Skip to content
Switch branches/tags
Go to file

Latest commit

Adding check that enforces which attributes can be modified based on
server side configuration.

New section in atomic-reactor config map, example:
      - ["spec", "skips"]
      - ["metadata", "name"]

When attributes in update or append section of operator CSV modification
JSON doesn't match specified allowed attributes build fails.


Signed-off-by: Martin Bašti <>

Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Atomic Reactor

unittests status badge coveralls status badge lgtm python badge lgtm alerts badge linters status badge

Python library with command line interface for building docker images.


  • Push image to registry when it's built
  • Build inside a docker container (so your builds are separated between each other)
  • git as a source to your Dockerfile (you may specify commit/branch and path to Dockerfile within the git repo)
  • Collect build logs
  • Integration with koji build system
  • Integration with fedora packaging system
  • Inject arbitrary yum repo inside Dockerfile (change source of your packages)
  • Retag base image so it matches FROM instruction in Dockerfile
  • Change base image (FROM) in your Dockerfile
  • Run simple tests after your image is built

There are several build modes available:

  • Building within a docker container using docker from host by mounting docker.sock inside the container
  • Building within a privileged docker container (new instance of docker is running inside)
  • Executing build within current environment


For Fedora Users

sudo dnf install atomic-reactor python-atomic-reactor-koji

From git

Clone this git repo and install Atomic Reactor using python installer:

git clone
cd atomic-reactor
sudo pip install .

You don't even need to install it. You may use it straight from git:

alias atomic-reactor="python ${REACTOR_PATH}/atomic-reactor/cli/"


  • docker-py
  • The koji plugin requires the koji package, which is not available on PyPI: you'll have to install it manually
sudo dnf install koji


If you would like to build your images within build containers, you need to obtain images for those containers. We call them build images. Atomic Reactor is installed inside and used to take care of build itself.

You can either get the build image from Dockerhub or create it yourself.

Getting build image from Dockerhub

Just use

docker pull slavek/atomic-reactor

This will pull the buildroot image with the latest Atomic Reactor commits. Images with stable releases are available since version 1.3.3 and you can access them by using the version specifier as a tag, such as

docker pull slavek/atomic-reactor:1.3.3

Installation from git

atomic-reactor create-build-image --reactor-local-path ${PATH_TO_REACTOR_GIT} \
    ${PATH_TO_REACTOR_GIT}/images/dockerhost-builder buildroot

Why is it so long? Okay, let's get through. First thing is that Atomic Reactor needs to install itself inside the build image. You can pick several sources for Atomic Reactor: your local copy, (this) official upstream repo, your forked repo or even distribution tarball. In the example above, we are using our locally cloned git repo (--reactor-local-path ${PATH_TO_REACTOR_GIT}).

You have to provide Dockerfile too. Luckily these are part of upstream repo (see folder images). It's the first argument: ${PATH_TO_REACTOR_GIT}/images/dockerhost-builder.

And finally, you need to name the image: buildroot.

Installation from RPM

atomic-reactor create-build-image --reactor-tarball-path \
    /usr/share/atomic-reactor/atomic-reactor.tar.gz \
    /usr/share/atomic-reactor/images/dockerhost-builder buildroot-fedora

Section above contains detailed description. Let's make this short.

  1. --reactor-tarball-path — Atomic Reactor needs to install itself into build image: this is how you specify where Atomic Reactor gets its own sources (when installed via RPM, Atomic Reactor provides itself packaged as tarball at /usr/share/atomic-reactor/atomic-reactor.tar.gz)
  2. First argument is path to dockerfile — dockerfiles for both methods are available at /usr/share/atomic-reactor/images/, just pick one
  3. Finally, second argument names the build image

Getting Atomic Reactor from distribution

Or you can build the image using docker and install Atomic Reactor directly from distribution:

FROM fedora:latest
RUN dnf -y install docker-io git python-docker-py python-setuptools koji \
    atomic-reactor && dnf clean all
CMD ["atomic-reactor", "-v", "inside-build", "--input", "path"]

and command:

docker build -t buildroot-hostdocker .

Now you can build your images

As soon as our build image is built, we can start building stuff in it:

atomic-reactor build git --method hostdocker --build-image buildroot-hostdocker \
    --image test-image --uri ""

The built image will be in the build container. Therefore, this example doesn't make much sense. If you would like to access the built image, you should probably push it to your registry and build it like this:

$ atomic-reactor build git --method hostdocker \
    --build-image buildroot-hostdocker \
    --image test-image \
    --target-registries \
    --uri ""

Both of these examples use the git source provider (atomic-reactor build git), which gets the source code to put in the image from a git repo. There are also other providers:

  • path ― uses source code from local path
  • json ― accepts a path to build json file with all info needed for build

IP address should be address of docker0 network interface. Update it if yours is different. Also, don't forget to start the registry.

Bear in mind that you shouldn't mix build methods. If you use hostdocker method with build image for privileged method, then it won't work.

Further reading