Fix errors in build-docker-inside.sh

Preliminary makefile support for building inside docker
2023-11-09 11:14:41 -08:00 · 2023-11-09 10:49:15 -08:00
29 changed files with 369 additions and 939 deletions
--- a/AUTHORS.md
+++ b/AUTHORS.md
@ -11,7 +11,6 @@
 - kawaiipunk
 - knoflook
 - moritz
 - p4u1
 - rix
 - roxxers
 - vera
--- a/4
+++ b/4
@ -2,7 +2,6 @@ ABRA         := ./cmd/abra
 KADABRA      := ./cmd/kadabra
 COMMIT       := $(shell git rev-list -1 HEAD)
 GOPATH       := $(shell go env GOPATH)
 GOVERSION    := 1.21
 LDFLAGS      := "-X 'main.Commit=$(COMMIT)'"
 DIST_LDFLAGS := $(LDFLAGS)" -s -w"
@ -32,8 +31,7 @@ build-kadabra:
 build: build-abra build-kadabra
 build-docker-abra:
-	@docker run -it -v $(PWD):/abra golang:$(GOVERSION) \
+	docker run -it -v $(PWD):/abra golang:1.21 bash -c 'cd /abra; ./build-docker-inside.sh'
 		bash -c 'cd /abra; ./scripts/docker/build.sh'
 build-docker: build-docker-abra
--- a/build-docker-inside.sh
+++ b/build-docker-inside.sh
@ -0,0 +1,18 @@
 #!/bin/bash
 if [ ! -f .envrc ]; then
    . .envrc.sample
 else
    . .envrc
 fi
 git config --global --add safe.directory /abra  # work around funky file permissions
 # fixme for some reason we need to do this
 go get coopcloud.tech/abra/pkg/upstream/commandconn
 go get github.com/sirupsen/logrus@v1.9.3
 go get github.com/cloudflare/circl/dh/x25519@v1.3.3
 go get github.com/mattn/go-runewidth@v0.0.14
 go get github.com/mattn/go-colorable@v0.1.12
 go get coopcloud.tech/abra/pkg/config
 #
 make build
--- a/cli/app/cmd.go
+++ b/cli/app/cmd.go
@ -10,7 +10,6 @@ import (
 	"strings"
 	"coopcloud.tech/abra/cli/internal"
 	"coopcloud.tech/abra/pkg/app"
 	"coopcloud.tech/abra/pkg/autocomplete"
 	"coopcloud.tech/abra/pkg/client"
 	"coopcloud.tech/abra/pkg/config"
@ -46,17 +45,6 @@ Example:
 	},
 	Before:      internal.SubCommandBefore,
 	Subcommands: []cli.Command{appCmdListCommand},
 	BashComplete: func(ctx *cli.Context) {
 		args := ctx.Args()
 		switch len(args) {
 		case 0:
 			autocomplete.AppNameComplete(ctx)
 		case 1:
 			autocomplete.ServiceNameComplete(args.Get(0))
 		case 2:
 			cmdNameComplete(args.Get(0))
 		}
 	},
 	Action: func(c *cli.Context) error {
 		app := internal.ValidateApp(c)
@ -199,20 +187,6 @@ func parseCmdArgs(args []string, isLocal bool) (bool, string) {
 	return hasCmdArgs, parsedCmdArgs
 }
 func cmdNameComplete(appName string) {
 	app, err := app.Get(appName)
 	if err != nil {
 		return
 	}
 	cmdNames, _ := getShCmdNames(app)
 	if err != nil {
 		return
 	}
 	for _, n := range cmdNames {
 		fmt.Println(n)
 	}
 }
 var appCmdListCommand = cli.Command{
 	Name:      "list",
 	Aliases:   []string{"ls"},
@ -248,11 +222,13 @@ var appCmdListCommand = cli.Command{
 			}
 		}
-		cmdNames, err := getShCmdNames(app)
+		abraShPath := fmt.Sprintf("%s/%s/%s", config.RECIPES_DIR, app.Recipe, "abra.sh")
 		cmdNames, err := config.ReadAbraShCmdNames(abraShPath)
 		if err != nil {
 			logrus.Fatal(err)
 		}
 		sort.Strings(cmdNames)
 		for _, cmdName := range cmdNames {
 			fmt.Println(cmdName)
 		}
@ -260,14 +236,3 @@ var appCmdListCommand = cli.Command{
 		return nil
 	},
 }
 func getShCmdNames(app config.App) ([]string, error) {
 	abraShPath := fmt.Sprintf("%s/%s/%s", config.RECIPES_DIR, app.Recipe, "abra.sh")
 	cmdNames, err := config.ReadAbraShCmdNames(abraShPath)
 	if err != nil {
 		return nil, err
 	}
 	sort.Strings(cmdNames)
 	return cmdNames, nil
 }
--- a/cli/app/cp.go
+++ b/cli/app/cp.go
@ -2,24 +2,19 @@ package app
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"coopcloud.tech/abra/cli/internal"
 	"coopcloud.tech/abra/pkg/autocomplete"
 	"coopcloud.tech/abra/pkg/client"
-	containerPkg "coopcloud.tech/abra/pkg/container"
+	"coopcloud.tech/abra/pkg/config"
 	"coopcloud.tech/abra/pkg/container"
 	"coopcloud.tech/abra/pkg/formatter"
 	"coopcloud.tech/abra/pkg/upstream/container"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	dockerClient "github.com/docker/docker/client"
 	"github.com/docker/docker/errdefs"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@ -54,14 +49,46 @@ And if you want to copy that file back to your current working directory locally
 		dst := c.Args().Get(2)
 		if src == "" {
 			logrus.Fatal("missing <src> argument")
-		}
+		} else if dst == "" {
 		if dst == "" {
 			logrus.Fatal("missing <dest> argument")
 		}
-		srcPath, dstPath, service, toContainer, err := parseSrcAndDst(src, dst)
+		parsedSrc := strings.SplitN(src, ":", 2)
-		if err != nil {
+		parsedDst := strings.SplitN(dst, ":", 2)
-			logrus.Fatal(err)
+		errorMsg := "one of <src>/<dest> arguments must take $SERVICE:$PATH form"
 		if len(parsedSrc) == 2 && len(parsedDst) == 2 {
 			logrus.Fatal(errorMsg)
 		} else if len(parsedSrc) != 2 {
 			if len(parsedDst) != 2 {
 				logrus.Fatal(errorMsg)
 			}
 		} else if len(parsedDst) != 2 {
 			if len(parsedSrc) != 2 {
 				logrus.Fatal(errorMsg)
 			}
 		}
 		var service string
 		var srcPath string
 		var dstPath string
 		isToContainer := false // <container:src> <dst>
 		if len(parsedSrc) == 2 {
 			service = parsedSrc[0]
 			srcPath = parsedSrc[1]
 			dstPath = dst
 			logrus.Debugf("assuming transfer is coming FROM the container")
 		} else if len(parsedDst) == 2 {
 			service = parsedDst[0]
 			dstPath = parsedDst[1]
 			srcPath = src
 			isToContainer = true // <src> <container:dst>
 			logrus.Debugf("assuming transfer is going TO the container")
 		}
 		if isToContainer {
 			if _, err := os.Stat(srcPath); os.IsNotExist(err) {
 				logrus.Fatalf("%s does not exist locally?", srcPath)
 			}
 		}
 		cl, err := client.New(app.Server)
@ -69,18 +96,7 @@ And if you want to copy that file back to your current working directory locally
 			logrus.Fatal(err)
 		}
-		container, err := containerPkg.GetContainerFromStackAndService(cl, app.StackName(), service)
+		if err := configureAndCp(c, cl, app, srcPath, dstPath, service, isToContainer); err != nil {
 		if err != nil {
 			logrus.Fatal(err)
 		}
 		logrus.Debugf("retrieved %s as target container on %s", formatter.ShortenID(container.ID), app.Server)
 		if toContainer {
 			err = copyToContainer(cl, container.ID, srcPath, dstPath)
 		} else {
 			err = copyFromContainer(cl, container.ID, srcPath, dstPath)
 		}
 		if err != nil {
 			logrus.Fatal(err)
 		}
@ -88,292 +104,46 @@ And if you want to copy that file back to your current working directory locally
 	},
 }
-var errServiceMissing = errors.New("one of <src>/<dest> arguments must take $SERVICE:$PATH form")
+func configureAndCp(
 	c *cli.Context,
 	cl *dockerClient.Client,
 	app config.App,
 	srcPath string,
 	dstPath string,
 	service string,
 	isToContainer bool) error {
 	filters := filters.NewArgs()
 	filters.Add("name", fmt.Sprintf("^%s_%s", app.StackName(), service))
-// parseSrcAndDst parses src and dest string. One of src or dst must be of the form $SERVICE:$PATH
+	container, err := container.GetContainer(context.Background(), cl, filters, internal.NoInput)
 func parseSrcAndDst(src, dst string) (srcPath string, dstPath string, service string, toContainer bool, err error) {
 	parsedSrc := strings.SplitN(src, ":", 2)
 	parsedDst := strings.SplitN(dst, ":", 2)
 	if len(parsedSrc)+len(parsedDst) != 3 {
 		return "", "", "", false, errServiceMissing
 	}
 	if len(parsedSrc) == 2 {
 		return parsedSrc[1], dst, parsedSrc[0], false, nil
 	}
 	if len(parsedDst) == 2 {
 		return src, parsedDst[1], parsedDst[0], true, nil
 	}
 	return "", "", "", false, errServiceMissing
 }
 // copyToContainer copies a file or directory from the local file system to the container.
 // See the possible copy modes and their documentation.
 func copyToContainer(cl *dockerClient.Client, containerID, srcPath, dstPath string) error {
 	srcStat, err := os.Stat(srcPath)
 	if err != nil {
-		return fmt.Errorf("local %s ", err)
+		logrus.Fatal(err)
 	}
-	dstStat, err := cl.ContainerStatPath(context.Background(), containerID, dstPath)
+	logrus.Debugf("retrieved %s as target container on %s", formatter.ShortenID(container.ID), app.Server)
 	dstExists := true
 	if err != nil {
 		if errdefs.IsNotFound(err) {
 			dstExists = false
 		} else {
 			return fmt.Errorf("remote path: %s", err)
 		}
 	}
-	mode, err := copyMode(srcPath, dstPath, srcStat.Mode(), dstStat.Mode, dstExists)
+	if isToContainer {
-	if err != nil {
+		toTarOpts := &archive.TarOptions{NoOverwriteDirNonDir: true, Compression: archive.Gzip}
-		return err
+		content, err := archive.TarWithOptions(srcPath, toTarOpts)
 	}
 	movePath := ""
 	switch mode {
 	case CopyModeDirToDir:
 		// Add the src directory to the destination path
 		_, srcDir := path.Split(srcPath)
 		dstPath = path.Join(dstPath, srcDir)
 		// Make sure the dst directory exits.
 		dcli, err := command.NewDockerCli()
 		if err != nil {
-			return err
+			logrus.Fatal(err)
 		}
 		if err := container.RunExec(dcli, cl, containerID, &types.ExecConfig{
 			AttachStderr: true,
 			AttachStdin:  true,
 			AttachStdout: true,
 			Cmd:          []string{"mkdir", "-p", dstPath},
 			Detach:       false,
 			Tty:          true,
 		}); err != nil {
 			return fmt.Errorf("create remote directory: %s", err)
 		}
 	case CopyModeFileToFile:
 		// Remove the file component from the path, since docker can only copy
 		// to a directory.
 		dstPath, _ = path.Split(dstPath)
 	case CopyModeFileToFileRename:
 		// Copy the file to the temp directory and move it to its dstPath
 		// afterwards.
 		movePath = dstPath
 		dstPath = "/tmp"
 	}
-	toTarOpts := &archive.TarOptions{IncludeSourceDir: true, NoOverwriteDirNonDir: true, Compression: archive.Gzip}
+		copyOpts := types.CopyToContainerOptions{AllowOverwriteDirWithFile: false, CopyUIDGID: false}
-	content, err := archive.TarWithOptions(srcPath, toTarOpts)
+		if err := cl.CopyToContainer(context.Background(), container.ID, dstPath, content, copyOpts); err != nil {
-	if err != nil {
+			logrus.Fatal(err)
 		return err
 	}
 	logrus.Debugf("copy %s from local to %s on container", srcPath, dstPath)
 	copyOpts := types.CopyToContainerOptions{AllowOverwriteDirWithFile: false, CopyUIDGID: false}
 	if err := cl.CopyToContainer(context.Background(), containerID, dstPath, content, copyOpts); err != nil {
 		return err
 	}
 	if movePath != "" {
 		_, srcFile := path.Split(srcPath)
 		dcli, err := command.NewDockerCli()
 		if err != nil {
 			return err
 		}
 		if err := container.RunExec(dcli, cl, containerID, &types.ExecConfig{
 			AttachStderr: true,
 			AttachStdin:  true,
 			AttachStdout: true,
 			Cmd:          []string{"mv", path.Join("/tmp", srcFile), movePath},
 			Detach:       false,
 			Tty:          true,
 		}); err != nil {
 			return fmt.Errorf("create remote directory: %s", err)
 		}
 	}
 	return nil
 }
 // copyFromContainer copies a file or directory from the given container to the local file system.
 // See the possible copy modes and their documentation.
 func copyFromContainer(cl *dockerClient.Client, containerID, srcPath, dstPath string) error {
 	srcStat, err := cl.ContainerStatPath(context.Background(), containerID, srcPath)
 	if err != nil {
 		if errdefs.IsNotFound(err) {
 			return fmt.Errorf("remote: %s does not exist", srcPath)
 		} else {
 			return fmt.Errorf("remote path: %s", err)
 		}
 	}
 	dstStat, err := os.Stat(dstPath)
 	dstExists := true
 	var dstMode os.FileMode
 	if err != nil {
 		if os.IsNotExist(err) {
 			dstExists = false
 		} else {
 			return fmt.Errorf("remote path: %s", err)
 		}
 	} else {
-		dstMode = dstStat.Mode()
+		content, _, err := cl.CopyFromContainer(context.Background(), container.ID, srcPath)
 	}
 	mode, err := copyMode(srcPath, dstPath, srcStat.Mode, dstMode, dstExists)
 	if err != nil {
 		return err
 	}
 	moveDstDir := ""
 	moveDstFile := ""
 	switch mode {
 	case CopyModeFileToFile:
 		// Remove the file component from the path, since docker can only copy
 		// to a directory.
 		dstPath, _ = path.Split(dstPath)
 	case CopyModeFileToFileRename:
 		// Copy the file to the temp directory and move it to its dstPath
 		// afterwards.
 		moveDstFile = dstPath
 		dstPath = "/tmp"
 	case CopyModeFilesToDir:
 		// Copy the directory to the temp directory and move it to its
 		// dstPath afterwards.
 		moveDstDir = path.Join(dstPath, "/")
 		dstPath = "/tmp"
 		// Make sure the temp directory always gets removed
 		defer os.Remove(path.Join("/tmp"))
 	}
 	content, _, err := cl.CopyFromContainer(context.Background(), containerID, srcPath)
 	if err != nil {
 		return fmt.Errorf("copy: %s", err)
 	}
 	defer content.Close()
 	if err := archive.Untar(content, dstPath, &archive.TarOptions{
 		NoOverwriteDirNonDir: true,
 		Compression:          archive.Gzip,
 		NoLchown:             true,
 	}); err != nil {
 		return fmt.Errorf("untar: %s", err)
 	}
 	if moveDstFile != "" {
 		_, srcFile := path.Split(strings.TrimSuffix(srcPath, "/"))
 		if err := moveFile(path.Join("/tmp", srcFile), moveDstFile); err != nil {
 			return err
 		}
 	}
 	if moveDstDir != "" {
 		_, srcDir := path.Split(strings.TrimSuffix(srcPath, "/"))
 		if err := moveDir(path.Join("/tmp", srcDir), moveDstDir); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 var (
 	ErrCopyDirToFile  = fmt.Errorf("can't copy dir to file")
 	ErrDstDirNotExist = fmt.Errorf("destination directory does not exist")
 )
 type CopyMode int
 const (
 	// Copy a src file to a dest file. The src and dest file names are the same.
 	//  <dir_src>/<file> + <dir_dst>/<file> -> <dir_dst>/<file>
 	CopyModeFileToFile = CopyMode(iota)
 	// Copy a src file to a dest file. The src and dest file names are  not the same.
 	//  <dir_src>/<file_src> + <dir_dst>/<file_dst> -> <dir_dst>/<file_dst>
 	CopyModeFileToFileRename
 	// Copy a src file to dest directory. The dest file gets created in the dest
 	// folder with the src filename.
 	//  <dir_src>/<file> + <dir_dst> -> <dir_dst>/<file>
 	CopyModeFileToDir
 	// Copy a src directory to dest directory.
 	//  <dir_src> + <dir_dst> -> <dir_dst>/<dir_src>
 	CopyModeDirToDir
 	// Copy all files in the src directory to the dest directory. This works recursively.
 	//  <dir_src>/ + <dir_dst> -> <dir_dst>/<files_from_dir_src>
 	CopyModeFilesToDir
 )
 // copyMode takes a src and dest path and file mode to determine the copy mode.
 // See the possible copy modes and their documentation.
 func copyMode(srcPath, dstPath string, srcMode os.FileMode, dstMode os.FileMode, dstExists bool) (CopyMode, error) {
 	_, srcFile := path.Split(srcPath)
 	_, dstFile := path.Split(dstPath)
 	if srcMode.IsDir() {
 		if !dstExists {
 			return -1, ErrDstDirNotExist
 		}
 		if dstMode.IsDir() {
 			if strings.HasSuffix(srcPath, "/") {
 				return CopyModeFilesToDir, nil
 			}
 			return CopyModeDirToDir, nil
 		}
 		return -1, ErrCopyDirToFile
 	}
 	if dstMode.IsDir() {
 		return CopyModeFileToDir, nil
 	}
 	if srcFile != dstFile {
 		return CopyModeFileToFileRename, nil
 	}
 	return CopyModeFileToFile, nil
 }
 // moveDir moves all files from a source path to the destination path recursively.
 func moveDir(sourcePath, destPath string) error {
 	return filepath.Walk(sourcePath, func(p string, info os.FileInfo, err error) error {
 		if err != nil {
-			return err
+			logrus.Fatal(err)
 		}
-		newPath := path.Join(destPath, strings.TrimPrefix(p, sourcePath))
+		defer content.Close()
-		if info.IsDir() {
+		fromTarOpts := &archive.TarOptions{NoOverwriteDirNonDir: true, Compression: archive.Gzip}
-			err := os.Mkdir(newPath, info.Mode())
+		if err := archive.Untar(content, dstPath, fromTarOpts); err != nil {
-			if err != nil {
+			logrus.Fatal(err)
 				if os.IsExist(err) {
 					return nil
 				}
 				return err
 			}
 		}
 		if info.Mode().IsRegular() {
 			return moveFile(p, newPath)
 		}
 		return nil
 	})
 }
 // moveFile moves a file from a source path to a destination path.
 func moveFile(sourcePath, destPath string) error {
 	inputFile, err := os.Open(sourcePath)
 	if err != nil {
 		return err
 	}
 	outputFile, err := os.Create(destPath)
 	if err != nil {
 		inputFile.Close()
 		return err
 	}
 	defer outputFile.Close()
 	_, err = io.Copy(outputFile, inputFile)
 	inputFile.Close()
 	if err != nil {
 		return err
 	}
 	// Remove file after succesfull copy.
 	err = os.Remove(sourcePath)
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/cli/app/cp_test.go
+++ b/cli/app/cp_test.go
@ -1,113 +0,0 @@
 package app
 import (
 	"os"
 	"testing"
 )
 func TestParse(t *testing.T) {
 	tests := []struct {
 		src         string
 		dst         string
 		srcPath     string
 		dstPath     string
 		service     string
 		toContainer bool
 		err         error
 	}{
 		{src: "foo", dst: "bar", err: errServiceMissing},
 		{src: "app:foo", dst: "app:bar", err: errServiceMissing},
 		{src: "app:foo", dst: "bar", srcPath: "foo", dstPath: "bar", service: "app", toContainer: false},
 		{src: "foo", dst: "app:bar", srcPath: "foo", dstPath: "bar", service: "app", toContainer: true},
 	}
 	for i, tc := range tests {
 		srcPath, dstPath, service, toContainer, err := parseSrcAndDst(tc.src, tc.dst)
 		if srcPath != tc.srcPath {
 			t.Errorf("[%d] srcPath: want (%s), got(%s)", i, tc.srcPath, srcPath)
 		}
 		if dstPath != tc.dstPath {
 			t.Errorf("[%d] dstPath: want (%s), got(%s)", i, tc.dstPath, dstPath)
 		}
 		if service != tc.service {
 			t.Errorf("[%d] service: want (%s), got(%s)", i, tc.service, service)
 		}
 		if toContainer != tc.toContainer {
 			t.Errorf("[%d] toConainer: want (%t), got(%t)", i, tc.toContainer, toContainer)
 		}
 		if err == nil && tc.err != nil && err.Error() != tc.err.Error() {
 			t.Errorf("[%d] err: want (%s), got(%s)", i, tc.err, err)
 		}
 	}
 }
 func TestCopyMode(t *testing.T) {
 	tests := []struct {
 		srcPath   string
 		dstPath   string
 		srcMode   os.FileMode
 		dstMode   os.FileMode
 		dstExists bool
 		mode      CopyMode
 		err       error
 	}{
 		{
 			srcPath:   "foo.txt",
 			dstPath:   "foo.txt",
 			srcMode:   os.ModePerm,
 			dstMode:   os.ModePerm,
 			dstExists: true,
 			mode:      CopyModeFileToFile,
 		},
 		{
 			srcPath:   "foo.txt",
 			dstPath:   "bar.txt",
 			srcMode:   os.ModePerm,
 			dstExists: true,
 			mode:      CopyModeFileToFileRename,
 		},
 		{
 			srcPath:   "foo",
 			dstPath:   "foo",
 			srcMode:   os.ModeDir,
 			dstMode:   os.ModeDir,
 			dstExists: true,
 			mode:      CopyModeDirToDir,
 		},
 		{
 			srcPath:   "foo/",
 			dstPath:   "foo",
 			srcMode:   os.ModeDir,
 			dstMode:   os.ModeDir,
 			dstExists: true,
 			mode:      CopyModeFilesToDir,
 		},
 		{
 			srcPath:   "foo",
 			dstPath:   "foo",
 			srcMode:   os.ModeDir,
 			dstExists: false,
 			mode:      -1,
 			err:       ErrDstDirNotExist,
 		},
 		{
 			srcPath:   "foo",
 			dstPath:   "foo",
 			srcMode:   os.ModeDir,
 			dstMode:   os.ModePerm,
 			dstExists: true,
 			mode:      -1,
 			err:       ErrCopyDirToFile,
 		},
 	}
 	for i, tc := range tests {
 		mode, err := copyMode(tc.srcPath, tc.dstPath, tc.srcMode, tc.dstMode, tc.dstExists)
 		if mode != tc.mode {
 			t.Errorf("[%d] mode: want (%d), got(%d)", i, tc.mode, mode)
 		}
 		if err != tc.err {
 			t.Errorf("[%d] err: want (%s), got(%s)", i, tc.err, err)
 		}
 	}
 }
--- a/cli/app/new.go
+++ b/cli/app/new.go
@ -97,7 +97,7 @@ var appNewCommand = cli.Command{
 		var secrets AppSecrets
 		var secretTable *jsontable.JSONTable
 		if internal.Secrets {
-			sampleEnv, err := recipe.SampleEnv()
+			sampleEnv, err := recipe.SampleEnv(config.ReadEnvOptions{})
 			if err != nil {
 				logrus.Fatal(err)
 			}
@ -108,7 +108,7 @@ var appNewCommand = cli.Command{
 			}
 			envSamplePath := path.Join(config.RECIPES_DIR, recipe.Name, ".env.sample")
-			secretsConfig, err := secret.ReadSecretsConfig(envSamplePath, composeFiles, config.StackName(internal.Domain))
+			secretsConfig, err := secret.ReadSecretsConfig(envSamplePath, composeFiles, recipe.Name)
 			if err != nil {
 				return err
 			}
@ -168,8 +168,14 @@ var appNewCommand = cli.Command{
 type AppSecrets map[string]string
 // createSecrets creates all secrets for a new app.
-func createSecrets(cl *dockerClient.Client, secretsConfig map[string]secret.Secret, sanitisedAppName string) (AppSecrets, error) {
+func createSecrets(cl *dockerClient.Client, secretsConfig map[string]string, sanitisedAppName string) (AppSecrets, error) {
-	secrets, err := secret.GenerateSecrets(cl, secretsConfig, internal.NewAppServer)
+	// NOTE(d1): trim to match app.StackName() implementation
 	if len(sanitisedAppName) > 45 {
 		logrus.Debugf("trimming %s to %s to avoid runtime limits", sanitisedAppName, sanitisedAppName[:45])
 		sanitisedAppName = sanitisedAppName[:45]
 	}
 	secrets, err := secret.GenerateSecrets(cl, secretsConfig, sanitisedAppName, internal.NewAppServer)
 	if err != nil {
 		return nil, err
 	}
@ -211,7 +217,7 @@ func ensureDomainFlag(recipe recipe.Recipe, server string) error {
 }
 // promptForSecrets asks if we should generate secrets for a new app.
-func promptForSecrets(recipeName string, secretsConfig map[string]secret.Secret) error {
+func promptForSecrets(recipeName string, secretsConfig map[string]string) error {
 	if len(secretsConfig) == 0 {
 		logrus.Debugf("%s has no secrets to generate, skipping...", recipeName)
 		return nil
--- a/cli/app/secret.go
+++ b/cli/app/secret.go
@ -20,23 +20,19 @@ import (
 	"github.com/urfave/cli"
 )
-var (
+var allSecrets bool
-	allSecrets     bool
+var allSecretsFlag = &cli.BoolFlag{
-	allSecretsFlag = &cli.BoolFlag{
+	Name:        "all, a",
-		Name:        "all, a",
+	Destination: &allSecrets,
-		Destination: &allSecrets,
+	Usage:       "Generate all secrets",
-		Usage:       "Generate all secrets",
+}
 	}
 )
-var (
+var rmAllSecrets bool
-	rmAllSecrets     bool
+var rmAllSecretsFlag = &cli.BoolFlag{
-	rmAllSecretsFlag = &cli.BoolFlag{
+	Name:        "all, a",
-		Name:        "all, a",
+	Destination: &rmAllSecrets,
-		Destination: &rmAllSecrets,
+	Usage:       "Remove all secrets",
-		Usage:       "Remove all secrets",
+}
 	}
 )
 var appSecretGenerateCommand = cli.Command{
 	Name:      "generate",
@ -91,21 +87,27 @@ var appSecretGenerateCommand = cli.Command{
 			logrus.Fatal(err)
 		}
-		secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
+		secretsConfig, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.Recipe)
 		if err != nil {
 			logrus.Fatal(err)
 		}
-		if !allSecrets {
+		secretsToCreate := make(map[string]string)
 		if allSecrets {
 			secretsToCreate = secretsConfig
 		} else {
 			secretName := c.Args().Get(1)
 			secretVersion := c.Args().Get(2)
-			s, ok := secrets[secretName]
+			matches := false
-			if !ok {
+			for name := range secretsConfig {
-				logrus.Fatalf("%s doesn't exist in the env config?", secretName)
+				if secretName == name {
 					secretsToCreate[name] = secretVersion
 					matches = true
 				}
 			}
-			s.Version = secretVersion
+
-			secrets = map[string]secret.Secret{
+			if !matches {
-				secretName: s,
+				logrus.Fatalf("%s doesn't exist in the env config?", secretName)
 			}
 		}
@ -114,7 +116,7 @@ var appSecretGenerateCommand = cli.Command{
 			logrus.Fatal(err)
 		}
-		secretVals, err := secret.GenerateSecrets(cl, secrets, app.Server)
+		secretVals, err := secret.GenerateSecrets(cl, secretsToCreate, app.StackName(), app.Server)
 		if err != nil {
 			logrus.Fatal(err)
 		}
@ -274,7 +276,7 @@ Example:
 			logrus.Fatal(err)
 		}
-		secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
+		secretsConfig, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.Recipe)
 		if err != nil {
 			logrus.Fatal(err)
 		}
@ -309,7 +311,12 @@ Example:
 		match := false
 		secretToRm := c.Args().Get(1)
-		for secretName, val := range secrets {
+		for secretName, secretValue := range secretsConfig {
 			val, err := secret.ParseSecretValue(secretValue)
 			if err != nil {
 				logrus.Fatal(err)
 			}
 			secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, val.Version)
 			if _, ok := remoteSecretNames[secretRemoteName]; ok {
 				if secretToRm != "" {
--- a/go.mod
+++ b/go.mod
@ -4,8 +4,8 @@ go 1.21
 require (
 	coopcloud.tech/tagcmp v0.0.0-20211103052201-885b22f77d52
 	git.coopcloud.tech/coop-cloud/godotenv v1.5.2-0.20231130100509-01bff8284355
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/Autonomic-Cooperative/godotenv v1.3.1-0.20210731094149-b031ea1211e7
 	github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4
 	github.com/docker/cli v24.0.7+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
@ -16,7 +16,7 @@ require (
 	github.com/moby/term v0.5.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/pkg/errors v0.9.1
-	github.com/schollz/progressbar/v3 v3.14.1
+	github.com/schollz/progressbar/v3 v3.14.0
 	github.com/sirupsen/logrus v1.9.3
 	gotest.tools/v3 v3.5.1
 )
@ -56,7 +56,7 @@ require (
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.14.2 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
@ -71,7 +71,7 @@ require (
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
@ -82,7 +82,7 @@ require (
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/term v0.14.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
 	golang.org/x/tools v0.13.0 // indirect
@ -104,7 +104,7 @@ require (
 	github.com/fvbommel/sortorder v1.0.2 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5
+	github.com/hashicorp/go-retryablehttp v0.7.4
 	github.com/klauspost/pgzip v1.2.6
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -51,12 +51,12 @@ coopcloud.tech/tagcmp v0.0.0-20211103052201-885b22f77d52/go.mod h1:ESVm0wQKcbcFi
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 git.coopcloud.tech/coop-cloud/godotenv v1.5.2-0.20231130100509-01bff8284355 h1:tCv2B4qoN6RMheKDnCzIafOkWS5BB1h7hwhmo+9bVeE=
 git.coopcloud.tech/coop-cloud/godotenv v1.5.2-0.20231130100509-01bff8284355/go.mod h1:Q8V1zbtPAlzYSr/Dvky3wS6x58IQAl3rot2me1oSO2Q=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
 github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
 github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
 github.com/Autonomic-Cooperative/godotenv v1.3.1-0.20210731094149-b031ea1211e7 h1:asQtdXYbxEYWcwAQqJTVYC/RltB4eqoWKvqWg/LFPOg=
 github.com/Autonomic-Cooperative/godotenv v1.3.1-0.20210731094149-b031ea1211e7/go.mod h1:oZRCMMRS318l07ei4DTqbZoOawfJlJ4yyo8juk2v4Rk=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
@ -590,8 +590,8 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
+github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
@ -705,8 +705,8 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
@ -885,9 +885,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
 github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@ -901,8 +900,8 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/schollz/progressbar/v3 v3.14.1 h1:VD+MJPCr4s3wdhTc7OEJ/Z3dAeBzJ7yKH/P4lC5yRTI=
+github.com/schollz/progressbar/v3 v3.13.1 h1:o8rySDYiQ59Mwzy2FELeHY5ZARXZTVJC7iHD6PEFUiE=
-github.com/schollz/progressbar/v3 v3.14.1/go.mod h1:Zc9xXneTzWXF81TGoqL71u0sBPjULtEHYtj/WVgVy8E=
+github.com/schollz/progressbar/v3 v3.13.1/go.mod h1:xvrbki8kfT1fzWzBT/UZd9L6GA+jdL7HAgq2RFnO6fQ=
 github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
@ -1311,20 +1310,21 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/pkg/autocomplete/autocomplete.go
+++ b/pkg/autocomplete/autocomplete.go
@ -25,16 +25,6 @@ func AppNameComplete(c *cli.Context) {
 	}
 }
 func ServiceNameComplete(appName string) {
 	serviceNames, err := config.GetAppServiceNames(appName)
 	if err != nil {
 		return
 	}
 	for _, s := range serviceNames {
 		fmt.Println(s)
 	}
 }
 // RecipeNameComplete completes recipe names.
 func RecipeNameComplete(c *cli.Context) {
 	catl, err := recipe.ReadRecipeCatalogue(false)
--- a/pkg/compose/compose.go
+++ b/pkg/compose/compose.go
@ -29,7 +29,7 @@ func UpdateTag(pattern, image, tag, recipeName string) (bool, error) {
 		opts := stack.Deploy{Composefiles: []string{composeFile}}
 		envSamplePath := path.Join(config.RECIPES_DIR, recipeName, ".env.sample")
-		sampleEnv, err := config.ReadEnv(envSamplePath)
+		sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 		if err != nil {
 			return false, err
 		}
@ -97,7 +97,7 @@ func UpdateLabel(pattern, serviceName, label, recipeName string) error {
 		opts := stack.Deploy{Composefiles: []string{composeFile}}
 		envSamplePath := path.Join(config.RECIPES_DIR, recipeName, ".env.sample")
-		sampleEnv, err := config.ReadEnv(envSamplePath)
+		sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 		if err != nil {
 			return err
 		}
--- a/pkg/config/app.go
+++ b/pkg/config/app.go
@ -25,9 +25,6 @@ import (
 // AppEnv is a map of the values in an apps env config
 type AppEnv = map[string]string
 // AppModifiers is a map of modifiers in an apps env config
 type AppModifiers = map[string]map[string]string
 // AppName is AppName
 type AppName = string
@ -50,30 +47,23 @@ type App struct {
 	Path   string
 }
-// See documentation of config.StackName
+// StackName gets whatever the docker safe (uses the right delimiting
 // character, e.g. "_") stack name is for the app. In general, you don't want
 // to use this to show anything to end-users, you want use a.Name instead.
 func (a App) StackName() string {
 	if _, exists := a.Env["STACK_NAME"]; exists {
 		return a.Env["STACK_NAME"]
 	}
-	stackName := StackName(a.Name)
+	stackName := SanitiseAppName(a.Name)
 	a.Env["STACK_NAME"] = stackName
 	return stackName
 }
 // StackName gets whatever the docker safe (uses the right delimiting
 // character, e.g. "_") stack name is for the app. In general, you don't want
 // to use this to show anything to end-users, you want use a.Name instead.
 func StackName(appName string) string {
 	stackName := SanitiseAppName(appName)
 	if len(stackName) > 45 {
 		logrus.Debugf("trimming %s to %s to avoid runtime limits", stackName, stackName[:45])
 		stackName = stackName[:45]
 	}
 	a.Env["STACK_NAME"] = stackName
 	return stackName
 }
@ -160,7 +150,7 @@ func (a ByName) Less(i, j int) bool {
 }
 func ReadAppEnvFile(appFile AppFile, name AppName) (App, error) {
-	env, err := ReadEnv(appFile.Path)
+	env, err := ReadEnv(appFile.Path, ReadEnvOptions{})
 	if err != nil {
 		return App{}, fmt.Errorf("env file for %s couldn't be read: %s", name, err.Error())
 	}
--- a/pkg/config/env.go
+++ b/pkg/config/env.go
@ -12,7 +12,7 @@ import (
 	"sort"
 	"strings"
-	"git.coopcloud.tech/coop-cloud/godotenv"
+	"github.com/Autonomic-Cooperative/godotenv"
 	"github.com/sirupsen/logrus"
 )
@ -55,34 +55,45 @@ func GetServers() ([]string, error) {
 	return servers, nil
 }
 // ReadEnvOptions modifies the ReadEnv processing of env vars.
 type ReadEnvOptions struct {
 	IncludeModifiers bool
 }
 // ContainsEnvVarModifier determines if an env var contains a modifier.
 func ContainsEnvVarModifier(envVar string) bool {
 	for _, mod := range envVarModifiers {
 		if strings.Contains(envVar, fmt.Sprintf("%s=", mod)) {
 			return true
 		}
 	}
 	return false
 }
 // ReadEnv loads an app envivornment into a map.
-func ReadEnv(filePath string) (AppEnv, error) {
+func ReadEnv(filePath string, opts ReadEnvOptions) (AppEnv, error) {
 	var envVars AppEnv
-	envVars, _, err := godotenv.Read(filePath)
+	envVars, err := godotenv.Read(filePath)
 	if err != nil {
 		return nil, err
 	}
 	//	for idx, envVar := range envVars {
 	//		if strings.Contains(envVar, "#") {
 	//			if opts.IncludeModifiers && ContainsEnvVarModifier(envVar) {
 	//				continue
 	//			}
 	//			vals := strings.Split(envVar, "#")
 	//			envVars[idx] = strings.TrimSpace(vals[0])
 	//		}
 	//	}
 	logrus.Debugf("read %s from %s", envVars, filePath)
 	return envVars, nil
 }
 // ReadEnv loads an app envivornment and their modifiers in two different maps.
 func ReadEnvWithModifiers(filePath string) (AppEnv, AppModifiers, error) {
 	var envVars AppEnv
 	envVars, mods, err := godotenv.Read(filePath)
 	if err != nil {
 		return nil, mods, err
 	}
 	logrus.Debugf("read %s from %s", envVars, filePath)
 	return envVars, mods, nil
 }
 // ReadServerNames retrieves all server names.
 func ReadServerNames() ([]string, error) {
 	serverNames, err := GetAllFoldersInDirectory(SERVERS_DIR)
@ -216,7 +227,7 @@ func CheckEnv(app App) ([]EnvVar, error) {
 		return envVars, err
 	}
-	envSample, err := ReadEnv(envSamplePath)
+	envSample, err := ReadEnv(envSamplePath, ReadEnvOptions{})
 	if err != nil {
 		return envVars, err
 	}
--- a/pkg/config/env_test.go
+++ b/pkg/config/env_test.go
@ -13,21 +13,15 @@ import (
 	"coopcloud.tech/abra/pkg/recipe"
 )
-var (
+var TestFolder = os.ExpandEnv("$PWD/../../tests/resources/test_folder")
-	TestFolder    = os.ExpandEnv("$PWD/../../tests/resources/test_folder")
+var ValidAbraConf = os.ExpandEnv("$PWD/../../tests/resources/valid_abra_config")
 	ValidAbraConf = os.ExpandEnv("$PWD/../../tests/resources/valid_abra_config")
 )
 // make sure these are in alphabetical order
-var (
+var TFolders = []string{"folder1", "folder2"}
-	TFolders = []string{"folder1", "folder2"}
+var TFiles = []string{"bar.env", "foo.env"}
 	TFiles   = []string{"bar.env", "foo.env"}
 )
-var (
+var AppName = "ecloud"
-	AppName    = "ecloud"
+var ServerName = "evil.corp"
 	ServerName = "evil.corp"
 )
 var ExpectedAppEnv = config.AppEnv{
 	"DOMAIN": "ecloud.evil.corp",
@ -77,7 +71,7 @@ func TestGetAllFilesInDirectory(t *testing.T) {
 }
 func TestReadEnv(t *testing.T) {
-	env, err := config.ReadEnv(ExpectedAppFile.Path)
+	env, err := config.ReadEnv(ExpectedAppFile.Path, config.ReadEnvOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}
@ -155,7 +149,7 @@ func TestCheckEnv(t *testing.T) {
 	}
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath)
+	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}
@ -189,7 +183,7 @@ func TestCheckEnvError(t *testing.T) {
 	}
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath)
+	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}
@ -217,6 +211,16 @@ func TestCheckEnvError(t *testing.T) {
 	}
 }
 func TestContainsEnvVarModifier(t *testing.T) {
 	if ok := config.ContainsEnvVarModifier("FOO=bar # bing"); ok {
 		t.Fatal("FOO contains no env var modifier")
 	}
 	if ok := config.ContainsEnvVarModifier("FOO=bar # length=3"); !ok {
 		t.Fatal("FOO contains an env var modifier (length)")
 	}
 }
 func TestEnvVarCommentsRemoved(t *testing.T) {
 	offline := true
 	r, err := recipe.Get("abra-test-recipe", offline)
@ -225,7 +229,7 @@ func TestEnvVarCommentsRemoved(t *testing.T) {
 	}
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath)
+	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 	if err != nil {
 		t.Fatal(err)
 	}
@ -257,19 +261,12 @@ func TestEnvVarModifiersIncluded(t *testing.T) {
 	}
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, modifiers, err := config.ReadEnvWithModifiers(envSamplePath)
+	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{IncludeModifiers: true})
 	if err != nil {
 		t.Fatal(err)
 	}
-	if !strings.Contains(envSample["SECRET_TEST_PASS_TWO_VERSION"], "v1") {
+	if !strings.Contains(envSample["SECRET_TEST_PASS_TWO_VERSION"], "length") {
-		t.Errorf("value should be 'v1', got: '%s'", envSample["SECRET_TEST_PASS_TWO_VERSION"])
+		t.Fatal("comment from env var SECRET_TEST_PASS_TWO_VERSION should not be removed")
 	}
 	if modifiers == nil || modifiers["SECRET_TEST_PASS_TWO_VERSION"] == nil {
 		t.Errorf("no modifiers included")
 	} else {
 		if modifiers["SECRET_TEST_PASS_TWO_VERSION"]["length"] != "10" {
 			t.Errorf("length modifier should be '10', got: '%s'", modifiers["SECRET_TEST_PASS_TWO_VERSION"]["length"])
 		}
 	}
 }
--- a/pkg/container/container.go
+++ b/pkg/container/container.go
@ -68,15 +68,3 @@ func GetContainer(c context.Context, cl *client.Client, filters filters.Args, no
 	return containers[0], nil
 }
 // GetContainerFromStackAndService retrieves the container for the given stack and service.
 func GetContainerFromStackAndService(cl *client.Client, stack, service string) (types.Container, error) {
 	filters := filters.NewArgs()
 	filters.Add("name", fmt.Sprintf("^%s_%s", stack, service))
 	container, err := GetContainer(context.Background(), cl, filters, true)
 	if err != nil {
 		return types.Container{}, err
 	}
 	return container, nil
 }
--- a/pkg/lint/recipe.go
+++ b/pkg/lint/recipe.go
@ -227,7 +227,7 @@ func LintAppService(recipe recipe.Recipe) (bool, error) {
 // therefore no matching traefik deploy label will be present.
 func LintTraefikEnabledSkipCondition(recipe recipe.Recipe) (bool, error) {
 	envSamplePath := path.Join(config.RECIPES_DIR, recipe.Name, ".env.sample")
-	sampleEnv, err := config.ReadEnv(envSamplePath)
+	sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 	if err != nil {
 		return false, fmt.Errorf("Unable to discover .env.sample for %s", recipe.Name)
 	}
--- a/pkg/recipe/recipe.go
+++ b/pkg/recipe/recipe.go
@ -227,7 +227,7 @@ func Get(recipeName string, offline bool) (Recipe, error) {
 	}
 	envSamplePath := path.Join(config.RECIPES_DIR, recipeName, ".env.sample")
-	sampleEnv, err := config.ReadEnv(envSamplePath)
+	sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
 	if err != nil {
 		return Recipe{}, err
 	}
@ -255,9 +255,9 @@ func Get(recipeName string, offline bool) (Recipe, error) {
 	}, nil
 }
-func (r Recipe) SampleEnv() (map[string]string, error) {
+func (r Recipe) SampleEnv(opts config.ReadEnvOptions) (map[string]string, error) {
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	sampleEnv, err := config.ReadEnv(envSamplePath)
+	sampleEnv, err := config.ReadEnv(envSamplePath, opts)
 	if err != nil {
 		return sampleEnv, fmt.Errorf("unable to discover .env.sample for %s", r.Name)
 	}
--- a/pkg/secret/secret.go
+++ b/pkg/secret/secret.go
@ -21,24 +21,11 @@ import (
 	"github.com/sirupsen/logrus"
 )
-// Secret represents a secret.
+// secretValue represents a parsed `SECRET_FOO=v1 # length=bar` env var config
-type Secret struct {
+// secret definition.
-	// Version comes from the secret version environment variable.
+type secretValue struct {
 	// For example:
 	//  SECRET_FOO=v1
 	Version string
-	// Length comes from the length modifier at the secret version environment
+	Length  int
 	// variable. For Example:
 	//   SECRET_FOO=v1 # length=12
 	Length int
 	// RemoteName is the name of the secret on the server. For example:
 	//   name: ${STACK_NAME}_test_pass_two_${SECRET_TEST_PASS_TWO_VERSION}
 	// With the following:
 	//   STACK_NAME=test_example_com
 	//   SECRET_TEST_PASS_TWO_VERSION=v2
 	// Will have this remote name:
 	//   test_example_com_test_pass_two_v2
 	RemoteName string
 }
 // GeneratePasswords generates passwords.
@ -48,6 +35,7 @@ func GeneratePasswords(count, length uint) ([]string, error) {
 		length,
 		passgen.AlphabetDefault,
 	)
 	if err != nil {
 		return nil, err
 	}
@ -66,6 +54,7 @@ func GeneratePassphrases(count uint) ([]string, error) {
 		passgen.PassphraseCasingDefault,
 		passgen.WordListDefault,
 	)
 	if err != nil {
 		return nil, err
 	}
@ -80,23 +69,18 @@ func GeneratePassphrases(count uint) ([]string, error) {
 // and some times you don't (as the caller). We need to be able to handle the
 // "app new" case where we pass in the .env.sample and the "secret generate"
 // case where the app is created.
-func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName string) (map[string]Secret, error) {
+func ReadSecretsConfig(appEnvPath string, composeFiles []string, recipeName string) (map[string]string, error) {
-	appEnv, appModifiers, err := config.ReadEnvWithModifiers(appEnvPath)
+	secretConfigs := make(map[string]string)
 	appEnv, err := config.ReadEnv(appEnvPath, config.ReadEnvOptions{IncludeModifiers: true})
 	if err != nil {
-		return nil, err
+		return secretConfigs, err
 	}
 	// Set the STACK_NAME to be able to generate the remote name correctly.
 	appEnv["STACK_NAME"] = stackName
 	opts := stack.Deploy{Composefiles: composeFiles}
 	config, err := loader.LoadComposefile(opts, appEnv)
 	if err != nil {
-		return nil, err
+		return secretConfigs, err
 	}
 	// Read the compose files without injecting environment variables.
 	configWithoutEnv, err := loader.LoadComposefile(opts, map[string]string{}, loader.SkipInterpolation)
 	if err != nil {
 		return nil, err
 	}
 	var enabledSecrets []string
@ -108,13 +92,12 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
 	if len(enabledSecrets) == 0 {
 		logrus.Debugf("not generating app secrets, none enabled in recipe config")
-		return nil, nil
+		return secretConfigs, nil
 	}
 	secretValues := map[string]Secret{}
 	for secretId, secretConfig := range config.Secrets {
 		if string(secretConfig.Name[len(secretConfig.Name)-1]) == "_" {
-			return nil, fmt.Errorf("missing version for secret? (%s)", secretId)
+			return secretConfigs, fmt.Errorf("missing version for secret? (%s)", secretId)
 		}
 		if !(slices.Contains(enabledSecrets, secretId)) {
@ -124,58 +107,68 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
 		lastIdx := strings.LastIndex(secretConfig.Name, "_")
 		secretVersion := secretConfig.Name[lastIdx+1:]
-		value := Secret{Version: secretVersion, RemoteName: secretConfig.Name}
+		secretConfigs[secretId] = secretVersion
 		// Check if the length modifier is set for this secret.
 		for envName, modifierValues := range appModifiers {
 			// configWithoutEnv contains the raw name as defined in the compose.yaml
 			// The name will look something like this:
 			//   name: ${STACK_NAME}_test_pass_two_${SECRET_TEST_PASS_TWO_VERSION}
 			// To check if the current modifier is for the current secret we check
 			// if the raw name contains the env name (e.g. SECRET_TEST_PASS_TWO_VERSION).
 			if !strings.Contains(configWithoutEnv.Secrets[secretId].Name, envName) {
 				continue
 			}
 			lengthRaw, ok := modifierValues["length"]
 			if ok {
 				length, err := strconv.Atoi(lengthRaw)
 				if err != nil {
 					return nil, err
 				}
 				value.Length = length
 			}
 			break
 		}
 		secretValues[secretId] = value
 	}
-	return secretValues, nil
+	return secretConfigs, nil
 }
 func ParseSecretValue(secret string) (secretValue, error) {
 	values := strings.Split(secret, "#")
 	if len(values) == 0 {
 		return secretValue{}, fmt.Errorf("unable to parse %s", secret)
 	}
 	if len(values) == 1 {
 		return secretValue{Version: values[0], Length: 0}, nil
 	}
 	split := strings.Split(values[1], "=")
 	parsed := split[len(split)-1]
 	stripped := strings.ReplaceAll(parsed, " ", "")
 	length, err := strconv.Atoi(stripped)
 	if err != nil {
 		return secretValue{}, err
 	}
 	version := strings.ReplaceAll(values[0], " ", "")
 	logrus.Debugf("parsed version %s and length '%v' from %s", version, length, secret)
 	return secretValue{Version: version, Length: length}, nil
 }
 // GenerateSecrets generates secrets locally and sends them to a remote server for storage.
-func GenerateSecrets(cl *dockerClient.Client, secrets map[string]Secret, server string) (map[string]string, error) {
+func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]string, appName, server string) (map[string]string, error) {
-	secretsGenerated := map[string]string{}
+	secrets := make(map[string]string)
 	var mutex sync.Mutex
 	var wg sync.WaitGroup
-	ch := make(chan error, len(secrets))
+	ch := make(chan error, len(secretsFromConfig))
-	for n, v := range secrets {
+	for n, v := range secretsFromConfig {
 		wg.Add(1)
-		go func(secretName string, secret Secret) {
+		go func(secretName, secretValue string) {
 			defer wg.Done()
-			logrus.Debugf("attempting to generate and store %s on %s", secret.RemoteName, server)
+			parsedSecretValue, err := ParseSecretValue(secretValue)
 			if err != nil {
 				ch <- err
 				return
 			}
-			if secret.Length > 0 {
+			secretRemoteName := fmt.Sprintf("%s_%s_%s", appName, secretName, parsedSecretValue.Version)
-				passwords, err := GeneratePasswords(1, uint(secret.Length))
+			logrus.Debugf("attempting to generate and store %s on %s", secretRemoteName, server)
 			if parsedSecretValue.Length > 0 {
 				passwords, err := GeneratePasswords(1, uint(parsedSecretValue.Length))
 				if err != nil {
 					ch <- err
 					return
 				}
-				if err := client.StoreSecret(cl, secret.RemoteName, passwords[0], server); err != nil {
+				if err := client.StoreSecret(cl, secretRemoteName, passwords[0], server); err != nil {
 					if strings.Contains(err.Error(), "AlreadyExists") {
-						logrus.Warnf("%s already exists, moving on...", secret.RemoteName)
+						logrus.Warnf("%s already exists, moving on...", secretRemoteName)
 						ch <- nil
 					} else {
 						ch <- err
@ -185,7 +178,7 @@ func GenerateSecrets(cl *dockerClient.Client, secrets map[string]Secret, server
 				mutex.Lock()
 				defer mutex.Unlock()
-				secretsGenerated[secretName] = passwords[0]
+				secrets[secretName] = passwords[0]
 			} else {
 				passphrases, err := GeneratePassphrases(1)
 				if err != nil {
@ -193,9 +186,9 @@ func GenerateSecrets(cl *dockerClient.Client, secrets map[string]Secret, server
 					return
 				}
-				if err := client.StoreSecret(cl, secret.RemoteName, passphrases[0], server); err != nil {
+				if err := client.StoreSecret(cl, secretRemoteName, passphrases[0], server); err != nil {
 					if strings.Contains(err.Error(), "AlreadyExists") {
-						logrus.Warnf("%s already exists, moving on...", secret.RemoteName)
+						logrus.Warnf("%s already exists, moving on...", secretRemoteName)
 						ch <- nil
 					} else {
 						ch <- err
@ -205,7 +198,7 @@ func GenerateSecrets(cl *dockerClient.Client, secrets map[string]Secret, server
 				mutex.Lock()
 				defer mutex.Unlock()
-				secretsGenerated[secretName] = passphrases[0]
+				secrets[secretName] = passphrases[0]
 			}
 			ch <- nil
 		}(n, v)
@ -213,16 +206,16 @@ func GenerateSecrets(cl *dockerClient.Client, secrets map[string]Secret, server
 	wg.Wait()
-	for range secrets {
+	for range secretsFromConfig {
 		err := <-ch
 		if err != nil {
 			return nil, err
 		}
 	}
-	logrus.Debugf("generated and stored %v on %s", secrets, server)
+	logrus.Debugf("generated and stored %s on %s", secrets, server)
-	return secretsGenerated, nil
+	return secrets, nil
 }
 type secretStatus struct {
@ -244,7 +237,7 @@ func PollSecretsStatus(cl *dockerClient.Client, app config.App) (secretStatuses,
 		return secStats, err
 	}
-	secretsConfig, err := ReadSecretsConfig(app.Path, composeFiles, app.StackName())
+	secretsConfig, err := ReadSecretsConfig(app.Path, composeFiles, app.Recipe)
 	if err != nil {
 		return secStats, err
 	}
@ -264,9 +257,14 @@ func PollSecretsStatus(cl *dockerClient.Client, app config.App) (secretStatuses,
 		remoteSecretNames[cont.Spec.Annotations.Name] = true
 	}
-	for secretName, val := range secretsConfig {
+	for secretName, secretValue := range secretsConfig {
 		createdRemote := false
 		val, err := ParseSecretValue(secretValue)
 		if err != nil {
 			return secStats, err
 		}
 		secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, val.Version)
 		if _, ok := remoteSecretNames[secretRemoteName]; ok {
 			createdRemote = true
--- a/pkg/secret/secret_test.go
+++ b/pkg/secret/secret_test.go
@ -1,30 +1,42 @@
 package secret
 import (
 	"path"
 	"testing"
 	"coopcloud.tech/abra/pkg/config"
 	"coopcloud.tech/abra/pkg/recipe"
 	"coopcloud.tech/abra/pkg/upstream/stack"
 	loader "coopcloud.tech/abra/pkg/upstream/stack"
 	"github.com/stretchr/testify/assert"
 )
 func TestReadSecretsConfig(t *testing.T) {
-	composeFiles := []string{"./testdir/compose.yaml"}
+	offline := true
-	secretsFromConfig, err := ReadSecretsConfig("./testdir/.env.sample", composeFiles, "test_example_com")
+	recipe, err := recipe.Get("matrix-synapse", offline)
 	if err != nil {
 		t.Fatal(err)
 	}
-	// Simple secret
+	sampleEnv, err := recipe.SampleEnv(config.ReadEnvOptions{})
-	assert.Equal(t, "test_example_com_test_pass_one_v2", secretsFromConfig["test_pass_one"].RemoteName)
+	if err != nil {
-	assert.Equal(t, "v2", secretsFromConfig["test_pass_one"].Version)
+		t.Fatal(err)
-	assert.Equal(t, 0, secretsFromConfig["test_pass_one"].Length)
+	}
-	// Has a length modifier
+	composeFiles := []string{path.Join(config.RECIPES_DIR, recipe.Name, "compose.yml")}
-	assert.Equal(t, "test_example_com_test_pass_two_v1", secretsFromConfig["test_pass_two"].RemoteName)
+	envSamplePath := path.Join(config.RECIPES_DIR, recipe.Name, ".env.sample")
-	assert.Equal(t, "v1", secretsFromConfig["test_pass_two"].Version)
+	secretsFromConfig, err := ReadSecretsConfig(envSamplePath, composeFiles, recipe.Name)
-	assert.Equal(t, 10, secretsFromConfig["test_pass_two"].Length)
+	if err != nil {
 		t.Fatal(err)
 	}
-	// Secret name does not include the secret id
+	opts := stack.Deploy{Composefiles: composeFiles}
-	assert.Equal(t, "test_example_com_pass_three_v2", secretsFromConfig["test_pass_three"].RemoteName)
+	config, err := loader.LoadComposefile(opts, sampleEnv)
-	assert.Equal(t, "v2", secretsFromConfig["test_pass_three"].Version)
+	if err != nil {
-	assert.Equal(t, 0, secretsFromConfig["test_pass_three"].Length)
+		t.Fatal(err)
 	}
 	for secretId := range config.Secrets {
 		assert.Contains(t, secretsFromConfig, secretId)
 	}
 }
--- a/pkg/secret/testdir/.env.sample
+++ b/pkg/secret/testdir/.env.sample
@ -1,3 +0,0 @@
 SECRET_TEST_PASS_ONE_VERSION=v2
 SECRET_TEST_PASS_TWO_VERSION=v1 # length=10
 SECRET_TEST_PASS_THREE_VERSION=v2
--- a/pkg/secret/testdir/compose.yaml
+++ b/pkg/secret/testdir/compose.yaml
@ -1,21 +0,0 @@
 ---
 version: "3.8"
 services:
  app:
    image: nginx:1.21.0
    secrets:
      - test_pass_one
      - test_pass_two
      - test_pass_three
 secrets:
  test_pass_one:
    external: true
    name: ${STACK_NAME}_test_pass_one_${SECRET_TEST_PASS_ONE_VERSION}  # should be removed
  test_pass_two:
    external: true
    name: ${STACK_NAME}_test_pass_two_${SECRET_TEST_PASS_TWO_VERSION}
  test_pass_three:
    external: true
    name: ${STACK_NAME}_pass_three_${SECRET_TEST_PASS_THREE_VERSION} # secretId and name don't match
--- a/pkg/upstream/commandconn/connection.go
+++ b/pkg/upstream/commandconn/connection.go
@ -18,7 +18,7 @@ import (
 //
 // ssh://<user>@<host> URL requires Docker 18.09 or later on the remote host.
 func GetConnectionHelper(daemonURL string) (*connhelper.ConnectionHelper, error) {
-	return getConnectionHelper(daemonURL, []string{"-o ConnectTimeout=60"})
+	return getConnectionHelper(daemonURL, []string{"-o ConnectTimeout=5"})
 }
 func getConnectionHelper(daemonURL string, sshFlags []string) (*connhelper.ConnectionHelper, error) {
--- a/pkg/upstream/stack/loader.go
+++ b/pkg/upstream/stack/loader.go
@ -18,24 +18,15 @@ func DontSkipValidation(opts *loader.Options) {
 	opts.SkipValidation = false
 }
 // SkipInterpolation skip interpolating environment variables.
 func SkipInterpolation(opts *loader.Options) {
 	opts.SkipInterpolation = true
 }
 // LoadComposefile parse the composefile specified in the cli and returns its Config and version.
-func LoadComposefile(opts Deploy, appEnv map[string]string, options ...func(*loader.Options)) (*composetypes.Config, error) {
+func LoadComposefile(opts Deploy, appEnv map[string]string) (*composetypes.Config, error) {
 	configDetails, err := getConfigDetails(opts.Composefiles, appEnv)
 	if err != nil {
 		return nil, err
 	}
 	if options == nil {
 		options = []func(*loader.Options){DontSkipValidation}
 	}
 	dicts := getDictsFrom(configDetails.ConfigFiles)
-	config, err := loader.Load(configDetails, options...)
+	config, err := loader.Load(configDetails, DontSkipValidation)
 	if err != nil {
 		if fpe, ok := err.(*loader.ForbiddenPropertiesError); ok {
 			return nil, fmt.Errorf("compose file contains unsupported options: %s",
--- a/scripts/docker/build.sh
+++ b/scripts/docker/build.sh
@ -1,11 +0,0 @@
 #!/bin/bash
 if [ ! -f .envrc ]; then
    . .envrc.sample
 else
    . .envrc
 fi
 git config --global --add safe.directory /abra  # work around funky file permissions
 make build
--- a/tests/integration/app_cmd.bats
+++ b/tests/integration/app_cmd.bats
@ -25,24 +25,6 @@ teardown(){
  fi
 }
 # bats test_tags=slow
@test "autocomplete" {
  run $ABRA app cmd --generate-bash-completion
  assert_success
  assert_output "$TEST_APP_DOMAIN"
  run $ABRA app cmd "$TEST_APP_DOMAIN" --generate-bash-completion
  assert_success
  assert_output "app"
  run $ABRA app cmd "$TEST_APP_DOMAIN" app --generate-bash-completion
  assert_success
  assert_output "test_cmd
 test_cmd_arg
 test_cmd_args
 test_cmd_export"
 }
@test "validate app argument" {
  run $ABRA app cmd
  assert_failure
--- a/tests/integration/app_cp.bats
+++ b/tests/integration/app_cp.bats
@ -5,11 +5,9 @@ setup_file(){
  _common_setup
  _add_server
  _new_app
  _deploy_app
 }
 teardown_file(){
  _undeploy_app
  _rm_app
  _rm_server
 }
@ -19,29 +17,11 @@ setup(){
  _common_setup
 }
-_mkfile() {
+teardown(){
-  run bash -c "echo $2 > $1"
+  # https://github.com/bats-core/bats-core/issues/383#issuecomment-738628888
-  assert_success
+  if [[ -z "${BATS_TEST_COMPLETED}" ]]; then
-}
+    _undeploy_app
-
+  fi
 _mkfile_remote() {
  run $ABRA app run "$TEST_APP_DOMAIN" app "bash -c \"echo $2 > $1\""
  assert_success
 }
 _mkdir() {
  run bash -c "mkdir -p $1"
  assert_success
 }
 _rm() {
  run rm -rf "$1"
  assert_success
 }
 _rm_remote() {
  run "$ABRA" app run "$TEST_APP_DOMAIN" app rm -rf "$1"
  assert_success
 }
@test "validate app argument" {
@ -74,120 +54,68 @@ _rm_remote() {
  assert_output --partial 'arguments must take $SERVICE:$PATH form'
 }
-@test "error if local file missing" {
+@test "detect 'coming FROM' syntax" {
-  run $ABRA app cp "$TEST_APP_DOMAIN" thisfileshouldnotexist.txt app:/somewhere
+  run $ABRA app cp "$TEST_APP_DOMAIN" app:/myfile.txt . --debug
  assert_failure
-  assert_output --partial 'local stat thisfileshouldnotexist.txt: no such file or directory'
+  assert_output --partial 'coming FROM the container'
 }
@test "detect 'going TO' syntax" {
  run $ABRA app cp "$TEST_APP_DOMAIN" myfile.txt app:/somewhere --debug
  assert_failure
  assert_output --partial 'going TO the container'
 }
@test "error if local file missing" {
  run $ABRA app cp "$TEST_APP_DOMAIN" myfile.txt app:/somewhere
  assert_failure
  assert_output --partial 'myfile.txt does not exist locally?'
 }
 # bats test_tags=slow
@test "error if service doesn't exist" {
-  _mkfile "$BATS_TMPDIR/myfile.txt" "foo"
+  _deploy_app
-  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" doesnt_exist:/ --debug
+  run bash -c "echo foo >> $BATS_TMPDIR/myfile.txt"
  assert_success
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" doesnt_exist:/
  assert_failure
  assert_output --partial 'no containers matching'
-  _rm "$BATS_TMPDIR/myfile.txt"
+  run rm -rf "$BATS_TMPDIR/myfile.txt"
  assert_success
  _undeploy_app
 }
 # bats test_tags=slow
-@test "copy local file to container directory" {
+@test "copy to container" {
-  _mkfile "$BATS_TMPDIR/myfile.txt" "foo"
+  _deploy_app
  run bash -c "echo foo >> $BATS_TMPDIR/myfile.txt"
  assert_success
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" app:/etc
  assert_success
-  run $ABRA app run "$TEST_APP_DOMAIN" app cat /etc/myfile.txt
+  run rm -rf "$BATS_TMPDIR/myfile.txt"
  assert_success
  assert_output --partial "foo"
-  _rm "$BATS_TMPDIR/myfile.txt"
+  _undeploy_app
  _rm_remote "/etc/myfile.txt"
 }
 # bats test_tags=slow
-@test "copy local file to container file (and override on remote)" {
+@test "copy from container" {
-  _mkfile "$BATS_TMPDIR/myfile.txt" "foo"
+  _deploy_app
-  # create
+  run bash -c "echo foo >> $BATS_TMPDIR/myfile.txt"
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" app:/etc/myfile.txt
  assert_success
-  run $ABRA app run "$TEST_APP_DOMAIN" app cat /etc/myfile.txt
+  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" app:/etc
  assert_success
  assert_output --partial "foo"
  _mkfile "$BATS_TMPDIR/myfile.txt" "bar"
  # override
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" app:/etc/myfile.txt
  assert_success
-  run $ABRA app run "$TEST_APP_DOMAIN" app cat /etc/myfile.txt
+  run rm -rf "$BATS_TMPDIR/myfile.txt"
  assert_success
  assert_output --partial "bar"
  _rm "$BATS_TMPDIR/myfile.txt"
  _rm_remote "/etc/myfile.txt"
 }
 # bats test_tags=slow
@test "copy local file to container file (and rename)" {
  _mkfile "$BATS_TMPDIR/myfile.txt" "foo"
  # rename
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/myfile.txt" app:/etc/myfile2.txt
  assert_success
  run $ABRA app run "$TEST_APP_DOMAIN" app cat /etc/myfile2.txt
  assert_success
  assert_output --partial "foo"
  _rm "$BATS_TMPDIR/myfile.txt"
  _rm_remote "/etc/myfile2.txt"
 }
 # bats test_tags=slow
@test "copy local directory to container directory (and creates missing directory)" {
  _mkdir "$BATS_TMPDIR/mydir"
  _mkfile "$BATS_TMPDIR/mydir/myfile.txt" "foo"
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/mydir" app:/etc
  assert_success
  run $ABRA app run "$TEST_APP_DOMAIN" app ls /etc/mydir
  assert_success
  assert_output --partial "myfile.txt"
  _rm "$BATS_TMPDIR/mydir"
  _rm_remote "/etc/mydir"
 }
 # bats test_tags=slow
@test "copy local files to container directory" {
  _mkdir "$BATS_TMPDIR/mydir"
  _mkfile "$BATS_TMPDIR/mydir/myfile.txt" "foo"
  _mkfile "$BATS_TMPDIR/mydir/myfile2.txt" "foo"
  run $ABRA app cp "$TEST_APP_DOMAIN" "$BATS_TMPDIR/mydir/" app:/etc
  assert_success
  run $ABRA app run "$TEST_APP_DOMAIN" app ls /etc/myfile.txt
  assert_success
  assert_output --partial "myfile.txt"
  run $ABRA app run "$TEST_APP_DOMAIN" app ls /etc/myfile2.txt
  assert_success
  assert_output --partial "myfile2.txt"
  _rm "$BATS_TMPDIR/mydir"
  _rm_remote "/etc/myfile*"
 }
 # bats test_tags=slow
@test "copy container file to local directory" {
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo foo > /etc/myfile.txt"
  assert_success
  run $ABRA app cp "$TEST_APP_DOMAIN" app:/etc/myfile.txt "$BATS_TMPDIR"
@ -195,76 +123,8 @@ _rm_remote() {
  assert_exists "$BATS_TMPDIR/myfile.txt"
  assert bash -c "cat $BATS_TMPDIR/myfile.txt | grep -q foo"
-  _rm "$BATS_TMPDIR/myfile.txt"
+  run rm -rf "$BATS_TMPDIR/myfile.txt"
-  _rm_remote "/etc/myfile.txt"
+  assert_success
-}
+
-
+  _undeploy_app
 # bats test_tags=slow
@test "copy container file to local file" {
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo foo > /etc/myfile.txt"
  assert_success
  run $ABRA app cp "$TEST_APP_DOMAIN" app:/etc/myfile.txt "$BATS_TMPDIR/myfile.txt"
  assert_success
  assert_exists "$BATS_TMPDIR/myfile.txt"
  assert bash -c "cat $BATS_TMPDIR/myfile.txt | grep -q foo"
  _rm "$BATS_TMPDIR/myfile.txt"
  _rm_remote "/etc/myfile.txt"
 }
 # bats test_tags=slow
@test "copy container file to local file and rename" {
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo foo > /etc/myfile.txt"
  assert_success
  run $ABRA app cp "$TEST_APP_DOMAIN" app:/etc/myfile.txt "$BATS_TMPDIR/myfile2.txt"
  assert_success
  assert_exists "$BATS_TMPDIR/myfile2.txt"
  assert bash -c "cat $BATS_TMPDIR/myfile2.txt | grep -q foo"
  _rm "$BATS_TMPDIR/myfile2.txt"
  _rm_remote "/etc/myfile.txt"
 }
 # bats test_tags=slow
@test "copy container directory to local directory" {
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo foo > /etc/myfile.txt"
  assert_success
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo bar > /etc/myfile2.txt"
  assert_success
  mkdir "$BATS_TMPDIR/mydir"
  run $ABRA app cp "$TEST_APP_DOMAIN" app:/etc "$BATS_TMPDIR/mydir"
  assert_success
  assert_exists "$BATS_TMPDIR/mydir/etc/myfile.txt"
  assert_success
  assert_exists "$BATS_TMPDIR/mydir/etc/myfile2.txt"
  _rm "$BATS_TMPDIR/mydir"
  _rm_remote "/etc/myfile.txt"
  _rm_remote "/etc/myfile2.txt"
 }
 # bats test_tags=slow
@test "copy container files to local directory" {
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo foo > /etc/myfile.txt"
  assert_success
  run $ABRA app run "$TEST_APP_DOMAIN" app bash -c "echo bar > /etc/myfile2.txt"
  assert_success
  mkdir "$BATS_TMPDIR/mydir"
  run $ABRA app cp "$TEST_APP_DOMAIN" app:/etc/ "$BATS_TMPDIR/mydir"
  assert_success
  assert_exists "$BATS_TMPDIR/mydir/myfile.txt"
  assert_success
  assert_exists "$BATS_TMPDIR/mydir/myfile2.txt"
  _rm "$BATS_TMPDIR/mydir"
  _rm_remote "/etc/myfile.txt"
  _rm_remote "/etc/myfile2.txt"
 }
--- a/tests/integration/helpers/common.bash
+++ b/tests/integration/helpers/common.bash
@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 _common_setup() {
-  bats_load_library bats-support
+  load '/usr/lib/bats/bats-support/load'
-  bats_load_library bats-assert
+  load '/usr/lib/bats/bats-assert/load'
-  bats_load_library bats-file
+  load '/usr/lib/bats/bats-file/load'
  load "$PWD/tests/integration/helpers/app"
  load "$PWD/tests/integration/helpers/git"
--- a/tests/integration/helpers/server.bash
+++ b/tests/integration/helpers/server.bash
@ -1,11 +1,7 @@
 #!/usr/bin/env bash
 _add_server() {
-  if [[ "$TEST_SERVER" == "default" ]]; then
+  run $ABRA server add "$TEST_SERVER"
      run $ABRA server add -l
  else
      run $ABRA server add "$TEST_SERVER"
  fi
  assert_success
  assert_exists "$ABRA_DIR/servers/$TEST_SERVER"
 }
Author	SHA1	Message	Date
Cassowary	20a7cffb71	Fix errors in build-docker-inside.sh Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2023-11-09 11:14:41 -08:00
Cassowary	1d098eed0e	Preliminary makefile support for building inside docker Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2023-11-09 10:49:15 -08:00