chore(filesystem): reflect major filesystem restructuring changes
- Renamed DocStack to dockstack - Transformed toolbox-template into toolbox-qadocker with new functionality - Removed NewToolbox.sh script - Updated PROMPT and configuration files across all toolboxes - Consolidated audit and testing scripts - Updated QWEN.md to reflect new filesystem structure as authoritative source - Merged PROMPT content into QWEN.md as requested Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com> The filesystem structure has been intentionally restructured and is now the authoritative source of truth for the project organization.
This commit is contained in:
@@ -1,26 +1,38 @@
|
||||
# Docker QA Toolbox SEED
|
||||
# Toolbox Template SEED
|
||||
|
||||
## Purpose
|
||||
This toolbox is specifically designed for Docker image auditing, security scanning, and quality assurance. It provides a comprehensive set of tools to analyze, validate, and secure Docker images and Dockerfiles.
|
||||
This SEED file defines the high-level objectives for all toolboxes created from this template.
|
||||
|
||||
## Core Functionality
|
||||
- Security scanning of Docker images using Trivy
|
||||
- Linting of Dockerfiles using Hadolint and dockerfilelint
|
||||
- Analysis of Docker image composition and layers
|
||||
- Validation of Docker best practices
|
||||
- Compliance checking against security standards
|
||||
## 🎯 Goals
|
||||
|
||||
## Target Use Cases
|
||||
- Pre-deployment security scanning of Docker images
|
||||
- Dockerfile quality validation in CI/CD pipelines
|
||||
- Docker image composition analysis
|
||||
- Security audit of existing container images
|
||||
- Verification of container best practices
|
||||
- **Extensibility**: Each toolbox should extend from `toolbox-base` to inherit core tooling
|
||||
- **Consistency**: All toolboxes should follow the same patterns and conventions
|
||||
- **Reproducibility**: Toolbox builds should be deterministic and cache-efficient
|
||||
- **Security**: Toolboxes should run as non-root users with minimal privileges
|
||||
- **Portability**: Toolboxes should work identically across different host environments
|
||||
|
||||
## Key Tools
|
||||
- Trivy: Comprehensive vulnerability scanner
|
||||
- Hadolint: Dockerfile linter for best practices
|
||||
- Dockerfilelint: Additional Dockerfile validation
|
||||
- Docker CLI: Direct access to Docker daemon
|
||||
- Mise: Runtime version management
|
||||
- Aqua: CLI tool management
|
||||
## 🧰 Requirements
|
||||
|
||||
- **Base Image**: Extend from `tsysdevstack-toolboxstack-toolbox-base:release-current`
|
||||
- **User Model**: Run as non-root `toolbox` user (UID/GID mapped to host)
|
||||
- **Workspace**: Mount current directory to `/workspace` (read/write)
|
||||
- **Runtime**: Inherit all base tooling plus toolbox-specific additions
|
||||
- **Configuration**: Preserve user configs/mise toolchains via volume mounts
|
||||
|
||||
## 🛠️ Implementation
|
||||
|
||||
- **Dockerfile**: Extend from base with toolbox-specific tooling
|
||||
- **docker-compose.yml**: Configure service with inherited + custom settings
|
||||
- **build.sh**: Wrapper around `docker build` with UID/GID mapping
|
||||
- **run.sh**: Helper to bring service up/down
|
||||
- **devcontainer.json**: VS Code remote container definition
|
||||
- **SEED**: Define toolbox-specific objectives (this file)
|
||||
- **PROMPT**: LLM onboarding prompt for future contributors
|
||||
|
||||
## ✅ Verification
|
||||
|
||||
- Toolboxes should build without errors
|
||||
- Toolboxes should start and run indefinitely
|
||||
- Toolboxes should be accessible via `docker exec`
|
||||
- Toolboxes should inherit all base tooling
|
||||
- Toolboxes should support toolbox-specific additions
|
||||
- Toolboxes should preserve user configurations across restarts
|
||||
Reference in New Issue
Block a user