Continuous Integration image building
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Continuous Integration images.

Sub-directories docker-FOO each contain a Dockerfile controlling the build of a Docker image.

We have a philosophical objection to encouraging the use of sudo, instead of capabilities and drop-only privileges, albeit not as great as our objections to mode 0777 directories, curl | sh or retrieval without checksum verification.

Beware that these add my own certificate authorities to the system trust stores.


First-generation Pennock Tech CI image for ourselves, rather than for clients. Based on Alpine, this is rather heavy, with gcc, clang, python, go and much more.


  • pennocktech/ci:purple-root: everything installed, uid is root
  • pennocktech/ci:purple: run-time user is ci

Known issues:

  • build style is incompatible with Docker build-step caching, needs a rethink to find a decent middle-ground while still avoiding the 20-line chained-&& pattern
  • missing kubectl still
  • too large

I do development work on Zsh, so the usual suspects such as "remove fancy shells", are not really tenable. I mostly wanted to get an image with up-to-date pip out, before the PyPI cut-over, so haven't yet prioritized sane shrinkage.


Stripped down from docker-purple, this has things required for a custom Go build but is missing most of the rest of the tooling added. The purple tooling is used to create this image.


This is created with the purple tooling, but only installs the most critical of packages:

  • curl
  • git
  • jq
  • openssl

A few config files go in too, including the aforementioned certificate trust stores being setup.