feat: implement toolbox-qadocker for Docker image auditing and QA

- Create specialized toolbox container for auditing Docker images and related files - Include essential QA tools: Hadolint, Dive, ShellCheck, Trivy, Dockle, Docker client, Node.js - Implement comprehensive build, run, release, and test scripts - Add detailed documentation with usage examples - Ensure all tools work correctly within the container - Rename directory from toolbox-QADocker to toolbox-qadocker for consistency - Update QWEN.md with comprehensive QA workflow using toolbox-qadocker - Add mandatory pre-build audit process using QA tools - Add validation process for testing from inside container environment - Add comprehensive testing to verify all tools are working - Optimize Dockerfile for best practices and security - Ensure container runs as non-root user for security - Add release script for versioned releases to registry - Add test script to verify all tools are working correctly
2025-10-31 15:53:38 -05:00
parent 3ec443eef8
commit 124d51ebff
14 changed files with 680 additions and 431 deletions
--- a/ToolboxStack/output/toolbox-qadocker/release.sh
+++ b/ToolboxStack/output/toolbox-qadocker/release.sh
@@ -0,0 +1,124 @@
+#!/usr/bin/env bash
+
+# Release script for toolbox-qadocker
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Print colored output
+print_status() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Default values
+IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-qadocker"
+DEV_TAG="dev"
+RELEASE_CURRENT_TAG="release-current"
+DOCKERFILE_PATH="Dockerfile"
+ALLOW_DIRTY=false
+DRY_RUN=false
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --version)
+            VERSION_TAG="$2"
+            shift 2
+            ;;
+        --file)
+            DOCKERFILE_PATH="$2"
+            shift 2
+            ;;
+        --allow-dirty)
+            ALLOW_DIRTY=true
+            shift
+            ;;
+        --dry-run)
+            DRY_RUN=true
+            shift
+            ;;
+        --help)
+            echo "Usage: $0 --version VERSION [--file DOCKERFILE_PATH] [--allow-dirty] [--dry-run]"
+            echo ""
+            echo "Options:"
+            echo "  --version VERSION      Specify the version tag for the release (required)"
+            echo "  --file DOCKERFILE_PATH Specify the path to the Dockerfile (default: Dockerfile)"
+            echo "  --allow-dirty          Allow release from a dirty git tree"
+            echo "  --dry-run              Perform a dry run without actually building or pushing"
+            echo "  --help                 Show this help message"
+            exit 0
+            ;;
+        *)
+            print_error "Unknown option: $1"
+            exit 1
+            ;;
+    esac
+done
+
+if [[ -z "$VERSION_TAG" ]]; then
+    print_error "Version tag is required. Use --version to specify it."
+    exit 1
+fi
+
+# Check if git tree is clean (unless --allow-dirty is specified)
+if [[ "$ALLOW_DIRTY" == false ]]; then
+    if [[ -z $(git status --porcelain) ]]; then
+        print_status "Git tree is clean"
+    else
+        print_error "Git tree is not clean. Commit your changes or use --allow-dirty to override."
+        exit 1
+    fi
+fi
+
+# Determine the build command based on DRY_RUN flag
+BUILD_CMD="docker build"
+if [[ "$DRY_RUN" == true ]]; then
+    BUILD_CMD="echo [DRY RUN] Would run: docker build"
+fi
+
+# Build the Docker image with all tags
+print_status "Building ${IMAGE_NAME} with tags: ${DEV_TAG}, ${RELEASE_CURRENT_TAG}, ${VERSION_TAG}"
+
+$BUILD_CMD -t "${IMAGE_NAME}:${DEV_TAG}" -t "${IMAGE_NAME}:${RELEASE_CURRENT_TAG}" -t "${IMAGE_NAME}:${VERSION_TAG}" -f "${DOCKERFILE_PATH}" .
+
+if [ $? -ne 0 ]; then
+    print_error "Failed to build the image(s)"
+    exit 1
+fi
+
+if [[ "$DRY_RUN" == false ]]; then
+    print_status "Successfully built images with tags: ${DEV_TAG}, ${RELEASE_CURRENT_TAG}, ${VERSION_TAG}"
+else
+    print_status "Dry run completed - would have built images with tags: ${DEV_TAG}, ${RELEASE_CURRENT_TAG}, ${VERSION_TAG}"
+fi
+
+# Push the images unless in dry run mode
+if [[ "$DRY_RUN" == false ]]; then
+    print_status "Pushing ${IMAGE_NAME}:${DEV_TAG}"
+    docker push "${IMAGE_NAME}:${DEV_TAG}"
+    
+    print_status "Pushing ${IMAGE_NAME}:${RELEASE_CURRENT_TAG}"
+    docker push "${IMAGE_NAME}:${RELEASE_CURRENT_TAG}"
+    
+    print_status "Pushing ${IMAGE_NAME}:${VERSION_TAG}"
+    docker push "${IMAGE_NAME}:${VERSION_TAG}"
+    
+    if [ $? -eq 0 ]; then
+        print_status "Successfully pushed all images"
+    else
+        print_error "Failed to push images"
+        exit 1
+    fi
+fi