A Docker container for use as a CircleCI 2.0 Primary Container
NOTE TO KAIROS EMPLOYEES - this is a public repository and should contain no proprietary information or credentials.
Available on Docker Hub as kairosaero/circleci-build.
This repository represents a primary container for a CircleCI 2.0 containerized build.
The image build does the following (turning the Dockerfile into a Docker image):
- Packages up an Ubuntu 16.04 Xenial userspace (the same as the Kairos production environment)
- Installs the production package loadout
- Installs Packer and Docker, since they are not pure
apt
installs - Creates an empty Python 3.5 virtualenv and installs build prerequisites like
twine
,setuptools
, andcredstash
- Creates a directory structure expected by some Kairos software
(
/opt/kairos/*
) - Installs a suite of build scripts into
/opt/kairos/bin
to run standard build steps and puts them into$PATH
.
At container runtime, it expects the following environment variables to be defined:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION
Optionally:
CREDSTASH_TABLE
- the credstash table to pull secrets from (default: circleci-secrets)SECRET_SET_NAME
- the entry to pull from the credstash table (default: default-build-secrets)
Given those variables, it then:
- Uses credstash to pull down JSON defining all environment variables
containing secrets (see
build_secrets_template.json
) - Transforms the JSON with jq and injects the variable values into the environment
- Uses those credentials to wire the virtualenv to a private PyPI server
- Installs the Kairos build library from the private PyPI repo
- Writes a default config file for publishing packages to a private PyPI server
- Activates the virtualenv for all docker commands run in the container
This source code is made available under the MIT License. See LICENSE for more information.
© 2017 Kairos Aerospace. All Rights Reserved.