This repository provides Dockerfiles for the images on which Unmade's projects are built. All of these images are built under the
knyttan account on docker hub.
This is the favored base image for Unmade projects, and is released in two variants:
- based on
- builds various common requirements on to the docker image
- provides get_secrets.py, which is used by projects to retrieve secrets from AWS Parameter Store.
This base image has a number of benefits for downstream packages:
- We are conservative with our choice of packages to include, keeping image size small.
- Many included python packages have C dependencies. Providing them here makes downstream builds faster and simpler as they don't have to build these from scratch. We add a constraints file to each project to constrain us to these versions.
- Included packages are kept to a minimum to maintain a small security footprint.
- Build triggers are present in docker hub so that changes to the upstream images will result in rebuilds. In this way, package updates roll out automatically over time as we build and deploy. Debian are very conservative about these updates, so we should never get a breaking change.
Builds take place on docker hub, where builds against the
master branch are tagged as
- based on
- installs gulp and node, and sets up an
npm installbuild trigger.
- This is the most commonly used variant in Unmade projects.
The Chrome Headless image provides an entry point with a workaround for the lack of
--shm-size support in ECS. This can be phased out when support for that feature lands in ECS. See amazon-ecs-agent #1149