chore(filesystem): reflect major filesystem restructuring changes
- Renamed DocStack to dockstack - Transformed toolbox-template into toolbox-qadocker with new functionality - Removed NewToolbox.sh script - Updated PROMPT and configuration files across all toolboxes - Consolidated audit and testing scripts - Updated QWEN.md to reflect new filesystem structure as authoritative source - Merged PROMPT content into QWEN.md as requested Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com> The filesystem structure has been intentionally restructured and is now the authoritative source of truth for the project organization.
This commit is contained in:
@@ -25,7 +25,12 @@ if ! docker buildx version &> /dev/null; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-qadocker"
|
||||
# Get the toolbox name from the directory name (or you can pass it as an argument)
|
||||
TOOLBOX_NAME="${TOOLBOX_NAME_OVERRIDE:-$(basename "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")}"
|
||||
sanitized_input "$TOOLBOX_NAME"
|
||||
# Convert to lowercase and replace any uppercase letters to ensure valid Docker image name
|
||||
IMAGE_NAME_RAW="tsysdevstack-toolboxstack-${TOOLBOX_NAME#toolbox-}"
|
||||
IMAGE_NAME=$(echo "$IMAGE_NAME_RAW" | tr '[:upper:]' '[:lower:]')
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# Sanitize user input
|
||||
@@ -37,7 +42,7 @@ USERNAME="${USERNAME_OVERRIDE:-toolbox}"
|
||||
sanitized_input "$USERNAME"
|
||||
TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}"
|
||||
sanitized_input "$TEA_VERSION"
|
||||
BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-builder}"
|
||||
BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}"
|
||||
sanitized_input "$BUILDER_NAME"
|
||||
CACHE_DIR="${SCRIPT_DIR}/.build-cache"
|
||||
TAG="${TAG_OVERRIDE:-dev}"
|
||||
@@ -97,64 +102,36 @@ fi
|
||||
|
||||
echo "Build completed successfully."
|
||||
|
||||
# Run comprehensive verification tests
|
||||
echo "Running comprehensive verification tests..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" zsh -c 'echo "Container starts successfully as $(whoami) user"'; then
|
||||
# Run post-build verification
|
||||
echo "Running post-build verification..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" bash -c 'echo "Container starts successfully"'; then
|
||||
echo "Error: Failed to start container with basic test." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify core tools are available to toolbox user
|
||||
echo "Verifying core tools for toolbox user..."
|
||||
CORE_TOOLS=("zsh" "git" "curl" "jq" "docker" "trivy" "hadolint")
|
||||
for tool in "${CORE_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" su - toolbox -c "which $tool" >/dev/null 2>&1; then
|
||||
echo "Error: Core tool '$tool' not found in PATH for toolbox user." >&2
|
||||
# Verify critical tools for Docker auditing are available
|
||||
echo "Verifying Docker auditing tools..."
|
||||
CRITICAL_TOOLS=("git" "curl" "wget" "docker" "hadolint" "dive" "bash")
|
||||
for tool in "${CRITICAL_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: Critical Docker auditing tool '$tool' not found in PATH." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify Docker QA tools are available to toolbox user
|
||||
echo "Verifying Docker QA tools for toolbox user..."
|
||||
QA_TOOLS=("dockerfilelint" "yq")
|
||||
for tool in "${QA_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" su - toolbox -c "which $tool" >/dev/null 2>&1; then
|
||||
echo "Error: QA tool '$tool' not found in PATH for toolbox user." >&2
|
||||
# Verify additional aqua tools for QA are available
|
||||
echo "Verifying QA aqua tools..."
|
||||
AQUA_TOOLS=("lazygit" "direnv" "delta" "zoxide" "yq" "xh" "curlie" "shellcheck" "trivy" "grype" "docker-bench-security")
|
||||
for tool in "${AQUA_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: QA aqua tool '$tool' not found in PATH." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify Node.js and npm are working properly
|
||||
echo "Verifying Node.js runtime..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" su - toolbox -c "node --version && npm --version" >/dev/null 2>&1; then
|
||||
echo "Error: Node.js or npm not working properly for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify mise is managing tools properly
|
||||
echo "Verifying mise runtime management..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" su - toolbox -c "mise --version" >/dev/null 2>&1; then
|
||||
echo "Error: Mise not available for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify aqua is managing tools properly
|
||||
echo "Verifying aqua package management..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" su - toolbox -c "aqua --version" >/dev/null 2>&1; then
|
||||
echo "Error: Aqua not available for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Final security check: verify container runs as toolbox user
|
||||
echo "Verifying runtime security model..."
|
||||
RUNTIME_USER=$(docker run --rm "${IMAGE_NAME}:${TAG}" whoami)
|
||||
if [ "$RUNTIME_USER" != "toolbox" ]; then
|
||||
echo "Error: Container is not running as toolbox user. Current user: $RUNTIME_USER" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "All verifications passed. Security model is correct."
|
||||
echo "All verifications passed."
|
||||
|
||||
# Push if requested
|
||||
if [[ "${PUSH}" == "true" ]]; then
|
||||
echo "Pushing ${IMAGE_NAME}:${TAG}"
|
||||
if ! docker push "${IMAGE_NAME}:${TAG}"; then
|
||||
@@ -195,4 +172,4 @@ else
|
||||
echo "Trivy not found. Install Trivy to perform security scanning."
|
||||
fi
|
||||
|
||||
echo "Build process completed successfully with all verifications and security checks."
|
||||
echo "Build process completed successfully with all verifications."
|
||||
Reference in New Issue
Block a user