ixpantia
diff --git a/‎Cargo.lock‎
Lines changed: 1795 additions & 186 deletions b/‎Cargo.lock‎
Lines changed: 1795 additions & 186 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 6 additions & 3 deletions b/‎Cargo.toml‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎GCP.md‎
Lines changed: 66 additions & 0 deletions b/‎GCP.md‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 29 additions & 3 deletions b/‎README.md‎
Lines changed: 29 additions & 3 deletions
diff --git a/‎deb/DEBIAN/control‎
Lines changed: 1 addition & 1 deletion b/‎deb/DEBIAN/control‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎example/.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎justfile‎
Lines changed: 1 addition & 1 deletion b/‎justfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎rpm/dispenser.spec‎
Lines changed: 1 addition & 1 deletion b/‎rpm/dispenser.spec‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/cli.rs‎
Lines changed: 24 additions & 1 deletion b/‎src/cli.rs‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎src/config.rs‎
Lines changed: 14 additions & 17 deletions b/‎src/config.rs‎
Lines changed: 14 additions & 17 deletions
@@ -1,6 +1,6 @@
 [package]
 name = "dispenser"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 license = "MIT"
 
@@ -10,13 +10,16 @@ chrono = "0.4.42"
 clap = { version = "4.5.18", features = ["derive"] }
 cron = { version = "0.15.0", features = ["serde"] }
 env_logger = "0.11.5"
+futures-util = "0.3.31"
+google-cloud-secretmanager-v1 = "1.2.0"
 log = "0.4.22"
 minijinja = { version = "2.12.0", features = ["custom_syntax"] }
-rayon = "1.11.0"
+nix = { version = "0.29.0", features = ["signal"] }
 sd-notify = "0.4.2"
 serde = { version = "1.0.210", features = ["derive"] }
 serde_json = "1.0.128"
-signal-hook = "0.3.17"
+signal-hook = "0.3.18"
 thiserror = "2.0.17"
+tokio = { version = "1.48.0", features = ["full"] }
 toml = "0.8.19"
 urlencoding = "2.1.3"
@@ -0,0 +1,66 @@
+# Using Google Secret Manager
+
+Dispenser allows you to securely retrieve sensitive values, such as API keys or passwords, directly from Google Cloud Secret Manager. These secrets are accessed at runtime and injected into your configuration variables.
+
+## Prerequisites
+
+To use this feature, the environment where Dispenser is running (e.g., a Google Compute Engine VM) must be authenticated with Google Cloud and have permission to access the secrets.
+
+1.  **Service Account**: Ensure the Virtual Machine (VM) is running with a Service Account that has the **Secret Manager Secret Accessor** role (`roles/secretmanager.secretAccessor`).
+2.  **Authentication**: If running outside of GCP, you may need to set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable pointing to a service account key file.
+
+## Configuration
+
+You can define secrets in your `dispenser.vars` file. Instead of a plain string value, use a table to specify the secret source and details.
+
+### Syntax
+
+```toml
+variable_name = { source = "google", name = "projects/PROJECT_ID/secrets/SECRET_NAME" }
+```
+
+-   `source`: Must be set to `"google"`.
+-   `name`: The full resource name of the secret. This typically follows the format `projects/<PROJECT_ID>/secrets/<SECRET_NAME>`.
+-   `version` (Optional): The version of the secret to retrieve. Defaults to `"latest"` if not specified.
+
+## Example
+
+Suppose you have a secret stored in Google Secret Manager that contains an OAuth Client ID.
+
+**1. Define the secret in `dispenser.vars`:**
+
+```toml
+# dispenser.vars
+
+# Regular variable
+docker_registry = "docker.io"
+
+# Secret variable from Google Secret Manager
+oauth_client_id = { source = "google", name = "projects/123456789012/secrets/MY_OAUTH_CLIENT_ID" }
+
+# Secret variable with a specific version
+db_password = { source = "google", name = "projects/123456789012/secrets/DB_PASSWORD", version = "2" }
+```
+
+**2. Use the variable in `dispenser.toml` or `docker-compose.yaml`:**
+
+Once defined, these variables can be used just like any other variable in Dispenser.
+
+In `dispenser.toml`:
+```toml
+[[instance]]
+path = "my-service"
+# ...
+```
+
+In your service's `docker-compose.yaml`:
+```yaml
+services:
+  app:
+    image: my-app:latest
+    environment:
+      - CLIENT_ID=${oauth_client_id}
+      - DB_PASS=${db_password}
+```
+
+When Dispenser runs, it will fetch the actual values from Google Secret Manager and make them available to your Docker Compose configuration.
@@ -27,9 +27,9 @@ Download the latest `.deb` or `.rpm` package from the [releases page](https://gi
 
 ```sh
 # Download the .deb package
-# wget https://github.com/ixpantia/dispenser/releases/download/v0.5.0/dispenser-0.5-0.x86_64.deb
+# wget https://github.com/ixpantia/dispenser/releases/download/v0.6.0/dispenser-0.6-0.x86_64.deb
 
-sudo apt install ./dispenser-0.5-0.x86_64.deb
+sudo apt install ./dispenser-0.6-0.x86_64.deb
 ```
 
 ### RHEL / CentOS / Fedora
@@ -38,7 +38,7 @@ sudo apt install ./dispenser-0.5-0.x86_64.deb
 # Download the .rpm package
 # wget ...
 
-sudo dnf install ./dispenser-0.5-0.x86_64.rpm
+sudo dnf install ./dispenser-0.6-0.x86_64.rpm
 ```
 
 The installation process will:
@@ -193,6 +193,8 @@ This is useful for reusing the same configuration in multiple deployments.
     app_version = "latest"
     ```
 
+    Dispenser also supports fetching secrets from Google Secret Manager. For more details on configuring secrets, see the [GCP secrets documentation](GCP.md).
+
 3.  Use these variables in your `dispenser.toml`.
 
     ```toml
@@ -267,6 +269,30 @@ No referenced variables
 
 From now on, whenever you push a new image to your registry with the `latest` tag, Dispenser will automatically detect it, pull the new version, and redeploy your service with zero downtime.
 
+### Managing the Service with CLI Signals
+
+Dispenser includes a built-in mechanism to send signals to the running daemon using the `-s` or `--signal` flag. This allows you to reload the configuration or stop the service without needing to use `kill` manually.
+
+**Note:** This command relies on the `dispenser.pid` file, so you should run it from the same directory where Dispenser is running (typically `/opt/dispenser` for the default installation).
+
+**Reload Configuration:**
+
+To reload the `dispenser.toml` configuration without restarting the process:
+
+```sh
+dispenser -s reload
+```
+
+This is useful for adding new instances or changing configuration parameters without interrupting currently monitored services.
+
+**Stop Service:**
+
+To gracefully stop the Dispenser daemon:
+
+```sh
+dispenser -s stop
+```
+
 ## Building from Source
 
 ### RPM (RHEL)
 
@@ -1,5 +1,5 @@
 Package: dispenser
-Version: 0.5
+Version: 0.6
 Maintainer: ixpantia S.A.
 Architecture: amd64
 Description: Continously Deploy services with Docker Compose
 
@@ -0,0 +1 @@
+dispenser.pid
@@ -1,6 +1,6 @@
 # justfile for dispenser project
 
-DISPENSER_VERSION := "0.5"
+DISPENSER_VERSION := "0.6"
 TARGET_BIN := "target/x86_64-unknown-linux-musl/release/dispenser"
 USR_BIN_DEB := "deb/usr/local/bin/dispenser"
 USR_BIN_RPM := "rpm/usr/local/bin/dispenser"
 
@@ -1,5 +1,5 @@
 Name: dispenser
-Version: 0.5
+Version: 0.6
 Release: 0
 Summary: Continously Deploy services with Docker Compose
 License: see /usr/share/doc/dispenser/copyright
 
@@ -1,6 +1,6 @@
 use std::{path::PathBuf, sync::OnceLock};
 
-use clap::Parser;
+use clap::{Parser, ValueEnum};
 
 /// Continuous delivery for un-complicated infrastructure.
 #[derive(Parser, Debug)]
@@ -16,6 +16,29 @@ pub struct Args {
     /// Test the configuration file and exit.
     #[arg(short, long)]
     pub test: bool,
+
+    /// Path to the pid file
+    #[arg(short, long, default_value = "dispenser.pid")]
+    pub pid_file: PathBuf,
+
+    /// Send a signal to the running dispenser instance
+    #[arg(short, long)]
+    pub signal: Option<Signal>,
+}
+
+#[derive(Clone, Debug, ValueEnum)]
+pub enum Signal {
+    Reload,
+    Stop,
+}
+
+impl From<Signal> for nix::sys::signal::Signal {
+    fn from(signal: Signal) -> Self {
+        match signal {
+            Signal::Reload => nix::sys::signal::Signal::SIGHUP,
+            Signal::Stop => nix::sys::signal::Signal::SIGINT,
+        }
+    }
 }
 
 static ARGS: OnceLock<Args> = OnceLock::new();
 
@@ -1,12 +1,8 @@
-use rayon::prelude::*;
+use futures_util::future;
 use serde::Serialize;
 
-use std::{
-    collections::HashMap,
-    num::NonZeroU64,
-    path::PathBuf,
-    sync::{Arc, Mutex},
-};
+use std::{collections::HashMap, num::NonZeroU64, path::PathBuf, sync::Arc};
+use tokio::sync::Mutex;
 
 use cron::Schedule;
 
@@ -42,14 +38,14 @@ pub struct ContposeConfig {
 }
 
 impl ContposeConfig {
-    pub fn get_instances(&self) -> Instances {
-        let inner = self
+    pub async fn get_instances(&self) -> Instances {
+        let inner_futures = self
             .instances
-            .par_iter()
-            .with_max_len(1)
+            .iter()
             .cloned()
-            .map(|instance| Arc::new(Mutex::new(Instance::new(instance))))
-            .collect::<Vec<_>>();
+            .map(|instance| async { Arc::new(Mutex::new(Instance::new(instance).await)) });
+
+        let inner = future::join_all(inner_futures).await;
 
         let delay = std::time::Duration::from_secs(self.delay.get());
         Instances { inner, delay }
@@ -86,10 +82,11 @@ pub(crate) struct Image {
 }
 
 impl ContposeInstanceConfig {
-    pub fn get_watchers(&self) -> Vec<DockerWatcher> {
-        self.images
+    pub async fn get_watchers(&self) -> Vec<DockerWatcher> {
+        let initialize_futures = self
+            .images
             .iter()
-            .map(|image| DockerWatcher::initialize(&image.registry, &image.name, &image.tag))
-            .collect()
+            .map(|image| DockerWatcher::initialize(&image.registry, &image.name, &image.tag));
+        future::join_all(initialize_futures).await
     }
 }