kamal.accessory_hosts + end + + test "accessory hosts with role filtering" do + configure_with(:deploy_with_single_accessory) + @kamal.specific_roles = [ "web" ] + assert_equal [ ], @kamal.accessory_hosts + + configure_with(:deploy_with_accessories) + @kamal.specific_roles = [ "web" ] + assert_equal [ "1.1.1.1", "1.1.1.2" ], @kamal.accessory_hosts + + @kamal.specific_roles = [ "workers" ] + assert_equal [ ], @kamal.accessory_hosts + end + private def configure_with(variant) @kamal = Kamal::Commander.new.tap do |kamal| diff --git a/test/fixtures/deploy_with_accessories.yml b/test/fixtures/deploy_with_accessories.yml index 29f502ece..e6c6825f5 100644 --- a/test/fixtures/deploy_with_accessories.yml +++ b/test/fixtures/deploy_with_accessories.yml @@ -16,7 +16,7 @@ builder: accessories: mysql: image: mysql:5.7 - host: 1.1.1.3 + host: 1.1.1.5 port: 3306 env: clear: diff --git a/test/fixtures/deploy_with_single_accessory.yml b/test/fixtures/deploy_with_single_accessory.yml new file mode 100644 index 000000000..4af4a9e6a --- /dev/null +++ b/test/fixtures/deploy_with_single_accessory.yml @@ -0,0 +1,29 @@ +service: app +image: dhh/app +servers: + web: + - "1.1.1.1" + - "1.1.1.2" + workers: + - "1.1.1.3" + - "1.1.1.4" +registry: + username: user + password: pw +builder: + arch: amd64 + +accessories: + mysql: + image: mysql:5.7 + host: 1.1.1.5 + port: 3306 + env: + clear: + MYSQL_ROOT_HOST: '%' + secret: + - MYSQL_ROOT_PASSWORD + files: + - test/fixtures/files/my.cnf:/etc/mysql/my.cnf + directories: + - data:/var/lib/mysql From 82a436fa02cbc5b2c76fadc1886f7bfc135fdbb2 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 2 Oct 2024 17:07:51 -0700 Subject: [PATCH 04/28] Rubocop --- test/commander_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/commander_test.rb b/test/commander_test.rb index b6b61e168..fc047d4fe 100644 --- a/test/commander_test.rb +++ b/test/commander_test.rb @@ -161,14 +161,14 @@ class CommanderTest < ActiveSupport::TestCase test "accessory hosts with role filtering" do configure_with(:deploy_with_single_accessory) @kamal.specific_roles = [ "web" ] - assert_equal [ ], @kamal.accessory_hosts + assert_equal [], @kamal.accessory_hosts configure_with(:deploy_with_accessories) @kamal.specific_roles = [ "web" ] assert_equal [ "1.1.1.1", "1.1.1.2" ], @kamal.accessory_hosts @kamal.specific_roles = [ "workers" ] - assert_equal [ ], @kamal.accessory_hosts + assert_equal [], @kamal.accessory_hosts end private From e5ca53db6ee84fd136ab983c8d3d88b69e246aa6 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 2 Oct 2024 17:34:13 -0700 Subject: [PATCH 05/28] Use new deploy config so as not to update all other tests --- test/commander_test.rb | 4 +- test/fixtures/deploy_with_accessories.yml | 2 +- ...with_accessories_on_independent_server.yml | 38 +++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 test/fixtures/deploy_with_accessories_on_independent_server.yml diff --git a/test/commander_test.rb b/test/commander_test.rb index fc047d4fe..4f0a829eb 100644 --- a/test/commander_test.rb +++ b/test/commander_test.rb @@ -154,7 +154,7 @@ class CommanderTest < ActiveSupport::TestCase configure_with(:deploy_with_single_accessory) assert_equal [ "1.1.1.5" ], @kamal.accessory_hosts - configure_with(:deploy_with_accessories) + configure_with(:deploy_with_accessories_on_independent_server) assert_equal [ "1.1.1.5", "1.1.1.1", "1.1.1.2" ], @kamal.accessory_hosts end @@ -163,7 +163,7 @@ class CommanderTest < ActiveSupport::TestCase @kamal.specific_roles = [ "web" ] assert_equal [], @kamal.accessory_hosts - configure_with(:deploy_with_accessories) + configure_with(:deploy_with_accessories_on_independent_server) @kamal.specific_roles = [ "web" ] assert_equal [ "1.1.1.1", "1.1.1.2" ], @kamal.accessory_hosts diff --git a/test/fixtures/deploy_with_accessories.yml b/test/fixtures/deploy_with_accessories.yml index e6c6825f5..29f502ece 100644 --- a/test/fixtures/deploy_with_accessories.yml +++ b/test/fixtures/deploy_with_accessories.yml @@ -16,7 +16,7 @@ builder: accessories: mysql: image: mysql:5.7 - host: 1.1.1.5 + host: 1.1.1.3 port: 3306 env: clear: diff --git a/test/fixtures/deploy_with_accessories_on_independent_server.yml b/test/fixtures/deploy_with_accessories_on_independent_server.yml new file mode 100644 index 000000000..e6c6825f5 --- /dev/null +++ b/test/fixtures/deploy_with_accessories_on_independent_server.yml @@ -0,0 +1,38 @@ +service: app +image: dhh/app +servers: + web: + - "1.1.1.1" + - "1.1.1.2" + workers: + - "1.1.1.3" + - "1.1.1.4" +registry: + username: user + password: pw +builder: + arch: amd64 + +accessories: + mysql: + image: mysql:5.7 + host: 1.1.1.5 + port: 3306 + env: + clear: + MYSQL_ROOT_HOST: '%' + secret: + - MYSQL_ROOT_PASSWORD + files: + - test/fixtures/files/my.cnf:/etc/mysql/my.cnf + directories: + - data:/var/lib/mysql + redis: + image: redis:latest + roles: + - web + port: 6379 + directories: + - data:/data + +readiness_delay: 0 From 81f3508507511a40cfc52eb5eeb4f9cf0d8ecc44 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Thu, 3 Oct 2024 11:39:56 -0700 Subject: [PATCH 06/28] Bump version for 2.1.1 --- Gemfile.lock | 2 +- lib/kamal/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e055f6a49..95ab00615 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - kamal (2.1.0) + kamal (2.1.1) activesupport (>= 7.0) base64 (~> 0.2) bcrypt_pbkdf (~> 1.0) diff --git a/lib/kamal/version.rb b/lib/kamal/version.rb index b69ff471b..073c80269 100644 --- a/lib/kamal/version.rb +++ b/lib/kamal/version.rb @@ -1,3 +1,3 @@ module Kamal - VERSION = "2.1.0" + VERSION = "2.1.1" end From 950624d667b52d6ca10f0ebcc2fcc236aa6c86a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wojciech=20Wn=C4=99trzak?= Date: Fri, 4 Oct 2024 09:27:15 +0200 Subject: [PATCH 07/28] Update sample template for docker setup hook. "kamal" network is already created (in v2.0) so the sample code is no longer accurate. --- .../cli/templates/sample_hooks/docker-setup.sample | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample index d914913d5..2fb07d7d7 100755 --- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample +++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample @@ -1,13 +1,3 @@ -#!/usr/bin/env ruby +#!/bin/sh -# A sample docker-setup hook -# -# Sets up a Docker network on defined hosts which can then be used by the application’s containers - -hosts = ENV["KAMAL_HOSTS"].split(",") - -hosts.each do |ip| - destination = "root@#{ip}" - puts "Creating a Docker network \"kamal\" on #{destination}" - `ssh #{destination} docker network create kamal` -end +echo "Docker set up on $KAMAL_HOSTS..." From 1d04a6644f44bb93d5672c4c4379b8d2a52bdb8f Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Fri, 4 Oct 2024 23:57:33 +0545 Subject: [PATCH 08/28] Clarify SSL comment when using Cloudflare --- lib/kamal/cli/templates/deploy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index 7be386b99..e278caa87 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -14,8 +14,9 @@ servers: # cmd: bin/jobs # Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server). -# Set ssl: false if using something like Cloudflare to terminate SSL (but keep host!). -proxy: +# If using something like Cloudflare, it is recommended to set encryption mode +# in Cloudflare's SSL/TLS setting to "Full" to enable end-to-end encryption. +proxy: ssl: true host: app.example.com # kamal-proxy connects to your container over port 80, use `app_port` to specify a different port. From 1e9c9e91038f35310acd6d0334c4d786ca34879a Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Sun, 6 Oct 2024 13:21:49 -0400 Subject: [PATCH 09/28] Skip setting the proxy flag when ssl is false Fixes: https://github.com/basecamp/kamal/issues/1037 --- lib/kamal/configuration/proxy.rb | 2 +- test/commands/app_test.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/kamal/configuration/proxy.rb b/lib/kamal/configuration/proxy.rb index 3870a2de9..6232c3e03 100644 --- a/lib/kamal/configuration/proxy.rb +++ b/lib/kamal/configuration/proxy.rb @@ -29,7 +29,7 @@ def hosts def deploy_options { host: hosts, - tls: proxy_config["ssl"], + tls: proxy_config["ssl"].presence, "deploy-timeout": seconds_duration(config.deploy_timeout), "drain-timeout": seconds_duration(config.drain_timeout), "health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")), diff --git a/test/commands/app_test.rb b/test/commands/app_test.rb index 182c1bb0b..0e5cad796 100644 --- a/test/commands/app_test.rb +++ b/test/commands/app_test.rb @@ -135,6 +135,14 @@ class CommandsAppTest < ActiveSupport::TestCase new_command.deploy(target: "172.1.0.2").join(" ") end + test "deploy with SSL false" do + @config[:proxy] = { "ssl" => false } + + assert_equal \ + "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"172.1.0.2:80\" --deploy-timeout=\"30s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"", + new_command.deploy(target: "172.1.0.2").join(" ") + end + test "remove" do assert_equal \ "docker exec kamal-proxy kamal-proxy remove app-web", From e34031f70cf933384fe0467ade20d6653f3ea908 Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Sun, 6 Oct 2024 13:40:53 -0400 Subject: [PATCH 10/28] Bump version for 2.1.2 --- Gemfile.lock | 2 +- lib/kamal/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 95ab00615..da7b0c908 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - kamal (2.1.1) + kamal (2.1.2) activesupport (>= 7.0) base64 (~> 0.2) bcrypt_pbkdf (~> 1.0) diff --git a/lib/kamal/version.rb b/lib/kamal/version.rb index 073c80269..cae603d43 100644 --- a/lib/kamal/version.rb +++ b/lib/kamal/version.rb @@ -1,3 +1,3 @@ module Kamal - VERSION = "2.1.1" + VERSION = "2.1.2" end From a434b10bfd67437d337d90d5e65b14b172299c43 Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Sun, 6 Oct 2024 13:48:00 -0400 Subject: [PATCH 11/28] Update to kamal-proxy 0.8.0 Proxy changes: - Add option to use custom TLS certificates (#17) - Don't buffer SSE responses (#36) - Allow routing to wildcard subdomains (#45) Custom TLS certificates not supported in Kamal itself yet. Buffering SSE responses and wildcard subdomains will work without any Kamal changes. --- lib/kamal/configuration.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/configuration.rb b/lib/kamal/configuration.rb index 6e8799bff..857de9b75 100644 --- a/lib/kamal/configuration.rb +++ b/lib/kamal/configuration.rb @@ -14,7 +14,7 @@ class Kamal::Configuration include Validation - PROXY_MINIMUM_VERSION = "v0.7.0" + PROXY_MINIMUM_VERSION = "v0.8.0" PROXY_HTTP_PORT = 80 PROXY_HTTPS_PORT = 443 From 0840fdf0dd451d2f4a667a476f46ece4d0d4df55 Mon Sep 17 00:00:00 2001 From: David Stosik Date: Fri, 4 Oct 2024 22:03:46 +0900 Subject: [PATCH 12/28] Support spaces in git repository path See https://github.com/basecamp/kamal/issues/1036 --- lib/kamal/commands/builder/clone.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/kamal/commands/builder/clone.rb b/lib/kamal/commands/builder/clone.rb index 17d9c931b..7345ba147 100644 --- a/lib/kamal/commands/builder/clone.rb +++ b/lib/kamal/commands/builder/clone.rb @@ -6,12 +6,12 @@ module Kamal::Commands::Builder::Clone end def clone - git :clone, Kamal::Git.root, "--recurse-submodules", path: clone_directory + git :clone, escaped_root, "--recurse-submodules", path: clone_directory end def clone_reset_steps [ - git(:remote, "set-url", :origin, Kamal::Git.root, path: build_directory), + git(:remote, "set-url", :origin, escaped_root, path: build_directory), git(:fetch, :origin, path: build_directory), git(:reset, "--hard", Kamal::Git.revision, path: build_directory), git(:clean, "-fdx", path: build_directory), @@ -26,4 +26,8 @@ def clone_status def clone_revision git :"rev-parse", :HEAD, path: build_directory end + + def escaped_root + Kamal::Git.root.shellescape + end end From d40057286d1e09f136e7b6c50948afbc927e84d7 Mon Sep 17 00:00:00 2001 From: David Stosik Date: Mon, 7 Oct 2024 15:42:19 +0900 Subject: [PATCH 13/28] Escape more paths and write a test --- lib/kamal/commands/builder/clone.rb | 26 ++++++++++++-------------- test/commands/builder_test.rb | 15 +++++++++++++++ 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/lib/kamal/commands/builder/clone.rb b/lib/kamal/commands/builder/clone.rb index 7345ba147..a186c7b26 100644 --- a/lib/kamal/commands/builder/clone.rb +++ b/lib/kamal/commands/builder/clone.rb @@ -1,33 +1,31 @@ module Kamal::Commands::Builder::Clone - extend ActiveSupport::Concern - - included do - delegate :clone_directory, :build_directory, to: :"config.builder" - end - def clone - git :clone, escaped_root, "--recurse-submodules", path: clone_directory + git :clone, escaped_root, "--recurse-submodules", path: config.builder.clone_directory.shellescape end def clone_reset_steps [ - git(:remote, "set-url", :origin, escaped_root, path: build_directory), - git(:fetch, :origin, path: build_directory), - git(:reset, "--hard", Kamal::Git.revision, path: build_directory), - git(:clean, "-fdx", path: build_directory), - git(:submodule, :update, "--init", path: build_directory) + git(:remote, "set-url", :origin, escaped_root, path: escaped_build_directory), + git(:fetch, :origin, path: escaped_build_directory), + git(:reset, "--hard", Kamal::Git.revision, path: escaped_build_directory), + git(:clean, "-fdx", path: escaped_build_directory), + git(:submodule, :update, "--init", path: escaped_build_directory) ] end def clone_status - git :status, "--porcelain", path: build_directory + git :status, "--porcelain", path: escaped_build_directory end def clone_revision - git :"rev-parse", :HEAD, path: build_directory + git :"rev-parse", :HEAD, path: escaped_build_directory end def escaped_root Kamal::Git.root.shellescape end + + def escaped_build_directory + config.builder.build_directory.shellescape + end end diff --git a/test/commands/builder_test.rb b/test/commands/builder_test.rb index e5daddfd2..52b794b8e 100644 --- a/test/commands/builder_test.rb +++ b/test/commands/builder_test.rb @@ -149,6 +149,21 @@ class CommandsBuilderTest < ActiveSupport::TestCase assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ") end + test "clone path with spaces" do + command = new_builder_command + Kamal::Git.stubs(:root).returns("/absolute/path with spaces") + clone_command = command.clone.join(" ") + clone_reset_commands = command.clone_reset_steps.map { |a| a.join(" ") } + + assert_match(%r{path\\ with\\ space}, clone_command) + refute_match(%r{path with spaces}, clone_command) + + clone_reset_commands.each do |command| + assert_match(%r{path\\ with\\ space}, command) + refute_match(%r{path with spaces}, command) + end + end + private def new_builder_command(additional_config = {}) Kamal::Commands::Builder.new(Kamal::Configuration.new(@config.deep_merge(additional_config), version: "123")) From f45c754e535fa93cfa59e99da265fb405b607b74 Mon Sep 17 00:00:00 2001 From: David Stosik Date: Mon, 7 Oct 2024 15:42:33 +0900 Subject: [PATCH 14/28] Remove unnecessary method --- test/commands/builder_test.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/commands/builder_test.rb b/test/commands/builder_test.rb index 52b794b8e..e8d48e90a 100644 --- a/test/commands/builder_test.rb +++ b/test/commands/builder_test.rb @@ -169,10 +169,6 @@ def new_builder_command(additional_config = {}) Kamal::Commands::Builder.new(Kamal::Configuration.new(@config.deep_merge(additional_config), version: "123")) end - def build_directory - "#{Dir.tmpdir}/kamal-clones/app/kamal/" - end - def local_arch Kamal::Utils.docker_arch end From 67ce1912f76069a93b542519d084ec2ff191cacf Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Mon, 7 Oct 2024 16:20:40 -0400 Subject: [PATCH 15/28] Default to keeping 10m of proxy logs Match the defaults for the application containers of 10m of logs. Allow them to be altered with the proxy boot_config set command. --- lib/kamal/cli/proxy.rb | 2 ++ lib/kamal/configuration.rb | 7 ++++++- test/cli/proxy_test.rb | 31 ++++++++++++++++++++----------- test/commands/proxy_test.rb | 6 +++--- 4 files changed, 31 insertions(+), 15 deletions(-) diff --git a/lib/kamal/cli/proxy.rb b/lib/kamal/cli/proxy.rb index 89fb2fd7c..03de5fe0e 100644 --- a/lib/kamal/cli/proxy.rb +++ b/lib/kamal/cli/proxy.rb @@ -25,12 +25,14 @@ def boot option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host" option :http_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTP_PORT, desc: "HTTP port to publish on the host" option :https_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTPS_PORT, desc: "HTTPS port to publish on the host" + option :log_max_size, type: :string, default: Kamal::Configuration::PROXY_LOG_MAX_SIZE, desc: "Max size of proxy logs" option :docker_options, type: :array, default: [], desc: "Docker options to pass to the proxy container", banner: "option=value option2=value2" def boot_config(subcommand) case subcommand when "set" boot_options = [ *(KAMAL.config.proxy_publish_args(options[:http_port], options[:https_port]) if options[:publish]), + *(KAMAL.config.proxy_logging_args(options[:log_max_size])), *options[:docker_options].map { |option| "--#{option}" } ] diff --git a/lib/kamal/configuration.rb b/lib/kamal/configuration.rb index 6e8799bff..0a31384e5 100644 --- a/lib/kamal/configuration.rb +++ b/lib/kamal/configuration.rb @@ -17,6 +17,7 @@ class Kamal::Configuration PROXY_MINIMUM_VERSION = "v0.7.0" PROXY_HTTP_PORT = 80 PROXY_HTTPS_PORT = 443 + PROXY_LOG_MAX_SIZE = "10m" class << self def create_from(config_file:, destination: nil, version: nil) @@ -252,8 +253,12 @@ def proxy_publish_args(http_port, https_port) argumentize "--publish", [ "#{http_port}:#{PROXY_HTTP_PORT}", "#{https_port}:#{PROXY_HTTPS_PORT}" ] end + def proxy_logging_args(max_size) + argumentize "--log-opt", "max-size=#{max_size}" + end + def proxy_options_default - proxy_publish_args PROXY_HTTP_PORT, PROXY_HTTPS_PORT + [ *proxy_publish_args(PROXY_HTTP_PORT, PROXY_HTTPS_PORT), *proxy_logging_args(PROXY_LOG_MAX_SIZE) ] end def proxy_image diff --git a/test/cli/proxy_test.rb b/test/cli/proxy_test.rb index 8c22c8a2f..c62589fee 100644 --- a/test/cli/proxy_test.rb +++ b/test/cli/proxy_test.rb @@ -4,7 +4,7 @@ class CliProxyTest < CliTestCase test "boot" do run_command("boot").tap do |output| assert_match "docker login", output - assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image}", output + assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") #{KAMAL.config.proxy_image}", output end end @@ -18,7 +18,7 @@ class CliProxyTest < CliTestCase exception = assert_raises do run_command("boot").tap do |output| assert_match "docker login", output - assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image}", output + assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") #{KAMAL.config.proxy_image}", output end end @@ -36,7 +36,7 @@ class CliProxyTest < CliTestCase run_command("boot").tap do |output| assert_match "docker login", output - assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image}", output + assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") #{KAMAL.config.proxy_image}", output end ensure Thread.report_on_exception = false @@ -57,13 +57,13 @@ class CliProxyTest < CliTestCase assert_match "docker container stop kamal-proxy on 1.1.1.1", output assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.1", output assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.1", output - assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.1", output + assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") #{KAMAL.config.proxy_image} on 1.1.1.1", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"abcdefabcdef:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\" on 1.1.1.1", output assert_match "docker container stop kamal-proxy on 1.1.1.2", output assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.2", output assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.2", output - assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.2", output + assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") #{KAMAL.config.proxy_image} on 1.1.1.2", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"abcdefabcdef:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\" on 1.1.1.2", output end end @@ -198,7 +198,7 @@ class CliProxyTest < CliTestCase assert_match "/usr/bin/env mkdir -p .kamal", output assert_match "docker network create kamal", output assert_match "docker login -u [REDACTED] -p [REDACTED]", output - assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", output + assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", output assert_match "/usr/bin/env mkdir -p .kamal", output assert_match %r{docker rename app-web-latest app-web-latest_replaced_.*}, output assert_match "/usr/bin/env mkdir -p .kamal/apps/app/env/roles", output @@ -240,7 +240,7 @@ class CliProxyTest < CliTestCase run_command("boot_config", "set").tap do |output| %w[ 1.1.1.1 1.1.1.2 ].each do |host| assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output - assert_match "Uploading \"--publish 80:80 --publish 443:443\" to .kamal/proxy/options on #{host}", output + assert_match "Uploading \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\" to .kamal/proxy/options on #{host}", output end end end @@ -249,7 +249,16 @@ class CliProxyTest < CliTestCase run_command("boot_config", "set", "--publish", "false").tap do |output| %w[ 1.1.1.1 1.1.1.2 ].each do |host| assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output - assert_match "Uploading \"\" to .kamal/proxy/options on #{host}", output + assert_match "Uploading \"--log-opt max-size=10m\" to .kamal/proxy/options on #{host}", output + end + end + end + + test "boot_config set custom max_size" do + run_command("boot_config", "set", "--log-max-size", "100m").tap do |output| + %w[ 1.1.1.1 1.1.1.2 ].each do |host| + assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output + assert_match "Uploading \"--publish 80:80 --publish 443:443 --log-opt max-size=100m\" to .kamal/proxy/options on #{host}", output end end end @@ -258,7 +267,7 @@ class CliProxyTest < CliTestCase run_command("boot_config", "set", "--http-port", "8080", "--https-port", "8443").tap do |output| %w[ 1.1.1.1 1.1.1.2 ].each do |host| assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output - assert_match "Uploading \"--publish 8080:80 --publish 8443:443\" to .kamal/proxy/options on #{host}", output + assert_match "Uploading \"--publish 8080:80 --publish 8443:443 --log-opt max-size=10m\" to .kamal/proxy/options on #{host}", output end end end @@ -267,14 +276,14 @@ class CliProxyTest < CliTestCase run_command("boot_config", "set", "--docker_options", "label=foo=bar", "add_host=thishost:thathost").tap do |output| %w[ 1.1.1.1 1.1.1.2 ].each do |host| assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output - assert_match "Uploading \"--publish 80:80 --publish 443:443 --label=foo=bar --add_host=thishost:thathost\" to .kamal/proxy/options on #{host}", output + assert_match "Uploading \"--publish 80:80 --publish 443:443 --log-opt max-size=10m --label=foo=bar --add_host=thishost:thathost\" to .kamal/proxy/options on #{host}", output end end end test "boot_config get" do SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info) - .with(:cat, ".kamal/proxy/options", "||", :echo, "\"--publish 80:80 --publish 443:443\"") + .with(:cat, ".kamal/proxy/options", "||", :echo, "\"--publish 80:80 --publish 443:443 --log-opt max-size=10m\"") .returns("--publish 80:80 --publish 8443:443 --label=foo=bar") .twice diff --git a/test/commands/proxy_test.rb b/test/commands/proxy_test.rb index 4af785335..b7cc9f3dc 100644 --- a/test/commands/proxy_test.rb +++ b/test/commands/proxy_test.rb @@ -15,7 +15,7 @@ class CommandsProxyTest < ActiveSupport::TestCase test "run" do assert_equal \ - "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", + "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", new_command.run.join(" ") end @@ -23,7 +23,7 @@ class CommandsProxyTest < ActiveSupport::TestCase @config.delete(:proxy) assert_equal \ - "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", + "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", new_command.run.join(" ") end @@ -113,7 +113,7 @@ class CommandsProxyTest < ActiveSupport::TestCase test "get_boot_options" do assert_equal \ - "cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\"", + "cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443 --log-opt max-size=10m\"", new_command.get_boot_options.join(" ") end From 8d6d7ffed0cadfc251b830d6379b99c373ae88ef Mon Sep 17 00:00:00 2001 From: David Stosik Date: Tue, 8 Oct 2024 07:10:08 +0900 Subject: [PATCH 16/28] s/refute_match/assert_no_match/ --- test/commands/builder_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/commands/builder_test.rb b/test/commands/builder_test.rb index e8d48e90a..1fc224da7 100644 --- a/test/commands/builder_test.rb +++ b/test/commands/builder_test.rb @@ -156,11 +156,11 @@ class CommandsBuilderTest < ActiveSupport::TestCase clone_reset_commands = command.clone_reset_steps.map { |a| a.join(" ") } assert_match(%r{path\\ with\\ space}, clone_command) - refute_match(%r{path with spaces}, clone_command) + assert_no_match(%r{path with spaces}, clone_command) clone_reset_commands.each do |command| assert_match(%r{path\\ with\\ space}, command) - refute_match(%r{path with spaces}, command) + assert_no_match(%r{path with spaces}, command) end end From 06419f874981939dcfd89c2cf158a179dae0ab97 Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Tue, 8 Oct 2024 07:31:57 -0400 Subject: [PATCH 17/28] Add Active Support require for to_sentence Fixes: https://github.com/basecamp/kamal/issues/1061 --- lib/kamal/cli/accessory.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/kamal/cli/accessory.rb b/lib/kamal/cli/accessory.rb index 14114a25c..6c51c774d 100644 --- a/lib/kamal/cli/accessory.rb +++ b/lib/kamal/cli/accessory.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/array/conversions" + class Kamal::Cli::Accessory < Kamal::Cli::Base desc "boot [NAME]", "Boot new accessory service on host (use NAME=all to boot all accessories)" def boot(name, prepare: true) From 7b48648bf2a380bfb44f89d357cf5ec975c7b18b Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Tue, 8 Oct 2024 08:59:23 -0400 Subject: [PATCH 18/28] Bump version for 2.2.0 --- Gemfile.lock | 2 +- lib/kamal/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index da7b0c908..070f7a557 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - kamal (2.1.2) + kamal (2.2.0) activesupport (>= 7.0) base64 (~> 0.2) bcrypt_pbkdf (~> 1.0) diff --git a/lib/kamal/version.rb b/lib/kamal/version.rb index cae603d43..ff8a4cf4c 100644 --- a/lib/kamal/version.rb +++ b/lib/kamal/version.rb @@ -1,3 +1,3 @@ module Kamal - VERSION = "2.1.2" + VERSION = "2.2.0" end From 50c96e36c094a47431235c8b8c2a051dc9b28b39 Mon Sep 17 00:00:00 2001 From: Grayson Chen Date: Wed, 9 Oct 2024 00:11:54 +0800 Subject: [PATCH 19/28] typo clear change to reset kamal proxy boot_config clear ERROR (ArgumentError): Unknown boot_config subcommand clear --- lib/kamal/cli/proxy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/cli/proxy.rb b/lib/kamal/cli/proxy.rb index 03de5fe0e..030c44e14 100644 --- a/lib/kamal/cli/proxy.rb +++ b/lib/kamal/cli/proxy.rb @@ -21,7 +21,7 @@ def boot end end - desc "boot_config ", "Mange kamal-proxy boot configuration" + desc "boot_config ", "Mange kamal-proxy boot configuration" option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host" option :http_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTP_PORT, desc: "HTTP port to publish on the host" option :https_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTPS_PORT, desc: "HTTPS port to publish on the host" From 74960499c053c0e0790f039b6f139ed46b3250cb Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Wed, 9 Oct 2024 13:57:27 -0400 Subject: [PATCH 20/28] Bump proxy to version 0.8.1 Fixes issue where incorrect status code may be returned when buffering responses. https://github.com/basecamp/kamal-proxy/releases/tag/v0.8.1 --- lib/kamal/configuration.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/configuration.rb b/lib/kamal/configuration.rb index 09f1ed895..86602fe18 100644 --- a/lib/kamal/configuration.rb +++ b/lib/kamal/configuration.rb @@ -14,7 +14,7 @@ class Kamal::Configuration include Validation - PROXY_MINIMUM_VERSION = "v0.8.0" + PROXY_MINIMUM_VERSION = "v0.8.1" PROXY_HTTP_PORT = 80 PROXY_HTTPS_PORT = 443 PROXY_LOG_MAX_SIZE = "10m" From 3654a7e1be35764be8bc66f4e6e0fad5a549eb01 Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Wed, 9 Oct 2024 14:46:44 -0400 Subject: [PATCH 21/28] Bump version for 2.2.1 --- Gemfile.lock | 2 +- lib/kamal/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 070f7a557..5fea6508f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - kamal (2.2.0) + kamal (2.2.1) activesupport (>= 7.0) base64 (~> 0.2) bcrypt_pbkdf (~> 1.0) diff --git a/lib/kamal/version.rb b/lib/kamal/version.rb index ff8a4cf4c..ae94f8fdc 100644 --- a/lib/kamal/version.rb +++ b/lib/kamal/version.rb @@ -1,3 +1,3 @@ module Kamal - VERSION = "2.2.0" + VERSION = "2.2.1" end From 7ddf3bcb029b959800112328ce13ea828b98a7e2 Mon Sep 17 00:00:00 2001 From: Mike Moore Date: Wed, 9 Oct 2024 17:34:42 -0600 Subject: [PATCH 22/28] Typo fix. --- lib/kamal/cli/proxy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/cli/proxy.rb b/lib/kamal/cli/proxy.rb index 030c44e14..2ce7c2ac5 100644 --- a/lib/kamal/cli/proxy.rb +++ b/lib/kamal/cli/proxy.rb @@ -21,7 +21,7 @@ def boot end end - desc "boot_config ", "Mange kamal-proxy boot configuration" + desc "boot_config ", "Manage kamal-proxy boot configuration" option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host" option :http_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTP_PORT, desc: "HTTP port to publish on the host" option :https_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTPS_PORT, desc: "HTTPS port to publish on the host" From a1e40f9fecda00bacc946fea969edfd03ef61f97 Mon Sep 17 00:00:00 2001 From: Nick Pezza Date: Wed, 9 Oct 2024 21:11:06 -0400 Subject: [PATCH 23/28] Update to be able to run on 3.4 with frozen strings (#1080) * Update to be able to run on 3.4 with frozen strings --------- Co-authored-by: Jeremy Daer Co-authored-by: Sijawusz Pur Rahnama --- .github/workflows/ci.yml | 6 ++++++ lib/kamal/commands/base.rb | 18 ++++++++++-------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e4fa1e801..839bc4e65 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,7 @@ jobs: - "3.1" - "3.2" - "3.3" + - "3.4.0-preview2" gemfile: - Gemfile - gemfiles/rails_edge.gemfile @@ -41,6 +42,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Remove gemfile.lock + run: rm Gemfile.lock + - name: Install Ruby uses: ruby/setup-ruby@v1 with: @@ -49,3 +53,5 @@ jobs: - name: Run tests run: bin/test + env: + RUBYOPT: ${{ startsWith(matrix.ruby-version, '3.4.') && '--enable=frozen-string-literal' || '' }} diff --git a/lib/kamal/commands/base.rb b/lib/kamal/commands/base.rb index 7521780ad..c0eac91cc 100644 --- a/lib/kamal/commands/base.rb +++ b/lib/kamal/commands/base.rb @@ -11,14 +11,7 @@ def initialize(config) end def run_over_ssh(*command, host:) - "ssh".tap do |cmd| - if config.ssh.proxy && config.ssh.proxy.is_a?(Net::SSH::Proxy::Jump) - cmd << " -J #{config.ssh.proxy.jump_proxies}" - elsif config.ssh.proxy && config.ssh.proxy.is_a?(Net::SSH::Proxy::Command) - cmd << " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'" - end - cmd << " -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ").gsub("'", "'\\\\''")}'" - end + "ssh#{ssh_proxy_args} -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ").gsub("'", "'\\\\''")}'" end def container_id_for(container_name:, only_running: false) @@ -92,5 +85,14 @@ def grep(*args) def tags(**details) Kamal::Tags.from_config(config, **details) end + + def ssh_proxy_args + case config.ssh.proxy + when Net::SSH::Proxy::Jump + " -J #{config.ssh.proxy.jump_proxies}" + when Net::SSH::Proxy::Command + " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'" + end + end end end From 5cb9fb787be7981073a54e8cab908ab841804309 Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Thu, 10 Oct 2024 13:29:38 -0400 Subject: [PATCH 24/28] Bump version for 2.2.2 --- Gemfile.lock | 2 +- lib/kamal/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 5fea6508f..093ef9b77 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - kamal (2.2.1) + kamal (2.2.2) activesupport (>= 7.0) base64 (~> 0.2) bcrypt_pbkdf (~> 1.0) diff --git a/lib/kamal/version.rb b/lib/kamal/version.rb index ae94f8fdc..3f5ef1fcb 100644 --- a/lib/kamal/version.rb +++ b/lib/kamal/version.rb @@ -1,3 +1,3 @@ module Kamal - VERSION = "2.2.1" + VERSION = "2.2.2" end From cb82767d0f93e34525afdf2fee52500b7a470798 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Fri, 11 Oct 2024 10:39:58 -0700 Subject: [PATCH 25/28] Clarify proxy settings --- lib/kamal/cli/templates/deploy.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index e278caa87..aa2d89596 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -13,13 +13,14 @@ servers: # - 192.168.0.1 # cmd: bin/jobs -# Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server). -# If using something like Cloudflare, it is recommended to set encryption mode -# in Cloudflare's SSL/TLS setting to "Full" to enable end-to-end encryption. +# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server. +# Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer. +# +# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable end-to-end encryption. proxy: ssl: true host: app.example.com - # kamal-proxy connects to your container over port 80, use `app_port` to specify a different port. + # Proxy connects to your container on port 80 by default. # app_port: 3000 # Credentials for your image host. From bf79c7192f7be558a594a68f4c3a42d6882e6b5c Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Fri, 11 Oct 2024 10:40:37 -0700 Subject: [PATCH 26/28] Clearer still --- lib/kamal/cli/templates/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index aa2d89596..cff7f0624 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -16,7 +16,7 @@ servers: # Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server. # Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer. # -# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable end-to-end encryption. +# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption. proxy: ssl: true host: app.example.com From f3b8a59133f6f84ea908421ff2dd1840fc8e03bf Mon Sep 17 00:00:00 2001 From: Jatin Goyal Date: Sun, 13 Oct 2024 21:59:00 +0530 Subject: [PATCH 27/28] Use valkey for redis image in deploy template --- lib/kamal/cli/templates/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/cli/templates/deploy.yml b/lib/kamal/cli/templates/deploy.yml index cff7f0624..fc44b6b93 100644 --- a/lib/kamal/cli/templates/deploy.yml +++ b/lib/kamal/cli/templates/deploy.yml @@ -91,7 +91,7 @@ builder: # directories: # - data:/var/lib/mysql # redis: -# image: redis:7.0 +# image: valkey/valkey:8 # host: 192.168.0.2 # port: 6379 # directories: From 0f16ba19951af8b58d75952c3afc7c0c4aa35173 Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Sun, 13 Oct 2024 22:52:09 +0545 Subject: [PATCH 28/28] Upgrade Ruby base image from 3.2.0 to 3.3.x (#1107) * Upgrade ruby base image to fix HIGH and CRITICAL CVEs * Float on latest 3.3.x --------- Co-authored-by: Jeremy Daer --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3d8af2529..d83468042 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,4 @@ -# Use the official Ruby 3.2.0 Alpine image as the base image -FROM ruby:3.2.0-alpine +FROM ruby:3.3-alpine # Install docker/buildx-bin COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx