Skip to content
Builds Dockerfile using the Docker client (with squashing! and secrets!)
Go Dockerfile Makefile
Branch: master
Clone or download
openshift-merge-robot Merge pull request #129 from nalind/constants
Use imported constants instead of our own
Latest commit 3ca94a1 Jul 28, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/imagebuilder Migrage glog to klog Jul 12, 2019
dockerclient dockerclient newArchiveMapper: always end archiveRoot with "/" Jul 25, 2019
imageprogress Remove some dead code and simplifications Oct 25, 2018
signal STOPSIGNAL needs to be cross-platform (#60) Feb 28, 2018
strslice Extract the dockerfile builder out of OpenShift Jul 22, 2016
vendor vndr bump Jul 12, 2019
.gitignore Support multi-stage image builds (#59) Feb 22, 2018
.travis.yml Travis: use make {build,test} Mar 7, 2019
LICENSE Extract the dockerfile builder out of OpenShift Jul 22, 2016
Makefile make test: don't recurse into vendor directory Mar 7, 2019
OWNERS remove bparees from reviewers Jul 19, 2019 README: Add podman specific note Jul 19, 2019
builder.go fork Mar 7, 2019
builder_test.go Add ThroughTarget function to builder Feb 5, 2019
constants.go Use imported constants instead of our own Jul 26, 2019
dispatchers_test.go ADD supports the chown option also Jan 17, 2019
doc.go Extract the dockerfile builder out of OpenShift Jul 22, 2016
evaluator.go Use imported constants instead of our own Jul 26, 2019
imagebuilder.spec Update to 1.1-dev Jan 8, 2019
internals.go Handle destination with single dot properly Jun 18, 2018
shell_parser.go removing "to to" from comments Oct 6, 2017
vendor.conf Migrage glog to klog Jul 12, 2019

OCI Image Builder

Go Report Card GoDoc Travis Join the chat at freenode:openshift-dev

Please test your images (and add to our conformance suite)!

This library supports using the Dockerfile syntax to build OCI & Docker compatible images, without invoking a container build command such as buildah bud or docker build. It is intended to give clients more control over how they build container images, including:

  • Instead of building one layer per line, run all instructions in the same container
  • Set HostConfig settings like network and memory controls that are not available when running container builds
  • Mount external files into the build that are not persisted as part of the final image (i.e. "secrets")
  • If there are no RUN commands in the Dockerfile, the container is created and committed, but never started.

The final image should be 99.9% compatible with regular container builds, but bugs are always possible.

Future goals include:

  • Output OCI compatible images
  • Support other container execution engines, like runc or rkt
  • Better conformance testing
  • Windows support

Install and Run

To download and install the library and the binary, set up a Golang build environment and with GOPATH set run:

$ go get -u

The included command line takes one argument, a path to a directory containing a Dockerfile. The -t option can be used to specify an image to tag as:

$ imagebuilder [-t TAG] DIRECTORY

To mount a file into the image for build that will not be present in the final output image, run:

$ imagebuilder --mount ~/secrets/private.key:/etc/keys/private.key path/to/my/code testimage

Any processes in the Dockerfile will have access to /etc/keys/private.key, but that file will not be part of the committed image.

You can also customize which Dockerfile is run, or run multiple Dockerfiles in sequence (the FROM is ignored on later files):

$ imagebuilder -f Dockerfile:Dockerfile.extra .

will build the current directory and combine the first Dockerfile with the second. The FROM in the second image is ignored.

Note that imagebuilder adds the built image to the docker daemon's internal storage. If you use podman you must first pull the image into its local registry:

$ podman pull docker-daemon:<IMAGE>:<TAG> # must contain either a tag or a digest

Code Example

f, err := os.Open("path/to/Dockerfile")
if err != nil {
	return err
defer f.Close()

e := builder.NewClientExecutor(o.Client)
e.Out, e.ErrOut = os.Stdout, os.Stderr
e.AllowPull = true
e.Directory = "context/directory"
e.Tag = "name/of-image:and-tag"
e.AuthFn = nil // ... pass a function to retrieve authorization info
e.LogFn = func(format string, args ...interface{}) {
	fmt.Fprintf(e.ErrOut, "--> %s\n", fmt.Sprintf(format, args...))

buildErr := e.Build(f, map[string]string{"arg1":"value1"})
if err := e.Cleanup(); err != nil {
	fmt.Fprintf(e.ErrOut, "error: Unable to clean up build: %v\n", err)

return buildErr

Example of usage from OpenShift's experimental dockerbuild command with mount secrets

Run conformance tests (very slow):

go test ./dockerclient/conformance_test.go -tags conformance
You can’t perform that action at this time.