A Docker container for use as a CircleCI 2.0 Primary Container
NOTE TO KAIROS EMPLOYEES - this is a public repository and should contain no proprietary information or credentials.
Available on Docker Hub as kairosaero/circleci-build.
This repository represents a primary container for a CircleCI 2.0
Docker Image Build
The image build does the following (turning the Dockerfile into a Docker image):
- Packages up an Ubuntu 16.04 Xenial userspace (the same as the Kairos production environment)
- Installs the production package loadout
- Installs Packer and Docker, since they are not pure
- Creates an empty Python 3.5 virtualenv and installs build prerequisites like
- Creates a directory structure expected by some Kairos software
- Installs a suite of build scripts into
/opt/kairos/binto run standard
build steps and puts them into
Docker Container Runtime
At container runtime, it expects the following environment variables to be defined:
CREDSTASH_TABLE- the credstash table to pull secrets from
SECRET_SET_NAME- the entry to pull from the credstash table
Given those variables, it then:
- Uses credstash to pull down JSON defining all environment variables
containing secrets (see
- Transforms the JSON with jq and injects the variable values into the
- Uses those credentials to wire the virtualenv to a private PyPI server
- Installs the Kairos build library from the private PyPI repo
- Writes a default config file for publishing packages to a private PyPI
- Activates the virtualenv for all docker commands run in the container
This source code is made available under the MIT License. See LICENSE for more information.
© 2017 Kairos Aerospace. All Rights Reserved.