We are really excited to announce the release of Habitus 1.0!

What's Habitus?

Habitus is a standalone build flow tool for Docker. It is a command line tool that builds Docker images based on their Dockerfile(s) and a build.yml. You get the power to build a small and secure production ready container images.

This means you can create a chain of builds to generate your final Docker image based on a workflow. This is particularly useful if your code is in compiled languages like Java or Go or if you need to use secrets like SSH keys during the build.

A small selection of use cases:

Also handy in the 'modern-web-techland' when precompiling your assets (webpack for example). Those intermediate steps can be part of a Habitus build step too.

Habitus Feature Set

  • Use build.yml to build the image.
  • Supports multi-tenancy of builds by using UID parameters.
  • Allows running arbitrary commands inside of build container.
  • Allows dovetailing (sequencing) of images from different steps.
  • After the build, Habitus will run the Cleanup command. This will result in 'squashing' the image, therefore removing any traces of unwanted layers
  • Allows you to define and manage secrets configuration (file and environment variables based) for your build.
  • Allows you specify any artifacts or folder of artifacts — they'll be copied from the built image onto the working directory, so they'll be available for next steps.
  • Support for non-TLS connections to Docker daemons.

New 1.0 Features

With the release of 1.0, we've added more features — thanks to all for the feedback we got from people around the world using Habitus for their own build flow tools.

Check out Habitus 1.0 new features and improvements:

Easy Installation

The installation on your local box is much easier! Just run the following command if your run Linux or macOS.

curl -sSL https://raw.githubusercontent.com/cloud66/habitus/master/habitus_install.sh | bash


Or download Habitus straight from our repository if you are running Windows.

Run Arbitrary Commands After a Build Step

With this release, you can run arbitrary commands inside of the container after it's built or run commands on the host system.

build:  
  version: 2016-03-14
  steps:
    step1:
      name: step1
      dockerfile: Dockerfile
      # run on the host after this build step
      after_build_command: some_host_command
      # will run in the running container after it's built
      command: some_container_command


Because of security reasons, you need to enable this explicitly:

$ habitus --after-build-command=true ...

Don't Use Cache in a Build Step

You can specify for each step if you want to use the cache.

build:  
  version: 2016-03-14
  steps:
    step1:
      name: step1
      dockerfile: Dockerfile
      no_cache: true


Support to Use Environment Variables as Secrets

Besides using a file to expose secrets to your build process, you can also use environment variables. Just select the --sec-providers and you can start using environment variables.

$ habitus --secrets=true --sec-providers="env"

build.yml

build:  
  version: 2016-03-14
  steps:
    builder:
      name: builder
      dockerfile: Dockerfile
      no_cache: true
      secrets:
        my_env_secret:
          type: env
          value: VERY_SECRET_STUFF


In this example, when you hit the secret server, you get the value of my_env_secret.

Note: All values of an EnvVar will be prefixed with HABITUS_. In the above example, the value of env VERY_SECRET_STUFF will be taken from the host env called HABITUS_VERY_SECRET_STUFF

The example below shows you how to retrieve the secret from the secret service and use it in your build.

...
RUN wget -qO- http://$host:$port/v1/secrets/env/my_env_secret | less  
...

Using Habitus With Cloud 66

Of course, we deploy Habitus 1.0 on Buildgrid to give you access to complex build flows. Buildgrid is our Docker image build service.

A simple service.yml shows you how to run Habitus on Buildgrid.

service.yml

services:  
  your-service:
    git_url: http://github.com/your-nick/your-service.git
    git_branch: master
    env_vars:
      HABITUS_VERY_SECRET_STUFF: launch_codes
    use_habitus: true
    use_habitus_step: builder
    build_root: microservices/a-small-service


build.yml

build:  
  version: 2016-03-14
  steps:
    builder:
      name: builder
      dockerfile: Dockerfile
      no_cache: true
      secrets:
        my_env_secret:
          type: env
          value: VERY_SECRET_STUFF


In the above example, Buildgrid will check out your Git repo and run Habitus in the context folder microservices/a-small-service. When Habitus is done the image to use is the step with the name builder.

Dockerfile

FROM ubuntu:16.04

# install packages
RUN apt-get update  
RUN apt-get install wget -y  
RUN apt-get install less -y

# values populated by Cloud 66

ARG habitus_host  
ARG habitus_port  
ARG habitus_password  
ARG habitus_user

# call secret service
RUN wget --http-user=$habitus_user --http-password=$habitus_password -qO- http://$habitus_host:$habitus_port/v1/secrets/env/my_env_secret | less  


The Dockerfile is using two build arguments (habitus_host and habitus_port). These are automagically allocated by Buildgrid, and you need to use this variable to pull down your secret: http://$habitus_host:$habitus_port/v1/secrets/env/my_env_secret

Summary and Resources

Let us know what you think and don't be shy asking questions on Slack, adding support tickets, feature requests or do a pull request (we love them!). Happy coding and welding the perfect container image!