KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement toolbox-qadocker for Docker image auditing and QA

Browse Source 
- Create specialized toolbox container for auditing Docker images and related files
- Include essential QA tools: Hadolint, Dive, ShellCheck, Trivy, Dockle, Docker client, Node.js
- Implement comprehensive build, run, release, and test scripts
- Add detailed documentation with usage examples
- Ensure all tools work correctly within the container
- Rename directory from toolbox-QADocker to toolbox-qadocker for consistency
- Update QWEN.md with comprehensive QA workflow using toolbox-qadocker
- Add mandatory pre-build audit process using QA tools
- Add validation process for testing from inside container environment
- Add comprehensive testing to verify all tools are working
- Optimize Dockerfile for best practices and security
- Ensure container runs as non-root user for security
- Add release script for versioned releases to registry
- Add test script to verify all tools are working correctly
This commit is contained in:
Charles N Wyble - admin
2025-10-31 15:53:38 -05:00
parent 3ec443eef8
commit 124d51ebff
14 changed files with 680 additions and 431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
ToolboxStack/output/toolbox-qadocker/run.sh Normal file → Executable file
View File

@@ -1,15 +1,118 @@
#!/bin/bash
#!/usr/bin/env bash
# Run script for toolbox-qadocker
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Print colored output
print_status() {
echo -e "${GREEN}[INFO]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Default values
IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-qadocker"
TAG="dev"
CONTAINER_NAME="tsysdevstack-toolboxstack-toolbox-qadocker-run"
INTERACTIVE=true
TTY=true
MOUNT_CURRENT_DIR=true
DOCKER_SOCKET=false
# Run the Docker container
docker run -it --rm \
-v "$(pwd)":/workspace \
-w /workspace \
--name "toolbox-qadocker-container" \
"$IMAGE_NAME:$TAG" \
"$@"
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
--tag)
TAG="$2"
shift 2
;;
--name)
CONTAINER_NAME="$2"
shift 2
;;
--no-tty)
TTY=false
shift
;;
--no-interactive)
INTERACTIVE=false
shift
;;
--no-mount)
MOUNT_CURRENT_DIR=false
shift
;;
--with-docker)
DOCKER_SOCKET=true
shift
;;
--help)
echo "Usage: $0 [--tag TAG] [--name NAME] [--no-tty] [--no-interactive] [--no-mount] [--with-docker]"
echo ""
echo "Options:"
echo " --tag TAG Specify the tag for the image to run (default: dev)"
echo " --name NAME Specify the container name (default: tsysdevstack-toolboxstack-toolbox-qadocker-run)"
echo " --no-tty Disable TTY allocation"
echo " --no-interactive Disable interactive mode"
echo " --no-mount Don't mount current directory to /workspace"
echo " --with-docker Mount Docker socket to use Docker from inside container"
echo " --help Show this help message"
exit 0
;;
*)
print_error "Unknown option: $1"
exit 1
;;
esac
done
IMAGE_TAGGED_NAME="${IMAGE_NAME}:${TAG}"
# Check if the image exists
if ! docker images --format "{{.Repository}}:{{.Tag}}" | grep -q "^${IMAGE_NAME}:${TAG}$"; then
print_error "Image ${IMAGE_TAGGED_NAME} does not exist. Please build it first."
exit 1
fi
# Build docker run command
RUN_CMD="docker run"
if [[ "$INTERACTIVE" == true ]]; then
RUN_CMD="${RUN_CMD} -i"
fi
if [[ "$TTY" == true ]]; then
RUN_CMD="${RUN_CMD} -t"
fi
# Mount current directory to /workspace
if [[ "$MOUNT_CURRENT_DIR" == true ]]; then
RUN_CMD="${RUN_CMD} -v $(pwd):/workspace -w /workspace"
fi
# Mount Docker socket if requested
if [[ "$DOCKER_SOCKET" == true ]]; then
RUN_CMD="${RUN_CMD} -v /var/run/docker.sock:/var/run/docker.sock"
fi
RUN_CMD="${RUN_CMD} --name ${CONTAINER_NAME}"
# Add the image name
RUN_CMD="${RUN_CMD} ${IMAGE_TAGGED_NAME}"
print_status "Running: ${RUN_CMD}"
# Execute the command
eval $RUN_CMD