Building container images done right with Habitus 1.0!

We are really excited to announce the release of Habitus 1.0 today!

What's Habitus?

Habitus is a standalone build flow tool for Docker. It is a command line tool that builds Docker images based on their Dockerfile(s) and a build.yml. You get the power to build a small and secure production ready container images.

This means you can create a chain of builds to generate your final Docker image based on a workflow. This is particularly useful if your code is in compiled languages like Java or Go or if you need to use secrets like SSH keys during the build.

A small selection of use cases:

• How to create the smallest possible Docker image for your Golang application.
• Create, construct and weld the perfect production ready secure Java container with Habitus.io

Also handy in the 'modern-web-techland' when precompiling your assets (webpack for example). Those intermediate steps can be part of a Habitus build step too.

Habitus feature set

• Use build.yml to build the image
• Supports multi-tenancy of builds by using UID parameters
• Allows to run arbitrary commands inside of the build container
• Allows dovetailing (sequencing) of the images from different steps
• After the build, Habitus will run Cleanup command. This will result in 'squashing' the image, therefore removing any traces of unwanted layers
• Allows you to define and manage secrets configuration (file and environment variables based) for your build
• Allows you specify any artifacts or folder of artifacts - they'll be copied from the built image onto the working directory, so they'll be available for next steps.
• Support for non-TLS connections to Docker daemons.

New 1.0 features

With the release of 1.0, we've added more features, thanks to all for the feedback we got from people around the world using Habitus for their own build flow tools.

Check out Habitus 1.0 new features and improvements:

Easy installation

The installation on your local box is much easier! Just run the following command if your run Linux or macOS.

curl -sSL https://raw.githubusercontent.com/cloud66/habitus/master/habitus_install.sh | bash

Or download Habitus straight from our repository if you are running Windows.

Run arbitrary commands after a build step.

With this release, you can run arbitrary commands inside of the container after it's built or run commands on the host system.

build:
  version: 2016-03-14
  steps:
    step1:
      name: step1
      dockerfile: Dockerfile
      # run on the host after this build step
      after_build_command: some_host_command
      # will run in the running container after it's built
      command: some_container_command

Because of security reasons, you need to enable this explicitly:

$ habitus --after-build-command=true ...

Don't use cache in a build step

You can specify for each step if you want to use the cache.

build:
  version: 2016-03-14
  steps:
    step1:
      name: step1
      dockerfile: Dockerfile
      no_cache: true

Support to use environment variables as secrets.

Besides using a file to expose secrets to your build process you can also use environment variables. Just select the --sec-providers and you can start using environment variables.

$ habitus --secrets=true --sec-providers="env"

build.yml

build:
  version: 2016-03-14
  steps:
    builder:
      name: builder
      dockerfile: Dockerfile
      no_cache: true
      secrets:
        my_env_secret:
          type: env
          value: VERY_SECRET_STUFF

In this example when you hit the secret server you get the value of my_env_secret.

Note All values of an EnvVar will be prefixed with HABITUS_. In the above example the value of env VERY_SECRET_STUFF will be taken from the host env called HABITUS_VERY_SECRET_STUFF

The example below shows you how to retrieve the secret from the secret service and use it in your build.

...
RUN wget -qO- http://$host:$port/v1/secrets/env/my_env_secret | less
...

• Using SSH Private keys securely in Docker build

Using Habitus with Cloud 66

Of course, we deploy Habitus 1.0 on Buildgrid to give you access to complex build flows. Buildgrid is our docker image build service.

A simple service.yml shows you how to run Habitus on Buildgrid.

service.yml

services:
  your-service:
    git_url: http://github.com/your-nick/your-service.git
    git_branch: master
    env_vars:
      HABITUS_VERY_SECRET_STUFF: launch_codes
    use_habitus: true
    use_habitus_step: builder
    build_root: microservices/a-small-service

build.yml

build:
  version: 2016-03-14
  steps:
    builder:
      name: builder
      dockerfile: Dockerfile
      no_cache: true
      secrets:
        my_env_secret:
          type: env
          value: VERY_SECRET_STUFF

In the above example, Buildgrid will check out your Git repo and run Habitus in the context folder microservices/a-small-service. When Habitus is done the image to use is the step with the name builder.

Dockerfile

FROM ubuntu:16.04

# install packages
RUN apt-get update
RUN apt-get install wget -y
RUN apt-get install less -y

# values populated by Cloud 66

ARG habitus_host
ARG habitus_port
ARG habitus_password
ARG habitus_user

# call secret service
RUN wget --http-user=$habitus_user --http-password=$habitus_password -qO- http://$habitus_host:$habitus_port/v1/secrets/env/my_env_secret | less

The Dockerfile is using two build arguments (habitus_host and habitus_port). These are automagically allocated by Buildgrid and you need to use this variable to pull down your secret: http://$habitus_host:$habitus_port/v1/secrets/env/my_env_secret

Summary & Resources

Let us know what you think and don't be shy asking questions on Slack, adding support tickets, feature requests or do a pull request (we love them!). Happy coding and welding the perfect container image!

• Download Habitus
• Slack Channel: #habitus, you need a Cloud 66 account, and use this link to get an invite.
• Articles: GHOST_URL /tag/habitus/