KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(filesystem): reflect major filesystem restructuring changes

Browse Source 
- Renamed DocStack to dockstack
- Transformed toolbox-template into toolbox-qadocker with new functionality
- Removed NewToolbox.sh script
- Updated PROMPT and configuration files across all toolboxes
- Consolidated audit and testing scripts
- Updated QWEN.md to reflect new filesystem structure as authoritative source
- Merged PROMPT content into QWEN.md as requested

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

The filesystem structure has been intentionally restructured and is now the authoritative source of truth for the project organization.
This commit is contained in:
Charles N Wyble - admin
2025-10-31 13:26:39 -05:00
parent 199789e2c4
commit ab54d694f2
48 changed files with 1020 additions and 1119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
ToolboxStack/output/toolbox-QADocker/README.md
View File

@@ -1,85 +1,107 @@
# 🛡️ Docker QA Toolbox
# 🧰 TSYSDevStack Toolbox Template
A specialized development environment for Docker image auditing, security scanning, and quality assurance.
Template for creating new toolboxes that extend from the `toolbox-base` image.
---
## 🚀 Quick Start
```bash
cd output/toolbox-QADocker
./build.sh # build the image with UID/GID matching your host
./run.sh up # launch the toolbox-qadocker service in the background
docker exec -it tsysdevstack-toolboxstack-toolbox-qadocker zsh
1. **Create a new toolbox**
```bash
cp -r /path/to/toolbox-template /path/to/new-toolbox
cd /path/to/new-toolbox
```
2. **Customize the toolbox**
- Edit `Dockerfile` to add toolbox-specific tooling
- Modify `docker-compose.yml` to adjust service configuration
- Update `SEED` to define the toolbox's purpose and goals
3. **Build the toolbox**
```bash
./build.sh
```
4. **Start the toolbox**
```bash
./run.sh up
```
5. **Access the toolbox**
```bash
docker exec -it tsysdevstack-toolboxstack-{{toolbox_name}} zsh
```
6. **Stop the toolbox**
```bash
./run.sh down
```
---
## 🧱 Architecture
- **Base Image**: Extends from `tsysdevstack-toolboxstack-toolbox-base:release-current`
- **User**: Runs as non-root `toolbox` user (UID/GID mapped to host)
- **Workspace**: Mounts current directory to `/workspace` (read/write)
- **Runtime**: Inherits all tooling from base plus toolbox-specific additions
---
## 🛠️ Customization
### Dockerfile
Extend the base image with toolbox-specific tooling:
```dockerfile
# Extend from the toolbox-base image
FROM tsysdevstack-toolboxstack-toolbox-base:release-current
# Add toolbox-specific packages or configurations
RUN apt-get update && apt-get install -y --no-install-recommends \
specific-package \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
```
Use `./run.sh down` to stop the container when you are finished.
## 🧰 Included Tools
### Security Scanning
- **Trivy** - Comprehensive vulnerability scanner for containers and code
- **ClamAV** - Antivirus scanner for file system analysis
- **Hadolint** - Dockerfile linter for best practices
### Docker Analysis
- **Dockerfilelint** - Node.js-based Dockerfile linter
- **Docker** - Docker CLI with access to host Docker daemon via socket
- **Docker Buildx** - Docker CLI plugin for extended build capabilities
### Development Tools
- **Git** - Version control system
- **Zsh** - Interactive shell with Oh My Zsh framework
- **Mise** - Runtime manager for language versions
- **Aqua** - CLI tool manager
- **YQ** - YAML/JSON processor
- **JQ** - JSON processor
## 📋 QA Workflows
### Security Scanning
```bash
# Scan a Docker image with Trivy
trivy image <your-image-name>
# Scan a Dockerfile with Hadolint
hadolint Dockerfile
# Scan a Dockerfile with dockerfilelint
dockerfilelint Dockerfile
### docker-compose.yml
Adjust service configuration for toolbox-specific needs:
```yaml
services:
my-toolbox:
# Inherits all base configuration
# Add toolbox-specific volumes, ports, etc.
volumes:
- ./custom-config:/home/toolbox/.config/custom-tool
```
### Image Analysis
```bash
# Analyze image layers and size
docker history <your-image-name>
# Extract image contents for analysis
docker save <your-image-name> -o image.tar
tar -xf image.tar
### SEED
Define the toolbox's purpose and goals:
```markdown
- Describe what this toolbox should provide (languages, CLIs, workflows)
- List required base image modifications or additional mounts
- Note verification or testing expectations specific to this toolbox
```
### Best Practices Validation
The toolbox includes tools to validate Docker best practices:
- Hadolint for Dockerfile best practices
- Trivy for security vulnerabilities
- Docker's own best practices recommendations
---
## ⚙️ Configuration
## 📂 Project Layout
The toolbox is configured to:
- Run as a non-root user with host UID/GID mapping
- Access the host Docker daemon via socket mounting
- Include both Docker build and runtime analysis tools
- Follow security best practices (no sudo, minimal attack surface)
| Path | Purpose |
|------|---------|
| `Dockerfile` | Extends base image with toolbox-specific tooling |
| `docker-compose.yml` | Service configuration for the toolbox |
| `build.sh` | Wrapper around `docker build` with host UID/GID mapping |
| `run.sh` | Helper to bring the service up/down |
| `.devcontainer/devcontainer.json` | VS Code remote container definition |
| `SEED` | Defines the toolbox's purpose and goals |
| `PROMPT` | LLM onboarding prompt for future contributors |
## 🔐 Security Features
---
- Non-root user execution with UID/GID mapping
- Sudo is removed from the final image
- Multi-stage build minimizing attack surface
- Regular security scanning capabilities
## 🤝 Collaboration Notes
## 🤖 AI Agent
This toolbox is maintained by **ToolboxBot**, an AI agent focused on Docker QA tooling.
## 📄 License
See [LICENSE](../LICENSE) for full terms.
- Inherits all collaboration policies from `toolbox-base`
- Document toolbox-specific additions in `README.md` and `PROMPT`
- Update `SEED` only when the high-level objectives change
- Prefer aqua/mise for new tooling to keep installations reproducible
- Keep documentation synchronized for future contributors