KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement toolbox-qadocker for Docker image auditing and QA

Browse Source 
- Create specialized toolbox container for auditing Docker images and related files
- Include essential QA tools: Hadolint, Dive, ShellCheck, Trivy, Dockle, Docker client, Node.js
- Implement comprehensive build, run, release, and test scripts
- Add detailed documentation with usage examples
- Ensure all tools work correctly within the container
- Rename directory from toolbox-QADocker to toolbox-qadocker for consistency
- Update QWEN.md with comprehensive QA workflow using toolbox-qadocker
- Add mandatory pre-build audit process using QA tools
- Add validation process for testing from inside container environment
- Add comprehensive testing to verify all tools are working
- Optimize Dockerfile for best practices and security
- Ensure container runs as non-root user for security
- Add release script for versioned releases to registry
- Add test script to verify all tools are working correctly
This commit is contained in:
Charles N Wyble - admin
2025-10-31 15:53:38 -05:00
parent 3ec443eef8
commit 124d51ebff
14 changed files with 680 additions and 431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
ToolboxStack/collab/prompts/FeatureWork/toolbox-qadocker.md
View File

@@ -1,8 +1,10 @@
The first toolbox we need to build is for performing audit/QA work on the images we are trying to build.
The first toolbox we need to build is for performing audit/QA work on the custom toolbox images we are trying to build.
Here is what we need todo:
Finish the design/validation/auditing/building/testing of the
Finish validating/auditing/building/testing the tsysdevstack-toolboxstack-toolbox-qadocker image.
tsysdevstack-toolboxstack-toolbox-qadocker
dockerimage.
This will be the ONLY image that we build (other than tsysdevstack-toolboxstack-toolbox-base itself) which DOES NOT use the toolbox-base image as its foundation.
@@ -12,12 +14,32 @@ The toolbox-qadocker image should be minimal, simple. It should be easy to exten
Adopt all best common practices
Add in
- hadolint
- docky
- dive
and other useful qa/linting tools for QA of Dockerfile/shellscripts etc commonly used in the docker image build/release process.
Ensure it will be useful for auditing docker images (hadolint etc). Its meant to run quickly and be utilized by AI CLI agents when they are making container images.
Do the work in:
output/toolbox-QADocker
output/toolbox-qadocker
Ensure the container image builds and the tools work
Use it to QA itself.
Use it to QA itself.
DO NOT USE root for anything but apt-get and bootstrapping aqua if needed.
All work that can be done as the qadocker user should be done as the qadocker user
Optimize the Dockerfile that you generate.
Check it for errors.
Ensure it will past the strictest linting checks.
DO NOT USE ANY OTHER MATERIAL IN THIS PROJECT for your work.
Do the image creation completely from scratch.