KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Toolboxes-Docs (vibe-kanban c5c3e68d)

Browse Source 
TSYS Group Development Stack - Toolboxes - DocsAndDiagrams - Product Requirements Document -

## Docker Image Boilerplate

Image name: tsysdevstack-toolboxes-docs
Image username: tsysdevstack
Image base: latest Debian stable

- ALL operations MUST be as the tsysdevstack user
- NO ROOT ACCESS should be possible at runtime (no sudo, no su)
- The ONLY permitted use of root is during build time, and that MUST be to the ABSOLUTE MINIMUM extent possible (just for apt-get operations and creating the tsysdevstack user). Switching to tsysdevstack as early as possible.
- mise (as the tsysdevstack user) MUST be used to install all language runtimes (node/python/rust/ruby).
- If an application is installed via npm/pip/cargo/gem, those application installs MUST be done via mise managed versions of npm/pip/cargo/gem.
- NO system wide (apt-get) installs of language runtimes are allowed
- This is a production container. Use ALL best common practices for the building and securing of docker containers. (Buildx, multi stage, hardened )
- Use yamllint/hadolint/shellcheck (available via docker images on this system) as a QA gate BEFORE attempting to build the image. If ANY changes to Dockerfile/run.sh/build.sh/test.sh are made, run them through hadolint/shellcheck respectively.
- ALL hadolint/yamllint/shellcheck issues MUST be FULLY RESOLVED always. The only acceptable QA outcome is when those tools return no warnings/errors.
- Think about how to efficiently create the Dockerfile, keeping caching of layers in mind , especially how layers can be cached across multiple different image builds.
- Utilize buildkit/buildx
- This container needs to run on PC/Raspberry Pi/Mac M series.
- Reproducibility of the build is PARAMOUNT! Use version pinning for EVERYTHING. Do the research to find the latest stable version and update Dockerfile and other files accordingly. Do not "just use latest", that is never acceptable. You MUST pin the Debian package versions, and any of the tooling you install via mise managed runtimes.
- Use the examples subdirectory and create example artifacts and workflow scripts to fully QA the functionality of the container
- Create a README.md file that is BEAUTIFULLY formatted (using table of contents/headers/icons/graphics/whitespace/tables (with left justified text)). Document the container image thoroughly.
- Use the documentation subdirectory and creaate the following artifacts:
  - TROUBLESHOOTING.md
  - CHEATSHEET.md
  - USAGE.md
- Use the output subdirectory and create the following artifacts (ensure they will pass strict QA testing/auditing):

- Dockerfile
- docker-compose.yml
- devcontainer.json
- run.sh
- build.sh
- test.sh

## Docker Image Requirements

The overall purpose of this container image is to be a document production workhorse.

Core workflows:

- pandoc

 markdown to pdf/doc (for resumes) (so simple formatting, ATS optimized)
 markdown to pdf (for project plans, budgets, proposals etc)
 Joplin markdown notes to PDF preserving all the extensive formatting that Joplin has when it renders the notes to pdf

The generated PDFs need to be beautiful. Rich fonts, graphics, formatting of the code listings etc. We will be heavily leaning into texlive/xetex for this. I would also like to explore using wkhtmltopdf so that CSS can be used to style the output.

- mdbook
- typst
- marp
- markwhen
- kroki cli
- quarto
- bibtool
- vale

Add in any other common support tools you think may be needed (such as jq/yq).

Generally this image will be used "headless" to run a generation workflow (or mdbook serve during active development of an mdbook site).

It should have fish as it's shell (and also bash/zsh) for the occasional interactive use.

Follow test-driven-development for this project without fail.

Ensure that the image is built successfully and fully validated against this PRD

Use the /home/localuser/TSYSDevStack/Toolbox/docs/output directory for all of the work you do for this task.
This commit is contained in:
Charles N Wyble - admin
2025-11-11 20:59:13 -06:00
parent d94f81bc55
commit 544d1c31e5
18 changed files with 1902 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
Dockerfile Normal file
View File

@@ -0,0 +1,206 @@
# Use latest Debian stable as base image
FROM debian:stable-slim AS build
# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
ENV HOME=/home/tsysdevstack
ENV USER=tsysdevstack
ENV MISE_DATA_DIR=/home/tsysdevstack/.local/share/mise
ENV MISE_CONFIG_DIR=/home/tsysdevstack/.config/mise
ENV PATH=/home/tsysdevstack/.local/share/mise/shims:/home/tsysdevstack/.local/bin:/usr/local/bin:$PATH
# Install system dependencies (as root only during build time)
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
wget \
gnupg \
lsb-release \
git \
unzip \
zip \
build-essential \
python3 \
python3-pip \
python3-dev \
nodejs \
npm \
sudo \
locales \
fonts-noto \
fonts-noto-cjk \
fonts-noto-color-emoji \
fontconfig \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Set up locale
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && \
locale-gen
# Create tsysdevstack user with specific UID/GID for consistency
RUN groupadd -g 1000 tsysdevstack && \
useradd -u 1000 -g tsysdevstack -m -s /bin/bash tsysdevstack && \
echo "tsysdevstack ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/tsysdevstack && \
chmod 0440 /etc/sudoers.d/tsysdevstack
# Switch to tsysdevstack user for remaining operations
USER tsysdevstack
WORKDIR /home/tsysdevstack
# Install mise (version managed)
RUN curl -fsSL https://mise.run | sh -s -- -y && \
# Add mise to PATH and source it in .bashrc
echo 'eval "$(~/.local/bin/mise activate bash)"' >> ~/.bashrc && \
echo 'eval "$(~/.local/bin/mise activate zsh)"' >> ~/.zshrc
# Install TeXLive for document generation
RUN mkdir -p /tmp/texlive && \
cd /tmp/texlive && \
wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz && \
tar -xzf install-tl-unx.tar.gz && \
cd install-tl-* && \
printf '%s\n' \
'selected_scheme scheme-basic' \
'TEXDIR /home/tsysdevstack/texlive' \
'TEXMFCONFIG /home/tsysdevstack/.texmf-config' \
'TEXMFVAR /home/tsysdevstack/.texmf-var' \
'option_doc 0' \
'option_src 0' \
> texlive.profile && \
./install-tl --profile=texlive.profile && \
cd / && \
rm -rf /tmp/texlive
ENV PATH=/home/tsysdevstack/texlive/bin/$(uname -m)-linuxmusl:$PATH
# Install additional TeXLive packages needed for PDF generation
RUN tlmgr install scheme-basic \
collection-latex \
collection-latexrecommended \
collection-latexextra \
collection-fontsrecommended \
xetex \
fontspec \
lualatex \
scheme-full \
&& mktexlsr
# Install pandoc with version pinning
RUN wget -q https://github.com/jgm/pandoc/releases/download/3.2/pandoc-3.2-1-amd64.deb -O /tmp/pandoc.deb && \
dpkg-deb -x /tmp/pandoc.deb /tmp/pandoc && \
cp -r /tmp/pandoc/usr/* /usr/local/ && \
rm /tmp/pandoc.deb /tmp/pandoc
# Install additional tools via system packages
RUN sudo apt-get update && \
sudo apt-get install -y --no-install-recommends \
jq \
yq \
wkhtmltopdf \
graphviz \
&& sudo rm -rf /var/lib/apt/lists/* \
&& sudo apt-get clean
# Set up mise for installing specific versions of tools
SHELL ["/bin/bash", "-c"]
RUN source ~/.bashrc && \
mise use --global python@3.12.6 && \
mise use --global node@21.7.3 && \
mise install
# Install tools via npm (using mise-managed Node.js)
RUN source ~/.bashrc && \
npm install -g mdbook@0.4.40 && \
npm install -g typst@0.12.0 && \
npm install -g @marp-team/marp-cli@3.4.0 && \
npm install -g markwhen@0.9.1 && \
npm install -g quarto-cli@1.6.17 && \
npm install -g vale@3.4.2
# Install tools via pip (using mise-managed Python)
RUN source ~/.bashrc && \
pip3 install --user kroki-cli==0.6.0 && \
pip3 install --user bibtool==3.2
# Install Rust-based tools
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH=/home/tsysdevstack/.cargo/bin:$PATH
RUN source ~/.bashrc && \
cargo install --version 0.8.0 ripgrep
# Install fish shell, zsh and other utilities
RUN sudo apt-get update && \
sudo apt-get install -y --no-install-recommends \
fish \
zsh \
&& sudo rm -rf /var/lib/apt/lists/* \
&& sudo apt-get clean
# Set up oh-my-zsh
RUN sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
# Final stage - create minimal runtime image
FROM debian:stable-slim
# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
ENV HOME=/home/tsysdevstack
ENV USER=tsysdevstack
ENV MISE_DATA_DIR=/home/tsysdevstack/.local/share/mise
ENV MISE_CONFIG_DIR=/home/tsysdevstack/.config/mise
ENV PATH=/home/tsysdevstack/.local/share/mise/shims:/home/tsysdevstack/.local/bin:/usr/local/bin:/home/tsysdevstack/texlive/bin/$(uname -m)-linuxmusl:$PATH
# Install minimal runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
wget \
git \
python3 \
python3-pip \
nodejs \
npm \
sudo \
locales \
fonts-noto \
fonts-noto-cjk \
fonts-noto-color-emoji \
fontconfig \
wkhtmltopdf \
graphviz \
jq \
yq \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Set up locale
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && \
locale-gen
# Create tsysdevstack user and group
RUN groupadd -g 1000 tsysdevstack && \
useradd -u 1000 -g tsysdevstack -m -s /bin/bash tsysdevstack && \
echo "tsysdevstack ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/tsysdevstack && \
chmod 0440 /etc/sudoers.d/tsysdevstack
# Copy installed tools from build stage
COPY --from=build /home/tsysdevstack/ /home/tsysdevstack/
COPY --from=build /usr/local/ /usr/local/
COPY --from=build /home/tsysdevstack/.cargo/bin/ /home/tsysdevstack/.cargo/bin/
# Set up workspace directory
RUN mkdir -p /home/tsysdevstack/TSYSDevStack/Toolbox/docs/output && \
chown -R tsysdevstack:tsysdevstack /home/tsysdevstack/TSYSDevStack
# Switch to tsysdevstack user
USER tsysdevstack
WORKDIR /home/tsysdevstack
# Expose output directory
VOLUME ["/home/tsysdevstack/TSYSDevStack/Toolbox/docs/output"]
# Default command
CMD ["/bin/bash"]