Beginnings of making frontend pretty, switched to pico css

running commandsserver side
* More robust streaming responses client side

.gitignore

@@ -7,3 +7,4 @@ export/
 secrets/
 .rucksack
 .rucksack.toc
+.faaso.yml

.hadolint.yml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3059

.pre-commit-config.yaml

@@ -0,0 +1,38 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+
+repos:
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v4.4.0
+      hooks:
+          - id: trailing-whitespace
+          - id: end-of-file-fixer
+          - id: check-yaml
+          - id: check-added-large-files
+          - id: check-merge-conflict
+    - repo: https://github.com/jumanjihouse/pre-commit-hooks
+      rev: 3.0.0
+      hooks:
+          - id: shellcheck
+          - id: markdownlint
+            exclude: '^content'
+    - repo: https://github.com/mrtazz/checkmake
+      rev: 0.2.2
+      hooks:
+          - id: checkmake
+    - repo: https://github.com/python-jsonschema/check-jsonschema
+      rev: 0.23.2
+      hooks:
+          - id: check-github-workflows
+    - repo: local
+      hooks:
+        - id: empty-funkos
+          name: empty-funkos
+          entry: test ! -s config/funkos
+          language: system
+          pass_filenames: false
+    - repo: https://github.com/hadolint/hadolint
+      rev: v2.12.0
+      hooks:
+        - id: hadolint-docker
+          exclude: 'j2$'

Dockerfile

@@ -1,5 +1,13 @@
-FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine as build
-RUN apk update && apk add crystal shards yaml-dev openssl-dev zlib-dev libxml2-dev make && apk cache clean
+FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.20 AS build
+RUN apk add --no-cache \
+    crystal \
+    shards \
+    yaml-dev \
+    openssl-dev \
+    zlib-dev \
+    libxml2-dev \
+    make
+RUN rm -rf /var/cache/apk/*
 RUN addgroup -S app && adduser app -S -G app
 WORKDIR /home/app
 COPY shard.yml Makefile ./
@@ -9,8 +17,22 @@ COPY runtimes/ runtimes/
 RUN make
 # RUN strip bin/*
 
-FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine as ship
-RUN apk update && apk add caddy nss-tools multirun docker openssl zlib yaml pcre2 gc libevent libgcc libxml2 ttyd && apk cache clean
+FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.20 AS ship
+RUN apk add --no-cache \
+    caddy \
+    nss-tools \
+    multirun \
+    docker \
+    openssl \
+    zlib \
+    yaml \
+    pcre2 \
+    gc \
+    libevent \
+    libgcc \
+    libxml2 \
+    ttyd
+RUN rm -rf /var/cache/apk/*
 
 # Unprivileged user
 RUN addgroup -S app && adduser app -S -G app
@@ -21,7 +43,6 @@ COPY public/ public/
 COPY --from=build /home/app/bin/faaso-daemon /home/app/bin/faaso /usr/bin/
 
 # Mount points for persistent data
-RUN mkdir /secrets
-RUN mkdir /config
+RUN mkdir /secrets /config
 
 CMD ["/usr/bin/multirun", "-v", "faaso-daemon", "caddy run --config config/Caddyfile"]

Makefile

@@ -2,9 +2,13 @@ build: shard.yml $(wildcard src/**/*) $(runtimes/**/*)
 	shards build -d --error-trace
 	cat .rucksack >> bin/faaso
 	cat .rucksack >> bin/faaso-daemon
-proxy: build
+proxy:
 	docker build . -t faaso-proxy
+
+all: build proxy
+
 start-proxy:
+	docker network create faaso-net || true
 	docker run --name faaso-proxy-one \
 	--rm --network=faaso-net \
 	-e FAASO_SECRET_PATH=${PWD}/secrets \
@@ -13,5 +17,10 @@ start-proxy:
 	-v ${PWD}/config:/home/app/config \
 	-p 8888:8888 faaso-proxy
 
+test:
+	crystal spec
 
-.PHONY: build proxy-image start-proxy
+clean:
+	rm bin/*
+
+.PHONY: all build proxy-image start-proxy test clean

README.md

@@ -50,12 +50,14 @@ This will give you:
 You need a server, with docker. In that server, build it as explained above.
 You can run the `faaso-proxy` with something like this:
 
-```
-docker run --network=faaso-net -v /var/run/docker.sock:/var/run/docker.sock -p 8888:8888 faaso-proxy
+```shell
+docker run --network=faaso-net \
+-v /var/run/docker.sock:/var/run/docker.sock \
+-p 8888:8888 faaso-proxy
 ```
 
-That will give `faaso-proxy` access to your docker, and expose the functionality in
-port 8888.
+That will give `faaso-proxy` access to your docker, and expose the functionality
+in port 8888.
 
 ## What it Does
 
@@ -65,7 +67,8 @@ In FaaSO you (the user) can create Funkos. Funkos are the moral equivalent of AW
 lambdas and whatever they are called in other systems. In short, they are simple
 programs that handle web requests.
 
-For example, here is a `hello world` level funko written using Crystal, a file called `funko.cr`:
+For example, here is a `hello world` level funko written using Crystal,
+a file called `funko.cr`:
 
 ```crystal
 get "/" do
@@ -82,7 +85,8 @@ runtime: crystal
 ```
 
 If you have those two files in a folder, that folder is a funko, which is called
-`hello` and FaaSO knows it's written in Crystal. In fact, it knows (because the crystal runtime explains that, don't worry about it yet) that it's part of an
+`hello` and FaaSO knows it's written in Crystal. In fact, it knows (because the
+crystal runtime explains that, don't worry about it yet) that it's part of an
 application written in the [Kemal framework](https://kemalcr.com/) and it knows
 how to create a whole container which runs the app, and how to check its health,
 and so on.
@@ -93,13 +97,14 @@ The full details of how to write funkos are still in flux, so not documenting
 it for now. Eventually, you will be able to just write the parts you
 need to write to create funkos in different languages. It's easy!
 
-### So what can a funko do?
+### So what can a funko do
 
 Once you have a funko, you can *build* it, which will give you a docker image.
 
 ```faaso build --local myfunko/```
 
-Or you can export it and get rid of all the mistery of how your funko **really** works:
+Or you can export it and get rid of all the mistery of how your funko
+**really** works:
 
 ```faaso export myfunko/ myfuko-exported```
 
@@ -116,9 +121,9 @@ than one, although currently only one is used by the proxy.
 The proxy has a few goals:
 
 1) You can connect to it using `faaso` and have it build/run/etc your funkos.
-
    * This builds the funko in your machine: `faaso build -l myfunko/`
-   * This builds the funko in the server pointed at by FAASO_SERVER: `faaso build myfunko/`
+   * This builds the funko in the server pointed at by FAASO_SERVER:
+     `faaso build myfunko/`
 
    Yes, they are exactly the same thing. In fact, if you don't use the `-l` flag,
    faaso just tells the proxy "hey proxy, run *your* copy of faaso over there and
@@ -145,4 +150,4 @@ beyond bugfixes, since I am redesigning things all the time.
 
 ## Contributors
 
-- [Roberto Alsina](https://github.com/ralsina) - creator and maintainer
+* [Roberto Alsina](https://github.com/ralsina) - creator and maintainer

TODO.md

@@ -1,4 +1,6 @@
-# Things that need doing before first release
+# TODO LIST
+
+## Things that need doing before first release
 
 * User flow for initial proxy setup
   * ✅ Setting up password
@@ -10,26 +12,32 @@
   * ✅ Crystal + Kemal
   * ✅ Python + Flask
   * ✅ Nodejs + Express
-* Document
-  * How to create a runtime
-  * How to create a funko
-  * How to setup the proxy
-  * APIs
+* Create a site
+  * Document
+    * FaaSO for app developers
+    * FaaSO for runtime developers
+    * FaaSO server setup
+    * APIs
 * Sanitize all inputs
 * ✅ Streaming responses in slow operations like scaling down
   or building
-* Make more things configurable / remove hardcoded stuff
+* ✅ Make more things configurable / remove hardcoded stuff
   * ✅ Make server take options from file
   * ✅ Make server take options from environment
   * ✅ Make server password configurable
-  * admin/admin auth client side
+  * ✅ admin/admin auth client side
+  * ✅ `faaso login` is not working properly yet with proxy
 * CD for binaries and images for at least arm64/x86
 * Multi-container docker logs [faaso logs -f FUNKO]
-* ✅ Direct error and above to stderr, others to stdout,
-  while keeping logging level configurable
+* ✅ Configurable verbosity, support stderr/stdout split
 * ✅ Fix proxy reload / Make it reload on file changes
 * Implement `faaso help command`
+* ✅ Fix `export examples/hello_crystal` it has a `template/`
+* ✅ Implement zero-downtime rollout (`faaso deploy`)
+* ✅ Cleanup `tmp/whatever` after use
+* ✅ `faaso scale` remote is broken
+* ✅ Setup linters/pre-commit/etc
 
-# Things to do but not before release
+## Things to do but not before release
 
 * Propagate errors from `run_faaso` to the remote client

config/faaso.yml

@@ -1 +1 @@
-password: admin
+password: adminfoo

docs/DESIGN.md

@@ -38,7 +38,7 @@ up/downscaling, no multiple versions routed by header.
 Specifically: no downscaling to zero. It makes everything MUCH
 more complicated.
 
-# Function structure
+## Function structure
 
 Example using crystal, but it could be anything. Any function has
 an associated runtime, for example "crystal" or "python".
@@ -69,7 +69,9 @@ Probably some `metadata.yml` that is *not* in the template.
 * Files that should be copied along the function
 * Whatever
 
-# Implementation Ideas
+## Implementation Ideas
 
 * caddy for proxy? It's simple, fast, API-configurable.
-* Local docker registry for images? See https://www.docker.com/blog/how-to-use-your-own-registry-2/ (maybe later)
+* Local docker registry for images? See
+  [use own registry](https://www.docker.com/blog/how-to-use-your-own-registry-2/)
+  (maybe later)

docs/deployments.md

@@ -15,21 +15,24 @@ Solution: start the funko on the server. Done. It's implemented.
 
 ## Variant 3: Deploy to the server and it's already running
 
-1. If it's already running and it's running the latest image, then nothing to be done.
-2. It it's running and is not the latest, we can stop it and start with the latest image.
+1. If it's already running and it's running the latest image, then nothing
+   to be done.
+2. It it's running and is not the latest, we can stop it and start with the
+   latest image.
 
 * Action 2 causes downtime. Usually it will not be significant, but it's there.
 * In the future it may be important to have zero downtime.
 * We need to figure out what is implied by doing "zero downtime" to see if
   not doing it now would make it impossible.
 
-For zero downtime, we want to have two instances running, switch the proxy to the new
-one, then stop the old one.
+For zero downtime, we want to have two instances running, switch the proxy
+to the new one, then stop the old one.
 
 Currently it's impossible to run two instances because the container name is
 faaso-funkoname, and we can't have 2 of those.
 
-So: we could instead have faaso-funkoname-1, faaso-funkoname-2, etc. with some sort of suffix
+So: we could instead have faaso-funkoname-1, faaso-funkoname-2, etc.
+with some sort of suffix
 
 Changes implied in the faaso code:
 
@@ -40,9 +43,3 @@ Changes implied in the faaso code:
 * What happens if we have two instances with different images?
 
 Answers coming up.
-
-
-
-
-
-

docs/funkos.md

@@ -49,10 +49,12 @@ faaso-net.
 The proxy is the only container exposed to the host network, everything
 else needs to be accessed through it.
 
-The faaso-proxy container will automatically proxy all requests so if you access the URL `http://faaso-proxy:8888/funko/hello/foo` that will be
+The faaso-proxy container will automatically proxy all requests so if
+you access the URL `http://faaso-proxy:8888/funko/hello/foo` that will be
 proxied to `/foo` in the `hello` funko.
 
-This is all done via naming conventions. You can create your own `faaso-whatever` container, add it to the `faaso-net` and faaso will
+This is all done via naming conventions. You can create your own
+`faaso-whatever` container, add it to the `faaso-net` and faaso will
 happily consider it a funko.
 
 In the same way all funkos are simply docker containers running in that
@@ -78,4 +80,3 @@ faaso-proxy -- GET /bar --> faaso-funko1
 The dynamic proxying is achieved by reading the current state of
 Docker and just adapt to it using the naming conventions mentioned
 above.
-

docs/secrets.md

@@ -31,7 +31,7 @@ So, the proxy can periodically examine its secret store and populate a folder
 If on starting a funko we always do a bind mount of `/secrets/foo` to `/secrets`
 then it will always have its secrets in place.
 
-## Problem 2: how can the proxy know the secrets without keeping them in the image?
+## Problem 2: how can the proxy know the secrets without keeping them in the image
 
 They can't be shipped via the image, so they need to be injected via the admin API.
 

examples/hello_crystal/README.md

@@ -1,3 +1,11 @@
-# README
+# Readme for Hello_crystal
 
-This is the readme for people trying to *use* this runtime.
+This is a funko using the Crystal runtime for [FaaSO](https://git.ralsina.me/ralsina/faaso)
+
+## What is Hello_crystal
+
+Write here what it is
+
+## How to use Hello_crystal
+
+And so on.

examples/hello_crystal/shard.yml

@@ -0,0 +1,14 @@
+name: hello_crystal
+version: 0.1.0
+
+targets:
+  funko:
+    main: main.cr
+
+dependencies:
+  kemal:
+    github: kemalcr/kemal
+
+# development_dependencies:
+#   webmock:
+#     github: manastech/webmock.cr

public/index.html

@@ -2,8 +2,8 @@
 
 <head>
   <meta charset="utf-8" />
-  <link rel="stylesheet" href="https://matcha.mizu.sh/matcha.css" />
-  <script src="https://unpkg.com/htmx.org@2.0.0"></script>
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@picocss/pico@1/css/pico.min.css" />
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.colors.min.css" />  <script src="https://unpkg.com/htmx.org@2.0.0"></script>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
 </head>
 
@@ -11,15 +11,20 @@
   <header class="container">
     <h1>FaaSO Admin Interface</h1>
   </header>
-  <main class=container>
-    <h2>Your Funko Collection
-      <button id="update-funkos" style="float:right; display:inline;" hx-trigger="load, click, every 60s"
+  <article>
+    <nav>
+      <ul>
+      <li><strong style="font-size: 200%;">Your Funko Collection</strong></li>
+      </ul>
+      <ul>
+      <li><button id="update-funkos" style="float:right; display:inline;" hx-trigger="load, click, every 60s"
         hx-get="funkos/?format=html" hx-target="#funko-list">
         Refresh
       </button>
-    </h2>
+      </ul>
+    </nav>
     <span id="message"></span>
-    <table hx-target="#message">
+    <table hx-target="#message" class="striped">
       <thead>
         <tr>
           <th>Name</th>
@@ -31,23 +36,27 @@
       </tbody>
     </table>
     <div id="terminal" style="resize: vertical; overflow: auto;"></div>
-  </main>
+  </article>
   <script>
     update_funkos = function () {
       document.getElementById("update-funkos").click()
     }
   </script>
-  <main class=container>
-    <h2>
-      Your Secrets
-      <button id="update-secrets" style="float:right; display:inline;" hx-trigger="load, click, every 60s"
+  <article>
+    <nav>
+    <ul>
+    <li><strong style="font-size: 200%;">Your Secrets</strong>
+    </ul>
+    <ul>
+      <li><button id="update-secrets" style="float:right; display:inline;" hx-trigger="load, click, every 60s"
         hx-get="secrets/?format=html" hx-target="#secret-list">
         Refresh
       </button>
-      <button style="float:right; display:inline;" onclick="show_new_secret()">
+      <li><button style="float:right; display:inline;" onclick="show_new_secret()">
         Add
       </button>
-    </h2>
+    </ul>
+    </nav>
     <span id="message"></span>
     <table hx-target="#message">
       <thead>
@@ -60,14 +69,20 @@
       <tbody id="secret-list">
       </tbody>
       <dialog id="add-secret">
-        <topic>New Secret</topic>
+      <article>
+      <header>
+        New Secret
+      </header>
         <form hx-post="secrets/">
           <input placeholder="funko name" id="new-secret-funko" name="funko">
           <input placeholder="secret name" id="new-secret-name" name="name">
           <input placeholder="secret value" type="password" id="new-secret-password" name="value">
-          <button type="submit" hx-on:htmx:after-request="hide_new_secret()">CREATE</button>
+          <fieldset role="group" style="text-align: right;">
+            <button style="width:9em; display: inline;" type="submit" hx-on:htmx:after-request="hide_new_secret()">CREATE</button>
+            <button style="width:9em; display: inline;" onclick="hide_new_secret(); close();" aria-label="Close" rel="prev">CLOSE</button>
+          </fieldset>
         </form>
-        <button onclick="hide_new_secret(); close();">CLOSE</button>
+      </article>
       </dialog>
       <script>
         update_secrets = function() {
@@ -87,5 +102,5 @@
           update_secrets()
         }
       </script>
-  </main>
+  </article>
 </body>

runtimes/crystal/Dockerfile.j2

@@ -10,7 +10,7 @@ RUN shards build --release
 RUN strip bin/*
 
 FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine as ship
-RUN apk update && apk upgrade && apk add openssl pcre2 libgcc gc libevent curl {{ ship_packages | join " " }} && apk cache clean
+RUN apk update && apk upgrade && apk add pcre2 libgcc gc libevent curl {{ ship_packages | join " " }} && apk cache clean
 RUN addgroup -S app && adduser app -S -G app
 
 WORKDIR /home/app

runtimes/crystal/template/shard.yml.j2

@@ -12,4 +12,3 @@ dependencies:
 # development_dependencies:
 #   webmock:
 #     github: manastech/webmock.cr
-

shard.lock

@@ -4,6 +4,10 @@ shards:
     git: https://github.com/sija/backtracer.cr.git
     version: 1.2.2
 
+  base58:
+    git: https://github.com/crystal-china/base58.cr.git
+    version: 0.1.0+git.commit.d1150d4a6f086013a475640ad00e561a2fe1082a
+
   cr-config:
     git: https://github.com/crystal-community/cr-config.git
     version: 5.1.0+git.commit.5eae3dfbf97da7dfa7c6e64a2a508069948518d3
@@ -40,10 +44,6 @@ shards:
     git: https://github.com/mamantoha/http_proxy.git
     version: 0.10.3
 
-  inotify:
-    git: https://github.com/petoem/inotify.cr.git
-    version: 1.0.3
-
   kemal:
     git: https://github.com/kemalcr/kemal.git
     version: 1.5.0
@@ -52,6 +52,10 @@ shards:
     git: https://github.com/kemalcr/kemal-basic-auth.git
     version: 1.0.0
 
+  oplog:
+    git: https://github.com/ralsina/oplog.git
+    version: 0.1.0+git.commit.70e3a7bbc2f1f4d75cf4e142244b263ee2844ba1
+
   radix:
     git: https://github.com/luislavena/radix.git
     version: 0.4.1
@@ -59,4 +63,3 @@ shards:
   rucksack:
     git: https://github.com/busyloop/rucksack.git
     version: 2.0.0
-

shard.yml

@@ -15,6 +15,8 @@ crystal: ">= 1.12.2"
 license: MIT
 
 dependencies:
+  base58:
+    github: crystal-china/base58.cr
   crest:
     github: mamantoha/crest
   crinja:
@@ -28,12 +30,12 @@ dependencies:
   docr:
     github: ralsina/docr
     branch: add_exposed_ports
-  inotify:
-    github: petoem/inotify.cr
   kemal:
     github: kemalcr/kemal
   kemal-basic-auth:
     github: kemalcr/kemal-basic-auth
+  oplog:
+    github: ralsina/oplog
   rucksack:
     github: busyloop/rucksack
 

src/commands/build.cr

@@ -1,3 +1,5 @@
+require "base58"
+
 module Faaso
   module Commands
     # Build images for one or more funkos from source
@@ -7,7 +9,7 @@ module Faaso
         # Create temporary build location
 
         funkos.each do |funko|
-          tmp_dir = Path.new("tmp", UUID.random.to_s)
+          tmp_dir = Path.new("tmp", Random.base58(8))
           Dir.mkdir_p(tmp_dir) unless File.exists? tmp_dir
 
           funko.runtime = nil if options["--no-runtime"]
@@ -16,56 +18,52 @@ module Faaso
           if options["--local"]
             Log.info { "Building function... #{funko.name} in #{tmp_dir}" }
             funko.build tmp_dir
-          else # Running against a server
-            Faaso.check_version
-            # Create a tarball for the funko
-            buf = IO::Memory.new
-            Compress::Gzip::Writer.open(buf) do |gzip|
-              Crystar::Writer.open(gzip) do |tw|
-                Log.debug { "Adding files to tarball" }
-                Dir.glob("#{tmp_dir}/**/*").each do |path|
-                  next unless File.file? path
-                  rel_path = Path[path].relative_to tmp_dir
-                  Log.debug { "Adding #{rel_path}" }
-                  file_info = File.info(path)
-                  hdr = Crystar::Header.new(
-                    name: rel_path.to_s,
-                    mode: file_info.permissions.to_u32,
-                    size: file_info.size,
-                  )
-                  tw.write_header(hdr)
-                  tw.write(File.read(path).to_slice)
-                end
+            FileUtils.rm_rf(tmp_dir)
+            next
+          end
+          Faaso.check_version
+          # Create a tarball for the funko
+          buf = IO::Memory.new
+          Compress::Gzip::Writer.open(buf) do |gzip|
+            Crystar::Writer.open(gzip) do |tw|
+              Log.debug { "Adding files to tarball" }
+              Dir.glob("#{tmp_dir}/**/*").each do |path|
+                next unless File.file? path
+                rel_path = Path[path].relative_to tmp_dir
+                Log.debug { "Adding #{rel_path}" }
+                file_info = File.info(path)
+                hdr = Crystar::Header.new(
+                  name: rel_path.to_s,
+                  mode: file_info.permissions.to_u32,
+                  size: file_info.size,
+                )
+                tw.write_header(hdr)
+                tw.write(File.read(path).to_slice)
               end
             end
-
-            tmp = File.tempname
-            File.open(tmp, "w") do |outf|
-              outf << buf
-            end
-
-            url = "#{Config.server}funkos/build/"
-
-            begin
-              user, password = Config.auth
-              Log.info { "Uploading funko to #{Config.server}" }
-              Log.info { "Starting remote build:" }
-              Crest.post(
-                url,
-                {"funko.tgz" => File.open(tmp), "name" => "funko.tgz"},
-                user: user, password: password
-              ) do |response|
-                loop do
-                  Log.info { response.body_io.gets }
-                  break if response.body_io.closed?
-                end
-              end
-              Log.info { "Build finished successfully." }
-            rescue ex : Crest::InternalServerError
-              Log.error(exception: ex) { "Error building funko #{funko.name} from #{funko.path}" }
-              return 1
-            end
           end
+          FileUtils.rm_rf(tmp_dir)
+          tmp = File.tempname
+          File.open(tmp, "w") do |outf|
+            outf << buf
+          end
+
+          url = "#{Config.server}funkos/build/"
+
+          user, password = Config.auth
+          Log.info { "Uploading funko to #{Config.server}" }
+          Log.info { "Starting remote build:" }
+          Crest.post(
+            url,
+            {"funko.tgz" => File.open(tmp), "name" => "funko.tgz"},
+            user: user, password: password
+          ) do |response|
+            IO.copy(response.body_io, STDOUT)
+          end
+          Log.info { "Build finished successfully." }
+        rescue ex : Crest::InternalServerError
+          Log.error(exception: ex) { "Error building funko #{funko.name} from #{funko.path}" }
+          return 1
         end
         0
       end

src/commands/deploy.cr

@@ -0,0 +1,59 @@
+module Faaso
+  module Commands
+    struct Deploy
+      def local(options, funko_name : String) : Int32
+        funko = Funko::Funko.from_names([funko_name])[0]
+        # Get scale, check for out-of-date containers
+        current_scale = funko.scale
+        latest_image = funko.latest_image
+        containers = funko.containers
+        out_of_date = containers.count { |container| container.image_id != latest_image }
+        Log.info { "Need to update #{out_of_date} containers" }
+        Log.info { "Scaling from #{current_scale} to #{current_scale + out_of_date}" }
+        # Increase scale to get enough up-to-date containers
+        new_containers = funko.scale(current_scale + out_of_date)
+
+        # Wait for them to be healthy
+        begin
+          funko.wait_for(current_scale + out_of_date, 120, healthy: true)
+        rescue ex : Exception
+          # Failed to start, rollback
+          Log.error(exception: ex) { "Failed to scale, rolling back" }
+          docker_api = Docr::API.new(Docr::Client.new)
+          new_containers.each do |container_id|
+            docker_api.containers.stop(container_id)
+            docker_api.containers.delete(container_id)
+          end
+          return 1
+        end
+
+        Log.info { "Scaling down to #{current_scale}" }
+        # Decrease scale to the desired amount
+        funko.scale(current_scale)
+        funko.wait_for(current_scale, 30)
+        Log.info { "Deployed #{funko_name}" }
+        0
+      end
+
+      def remote(options, funko_name : String) : Int32
+        user, password = Config.auth
+        Faaso.check_version
+        Crest.get(
+          "#{Config.server}funkos/#{funko_name}/deploy/", \
+             user: user, password: password) do |response|
+          IO.copy(response.body_io, STDOUT)
+        end
+        0
+      end
+
+      def run(options, funko_name : String) : Int32
+        Log.info { "Deploying #{funko_name}" }
+        if options["--local"]
+          local(options, funko_name)
+        else
+          remote(options, funko_name)
+        end
+      end
+    end
+  end
+end

src/commands/login.cr

@@ -9,10 +9,28 @@ module Faaso
         else
           password = STDIN.gets.to_s
         end
-        # Testing with auth/ which is guaranteed locked
-        Crest.get(
-          "#{server}auth/", \
-             user: "admin", password: password).body
+        # This is tricky. If the service is running behind a reverse proxy
+        # then /version is locked, but if it's not, only /auth is locked.
+        # So we try /version first without a password, and if it succeeds
+        # we try /auth with the password. If /version fails, we try /version
+        # with the password
+        #
+        begin
+          # Version without password.
+          Crest.get("#{server}version/")
+          # Auth with password
+          begin
+            Crest.get("#{server}auth/", user: "admin", password: password)
+          rescue ex : Crest::Unauthorized
+            # Failed with auth/
+            Log.error { "Wrong password" }
+            return 1
+          end
+        rescue ex : Crest::Unauthorized
+          # Version with password
+          Crest.get("#{server}version/", user: "admin", password: password)
+        end
+
         # If we got here the password is ok
         CONFIG.hosts[server] = {"admin", password}
         Config.save

src/commands/scale.cr

@@ -10,43 +10,37 @@ module Faaso
     # In both cases stopped instances after the required
     # scale is reached are deleted.
     struct Scale
-      def local(options, name, scale) : Int32
+      def local(options, name : String, scale : Int | Nil) : Int32
         funko = Funko::Funko.from_names([name])[0]
         # Asked about scale
         if funko.image_history.empty?
           Log.error { "Unknown funko #{funko.name}" }
           return 1
         end
-        if !scale
+        if scale.nil?
           Log.info { "Funko #{name} has a scale of #{funko.scale}" }
           return 0
         end
         # Asked to set scale
-        funko.scale(scale.as(String).to_i)
+        funko.scale(scale)
         0
       end
 
-      def remote(options, name, scale) : Int32
+      def remote(options, name : String, scale : Int | Nil) : Int32
         user, password = Config.auth
         Faaso.check_version
-        if !scale
+        if scale.nil?
           Crest.get(
             "#{Config.server}funkos/#{name}/scale/", \
                user: user, password: password) do |response|
-            loop do
-              Log.info { response.body_io.gets }
-              break if response.body_io.closed?
-            end
-          end
-        else
-          Crest.post(
-            "#{Config.server}funkos/#{name}/scale/",
-            {"scale" => scale}, user: user, password: password) do |response|
-            loop do
-              Log.info { response.body_io.gets }
-              break if response.body_io.closed?
-            end
+            IO.copy(response.body_io, STDOUT)
           end
+          return 0
+        end
+        Crest.post(
+          "#{Config.server}funkos/#{name}/scale/",
+          {"scale" => scale}, user: user, password: password) do |response|
+          IO.copy(response.body_io, STDOUT)
         end
         0
       rescue ex : Crest::InternalServerError
@@ -54,7 +48,8 @@ module Faaso
         1
       end
 
-      def run(options, name, scale) : Int32
+      def run(options, name : String, scale) : Int32
+        scale = scale.try &.to_s.to_i
         if options["--local"]
           return local(options, name, scale)
         end

src/commands/status.cr

@@ -31,10 +31,7 @@ module Faaso
         Crest.get(
           "#{Config.server}funkos/#{name}/status/", \
              user: user, password: password) do |response|
-          loop do
-            Log.info { response.body_io.gets }
-            break if response.body_io.closed?
-          end
+          IO.copy(response.body_io, STDOUT)
         end
         0
       rescue ex : Crest::InternalServerError

src/daemon/config.cr

@@ -20,7 +20,7 @@ class Config
 end
 
 class ConfigAuthHandler < Kemal::BasicAuth::Handler
-  only ["/auth"]
+  only ["/auth", "/auth/*"]
 
   def call(context)
     return call_next(context) unless only_match?(context)

src/daemon/funko.cr

@@ -1,3 +1,4 @@
+require "base58"
 require "docr"
 require "kemal"
 require "../funko.cr"
@@ -24,12 +25,17 @@ module Funko
     run_faaso(["scale", name, scale], env)
   end
 
+  get "/funkos/:name/deploy" do |env|
+    name = env.params.url["name"]
+    run_faaso(["deploy", name], env)
+  end
+
   # Build image for funko received as "funko.tgz"
   # TODO: This may take a while, consider using something like
   # mosquito-cr/mosquito to make it a job queue
   post "/funkos/build/" do |env|
     # Create place to build funko
-    tmp_dir = Path.new("tmp", UUID.random.to_s)
+    tmp_dir = Path.new("tmp", Random.base58(8))
     Dir.mkdir_p(tmp_dir) unless File.exists? tmp_dir
 
     # Expand tarball in there
@@ -48,8 +54,9 @@ module Funko
 
     # Build the thing
     run_faaso(["build", tmp_dir.to_s, "--no-runtime"], env)
+  ensure
+    FileUtils.rm_rf(tmp_dir) unless tmp_dir.nil?
   end
-
   # Endpoints for the web frontend
 
   # General status for the front page
@@ -126,20 +133,21 @@ module Funko
   end
 
   # Helper to run faaso locally and respond via env
-  def run_faaso(args : Array(String), env) : Bool
-    Log.info { "Running faaso [#{args.join(", ")}, -l]" }
+  def run_faaso(args : Array(String), env)
+    args << "-l" # Always local in the server
+    Log.info { "Running faaso [#{args}" }
     Process.run(
       command: "faaso",
-      args: args + ["-l", "2>&1"], # Always local in the server
-      shell: true,
+      args: args,
+      env: {"FAASO_SERVER_SIDE" => "true"},
     ) do |process|
       loop do
-        env.response.print process.output.gets(chomp: false)
+        data = process.output.gets(chomp: false)
+        env.response.print data
         env.response.flush
-        Fiber.yield
+        Fiber.yield # Without this the process never ends
         break if process.terminated?
       end
-      true
     end
     # FIXME: find a way to raise an exception on failure
     # of the faaso process

src/daemon/proxy.cr

@@ -1,16 +1,11 @@
 require "./funko.cr"
 require "docr"
-require "inotify"
 require "kemal"
 
 module Proxy
-  CADDY_CONFIG_PATH = "config/funkos"
-  @@current_config = File.read(CADDY_CONFIG_PATH)
-
-  @@watcher = Inotify.watch(CADDY_CONFIG_PATH) do |_|
-    Log.info { "Reloading caddy config" }
-    Process.run(command: "caddy", args: ["reload", "--config", CADDY_CONFIG_PATH])
-  end
+  CADDY_CONFIG_PATH = "config/Caddyfile"
+  CADDY_CONFIG_FUNKOS = "config/funkos"
+  @@current_config = File.read(CADDY_CONFIG_FUNKOS)
 
   # Get current proxy config
   get "/proxy/" do
@@ -25,7 +20,7 @@ module Proxy
     update_proxy_config
   end
 
-  def self.update_proxy_config
+  def self.update_proxy_config : Nil
     docker_api = Docr::API.new(Docr::Client.new)
     containers = docker_api.containers.list(all: true)
 
@@ -50,13 +45,13 @@ module Proxy
 
     if @@current_config != config
       Log.info { "Updating proxy config" }
-      File.open(CADDY_CONFIG_PATH, "w") do |file|
+      File.open(CADDY_CONFIG_FUNKOS, "w") do |file|
         file << config
       end
       # Reload config
       @@current_config = config
+      Process.run(command: "caddy", args: ["reload", "--config", CADDY_CONFIG_PATH])
     end
-    config
   end
 end
 

src/faaso.cr

@@ -1,4 +1,5 @@
 require "./commands/build.cr"
+require "./commands/deploy.cr"
 require "./commands/export.cr"
 require "./commands/login.cr"
 require "./commands/new.cr"

src/funko.cr

@@ -85,25 +85,33 @@ module Funko
     end
 
     # Set the number of running instances of this funko
-    def scale(new_scale : Int)
+    # Returns the list of IDs started or stopped
+    def scale(new_scale : Int) : Array(String)
       docker_api = Docr::API.new(Docr::Client.new)
       current_scale = self.scale
-      return if current_scale == new_scale
+      result = [] of String
+
+      if current_scale == new_scale
+        Log.info { "Funko #{name} already at scale #{new_scale}" }
+        return result
+      end
 
       Log.info { "Scaling #{name} from #{current_scale} to #{new_scale}" }
       if new_scale > current_scale
         (current_scale...new_scale).each {
           Log.info { "Adding instance" }
-          id = create_container
+          result << (id = create_container)
           start(id)
           sleep 0.1.seconds
         }
       else
-        containers.select { |container| container.@state == "running" }.sort! { |i, j|
+        # Sort them older to newer, so we stop the oldest
+        containers.sort! { |i, j|
           i.@created <=> j.@created
         }.each { |container|
           Log.info { "Removing instance" }
           docker_api.containers.stop(container.@id)
+          result << container.@id
           current_scale -= 1
           break if current_scale == new_scale
           sleep 0.1.seconds
@@ -115,6 +123,8 @@ module Funko
         Log.info { "Pruning dead instance" }
         docker_api.containers.delete(container.@id)
       }
+
+      result
     end
 
     # Setup the target directory `path` with all the files needed
@@ -183,7 +193,7 @@ module Funko
       docker_api.containers.list(all: true).select { |container|
         container.@names.any?(&.starts_with?("/faaso-#{name}-")) &&
           container.@state == "running"
-      }
+      } || [] of Docr::Types::ContainerSummary
     end
 
     # A comprehensive status for the funko:
@@ -206,12 +216,36 @@ module Funko
       end
     end
 
-    # Wait up to `t` seconds for the funko to reach the requested `state`
-    def wait_for(new_scale : Int, t)
+    # Wait up to `t` seconds for the funko to reach the desired scale
+    # If `healthy` is true, it will wait for the container to be declared
+    # healthy by the healthcheck
+    def wait_for(new_scale : Int, t : Int, healthy : Bool = false)
+      docker_api = Docr::API.new(Docr::Client.new)
       channel = Channel(Nil).new
       spawn do
         loop do
-          channel.send(nil) if scale == new_scale
+          if healthy
+            channel.send(nil) if containers.select { |container|
+                                   begin
+                                     details = docker_api.containers.inspect(container.@id)
+                                     if details.nil?
+                                       false
+                                     elsif details.state.nil?
+                                       false
+                                     elsif details.state.as(Docr::Types::ContainerState).health.nil?
+                                       false
+                                     elsif details.state.as(Docr::Types::ContainerState).health.as(Docr::Types::Health).status == "healthy"
+                                       true
+                                     end
+                                     false
+                                   rescue ex : Docr::Errors::DockerAPIError
+                                     Log.error { "#{ex}" } unless ex.status_code == 304 # This just happens
+                                     false
+                                   end
+                                 } == new_scale
+          else
+            channel.send(nil) if scale == new_scale
+          end
           sleep 0.2.seconds
         end
       end
@@ -220,7 +254,7 @@ module Funko
       when channel.receive
         Log.info { "Funko #{name} reached scale #{new_scale}" }
       when timeout(t.seconds)
-        Log.error { "Funko #{name} did not reach scale #{new_scale} in #{t} seconds" }
+        raise Exception.new("Funko #{name} did not reach scale #{new_scale} in #{t} seconds")
       end
     end
 
@@ -279,7 +313,7 @@ module Funko
       )
 
       docker_api = Docr::API.new(Docr::Client.new)
-      response = docker_api.containers.create(name: "faaso-#{name}-#{randstr}", config: conf)
+      response = docker_api.containers.create(name: "faaso-#{name}-#{Random.base58(6)}", config: conf)
       response.@warnings.each { |msg| Log.warn { msg } }
       docker_api.containers.start(response.@id) if autostart
       response.@id
@@ -319,8 +353,3 @@ module Funko
     end
   end
 end
-
-def randstr(length = 6) : String
-  chars = "abcdefghijklmnopqrstuvwxyz0123456789"
-  String.new(Bytes.new(chars.to_slice.sample(length).to_unsafe, length))
-end

src/log.cr

@@ -1,50 +0,0 @@
-module Logging
-  extend self
-
-  class LogBackend < Log::IOBackend
-    @stdout = Log::IOBackend.new(io: STDOUT, formatter: LogFormat)
-    @stderr = Log::IOBackend.new(io: STDERR, formatter: LogFormat)
-
-    def write(entry : Log::Entry)
-      if entry.severity >= Log::Severity::Error
-        @stderr.write entry
-      else
-        @stdout.write entry
-      end
-    end
-  end
-
-  struct LogFormat < Log::StaticFormatter
-    @@colors = {
-      "FATAL"  => :red,
-      "ERROR"  => :red,
-      "WARN"   => :yellow,
-      "NOTICE" => :yellow,
-      "INFO"   => :green,
-      "DEBUG"  => :blue,
-      "TRACE"  => :light_blue,
-    }
-
-    def run
-      string "#{@entry.message}".colorize(@@colors[@entry.severity.label])
-    end
-  end
-
-  def self.setup(verbosity)
-    Colorize.on_tty_only!
-    verbosity = [0, verbosity].max
-    verbosity = [6, verbosity].min
-    severity = [
-      Log::Severity::Fatal,
-      Log::Severity::Error,
-      Log::Severity::Warn,
-      Log::Severity::Notice,
-      Log::Severity::Info,
-      Log::Severity::Debug,
-      Log::Severity::Trace,
-    ][verbosity]
-    Log.setup(
-      severity,
-      LogBackend.new)
-  end
-end

src/main.cr

@@ -1,8 +1,8 @@
 require "./config.cr"
 require "./faaso.cr"
-require "./log.cr"
 require "colorize"
 require "docopt"
+require "oplog"
 require "rucksack"
 
 macro version
@@ -14,6 +14,7 @@ FaaSO CLI tool.
 
 Usage:
   faaso build  FOLDER ...           [-v <level>] [-l] [--no-runtime]
+  faaso deploy FUNKO                [-v <level>] [-l]
   faaso export SOURCE DESTINATION   [-v <level>]
   faaso login                       [-v <level>]
   faaso new -r runtime FOLDER       [-v <level>]
@@ -34,27 +35,28 @@ Options:
 DOC
 
 ans = Docopt.docopt(doc, ARGV)
-Logging.setup(ans["-v"].to_s.to_i)
+Oplog.setup(ans["-v"].to_s.to_i) unless ENV.fetch("FAASO_SERVER_SIDE", nil)
 Log.debug { ans }
 
-status : Int32 = 0
 case ans
 when .fetch("build", false)
-  status = Faaso::Commands::Build.new.run(ans, ans["FOLDER"].as(Array(String)))
+  exit Faaso::Commands::Build.new.run(ans, ans["FOLDER"].as(Array(String)))
+when .fetch("deploy", false)
+  exit Faaso::Commands::Deploy.new.run(ans, ans["FUNKO"].as(String))
 when .fetch("export", false)
-  status = Faaso::Commands::Export.new.run(ans, ans["SOURCE"].as(String), ans["DESTINATION"].as(String))
+  exit Faaso::Commands::Export.new.run(ans, ans["SOURCE"].as(String), ans["DESTINATION"].as(String))
 when .fetch("login", false)
-  status = Faaso::Commands::Login.new.run(ans)
+  exit Faaso::Commands::Login.new.run(ans)
 when .fetch("new", false)
-  status = Faaso::Commands::New.new.run(ans, ans["FOLDER"].as(Array(String))[0])
+  exit Faaso::Commands::New.new.run(ans, ans["FOLDER"].as(Array(String))[0])
 when .fetch("scale", false)
-  status = Faaso::Commands::Scale.new.run(ans, ans["FUNKO"].as(String), ans["SCALE"])
+  exit Faaso::Commands::Scale.new.run(ans, ans["FUNKO"].as(String), ans["SCALE"])
 when .fetch("secret", false)
-  status = Faaso::Commands::Secret.new.run(ans, ans["FUNKO"].as(String), ans["SECRET"].as(String))
+  exit Faaso::Commands::Secret.new.run(ans, ans["FUNKO"].as(String), ans["SECRET"].as(String))
 when .fetch("status", false)
-  status = Faaso::Commands::Status.new.run(ans, ans["FUNKO"].as(String))
+  exit Faaso::Commands::Status.new.run(ans, ans["FUNKO"].as(String))
 when .fetch("version", false)
   Log.info { "#{version}" }
 end
 
-exit(status)
+exit 0

src/runtime.cr

@@ -23,7 +23,9 @@ module Runtime
     if @@known.includes? "./runtimes/#{runtime}"
       Log.info { "Using known runtime #{runtime}" }
       runtime_base = "./runtimes/#{runtime}/"
-      runtime_files = @@filelist.select(&.starts_with?(runtime_base))
+      runtime_files = @@filelist.select(&.starts_with?(runtime_base)).map { |path|
+        Path[path].normalize.to_s
+      }
     elsif File.exists? runtime
       Log.info { "Using directory #{runtime} as runtime" }
       runtime_base = "#{runtime}"

src/views/funkos.ecr

@@ -1,39 +1,32 @@
 <%- result.each do |f| -%>
 <tr hx-indicator="#spinner-<%= f["name"] %>">
-  <td>
+  <td style="vertical-align: top;">
     <%= f["name"] %>
     <img id="spinner-<%= f["name"] %>" src="bars.svg"  class="htmx-indicator">
   </td>
-  <td>
-    <table>
-      <thead>
-        <th>ID</th>
-        <th>Current?</th>
-        <th>Actions</th>
-      </thead>
-      <tbody>
-        <%- f["containers"].as(Array(Docr::Types::ContainerSummary)).each do |c| -%>
-          <tr>
-            <td><tt><%= c.@names[0].split("-")[-1] %></tt></td>
-            <td>
+  <td style="vertical-align: top;">
+    <%- f["containers"].as(Array(Docr::Types::ContainerSummary)).each do |c| -%>
+      <div class="grid">
+            <div>
+              <tt><%= c.@names[0].split("-")[-1] %></tt>
+            </div>
+            <div>
               <%- if c.image_id == f["latest_image"] -%>
                 <span style="color:green;""> 🟢</span>
               <%- else -%>
                 <span style="color:red;""> 🟢</span>
               <%- end -%>
-            </td>
-            <td>
+            </div>
+            <div role="group">
               <button hx-target="#terminal" hx-get="funkos/terminal/logs/<%= c.@names[0].lstrip("/") %>/">Logs</button>
               <button hx-target="#terminal" hx-get="funkos/terminal/shell/<%= c.@names[0].lstrip("/") %>/">Shell</button>
-            </td>
-          </tr>
-        <%- end -%>
-      </tbody>
-      </p>
+            </div>
+      </div>
+    <%- end -%>
   </td>
 
-    </table>
   <td>
+  <div role="group">
   <%- if f["name"] == "proxy" -%>
   <%- else -%>
     <%- if f["scale"].as(String).to_i > 0 -%>
@@ -47,6 +40,7 @@
     <%- end -%>
       <button hx-get="funkos/<%= f["name"] %>/restart" hx-on:htmx:after-request="update_funkos()">Restart</button>
   <%- end -%>
+  </div>
   </td>
 </tr>
 <%- end -%>