We are really excited to announce the release of Habitus 1.0 today!
Habitus is a standalone build flow tool for Docker. It is a command line tool that builds Docker images based on their
Dockerfile(s) and a
build.yml. You get the power to build a small and secure production ready container images.
This means you can create a chain of builds to generate your final Docker image based on a workflow. This is particularly useful if your code is in compiled languages like Java or Go or if you need to use secrets like SSH keys during the build.
A small selection of use cases:
- How to create the smallest possible Docker image for your Golang application.
- Create, construct and weld the perfect production ready secure Java container with Habitus.io
Also handy in the 'modern-web-techland' when precompiling your assets (
webpack for example). Those intermediate steps can be part of a Habitus build step too.
Habitus feature set
build.ymlto build the image
- Supports multi-tenancy of builds by using
- Allows to run arbitrary commands inside of the build container
- Allows dovetailing (sequencing) of the images from different steps
- After the build, Habitus will run Cleanup command. This will result in 'squashing' the image, therefore removing any traces of unwanted layers
- Allows you to define and manage secrets configuration (file and environment variables based) for your build
- Allows you specify any artifacts or folder of artifacts - they'll be copied from the built image onto the working directory, so they'll be available for next steps.
- Support for non-TLS connections to Docker daemons.
New 1.0 features
With the release of 1.0, we've added more features, thanks to all for the feedback we got from people around the world using Habitus for their own build flow tools.
Check out Habitus 1.0 new features and improvements:
The installation on your local box is much easier! Just run the following command if your run Linux or macOS.
curl -sSL https://raw.githubusercontent.com/cloud66/habitus/master/habitus_install.sh | bash
Or download Habitus straight from our repository if you are running Windows.
Run arbitrary commands after a build step.
With this release, you can run arbitrary commands inside of the container after it's built or run commands on the host system.
# run on the host after this build step
# will run in the running container after it's built
Because of security reasons, you need to enable this explicitly:
$ habitus --after-build-command=true ...
Don't use cache in a build step
You can specify for each step if you want to use the cache.
Support to use environment variables as secrets.
Besides using a file to expose secrets to your build process you can also use environment variables. Just select the
--sec-providers and you can start using environment variables.
$ habitus --secrets=true --sec-providers="env"
In this example when you hit the secret server you get the value of my_env_secret.
Note All values of an EnvVar will be prefixed with
HABITUS_. In the above example the value of env
VERY_SECRET_STUFF will be taken from the host env called
The example below shows you how to retrieve the secret from the secret service and use it in your build.
RUN wget -qO- http://$host:$port/v1/secrets/env/my_env_secret | less
Using Habitus with Cloud 66
Of course, we deploy Habitus 1.0 on Buildgrid to give you access to complex build flows. Buildgrid is our docker image build service.
A simple service.yml shows you how to run Habitus on Buildgrid.
In the above example, Buildgrid will check out your Git repo and run Habitus in the context folder
microservices/a-small-service. When Habitus is done the image to use is the step with the name
# install packages
RUN apt-get update
RUN apt-get install wget -y
RUN apt-get install less -y
# values populated by Cloud 66
# call secret service
RUN wget --http-user=$habitus_user --http-password=$habitus_password -qO- http://$habitus_host:$habitus_port/v1/secrets/env/my_env_secret | less
Dockerfile is using two build arguments (
habitus_port). These are automagically allocated by Buildgrid and you need to use this variable to pull down your secret:
Summary & Resources
Let us know what you think and don't be shy asking questions on Slack, adding support tickets, feature requests or do a pull request (we love them!). Happy coding and welding the perfect container image!