feat: Update toolbox-base and template with latest Docker configurations and documentation
\n- Updated Dockerfiles in both toolbox-base and toolbox-template - Modified build scripts and docker-compose configurations - Added new audit tools and documentation files - Created new toolbox-DocStack and toolbox-QADocker implementations - Updated README and maintenance documentation
This commit is contained in:
@@ -37,7 +37,7 @@ USERNAME="${USERNAME_OVERRIDE:-toolbox}"
|
||||
sanitized_input "$USERNAME"
|
||||
TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}"
|
||||
sanitized_input "$TEA_VERSION"
|
||||
BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}"
|
||||
BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-builder}"
|
||||
sanitized_input "$BUILDER_NAME"
|
||||
CACHE_DIR="${SCRIPT_DIR}/.build-cache"
|
||||
TAG="${TAG_OVERRIDE:-dev}"
|
||||
@@ -97,58 +97,78 @@ fi
|
||||
|
||||
echo "Build completed successfully."
|
||||
|
||||
# Run post-build verification
|
||||
echo "Running post-build verification..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" zsh -c 'echo "Container starts successfully"'; then
|
||||
# Run comprehensive verification tests
|
||||
echo "Running comprehensive verification tests..."
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" zsh -c 'echo "Container starts successfully as $(whoami) user"'; then
|
||||
echo "Error: Failed to start container with basic test." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify critical tools are available
|
||||
echo "Verifying critical tools..."
|
||||
CRITICAL_TOOLS=("zsh" "git" "curl" "jq" "fish" "fzf" "bat" "fd" "rg" "htop" "btop")
|
||||
for tool in "${CRITICAL_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: Critical tool '$tool' not found in PATH." >&2
|
||||
# Verify core tools are available to toolbox user
|
||||
echo "Verifying core tools for toolbox user..."
|
||||
CORE_TOOLS=("zsh" "git" "curl" "jq" "fish" "fzf" "bat" "fd" "rg" "htop" "btop")
|
||||
for tool in "${CORE_TOOLS[@]}"; do
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: Core tool '$tool' not found in PATH for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify aqua tools are available
|
||||
echo "Verifying aqua tools..."
|
||||
AQUA_TOOLS=("gh" "lazygit" "direnv" "delta" "zoxide" "just" "yq" "xh" "curlie" "chezmoi" "shfmt" "shellcheck" "hadolint" "uv" "uvx" "watchexec" "kroki")
|
||||
# Verify aqua tools are available to toolbox user
|
||||
echo "Verifying aqua tools for toolbox user..."
|
||||
AQUA_TOOLS=("gh" "lazygit" "direnv" "delta" "zoxide" "just" "yq" "xh" "curlie" "shfmt" "shellcheck" "hadolint")
|
||||
for tool in "${AQUA_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Warning: Aqua tool '$tool' not found in PATH. Installing..." >&2
|
||||
# Try to install the missing tool
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" zsh -c "aqua install $tool" >/dev/null 2>&1; then
|
||||
echo "Error: Failed to install aqua tool '$tool'." >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify AI CLI tools are available
|
||||
echo "Verifying AI CLI tools..."
|
||||
AI_TOOLS=("code" "qwen" "gemini" "codex" "opencode")
|
||||
for tool in "${AI_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Warning: AI CLI tool '$tool' not found in PATH." >&2
|
||||
# These might need node/mise setup, so we'll just warn
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify testing tools are available
|
||||
echo "Verifying testing tools..."
|
||||
TESTING_TOOLS=("bats" "shellcheck" "shfmt" "hadolint")
|
||||
for tool in "${TESTING_TOOLS[@]}"; do
|
||||
if ! docker run --rm "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: Testing tool '$tool' not found in PATH." >&2
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: Aqua tool '$tool' not found in PATH for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
echo "All verifications passed."
|
||||
# Verify AI CLI tools are available to toolbox user
|
||||
echo "Verifying AI CLI tools for toolbox user..."
|
||||
AI_TOOLS=("code" "qwen" "gemini" "codex" "opencode" "joplin")
|
||||
for tool in "${AI_TOOLS[@]}"; do
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" which "$tool" >/dev/null 2>&1; then
|
||||
echo "Error: AI CLI tool '$tool' not found in PATH for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify Node.js and npm are working properly
|
||||
echo "Verifying Node.js runtime..."
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" node --version >/dev/null 2>&1; then
|
||||
echo "Error: Node.js not working properly for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" npm --version >/dev/null 2>&1; then
|
||||
echo "Error: npm not working properly for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify mise is managing tools properly
|
||||
echo "Verifying mise runtime management..."
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" mise --version >/dev/null 2>&1; then
|
||||
echo "Error: Mise not available for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify aqua is managing tools properly
|
||||
echo "Verifying aqua package management..."
|
||||
if ! docker run --rm --user toolbox "${IMAGE_NAME}:${TAG}" aqua --version >/dev/null 2>&1; then
|
||||
echo "Error: Aqua not available for toolbox user." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Final security check: verify container runs as toolbox user
|
||||
echo "Verifying runtime security model..."
|
||||
RUNTIME_USER=$(docker run --rm "${IMAGE_NAME}:${TAG}" whoami)
|
||||
if [ "$RUNTIME_USER" != "toolbox" ]; then
|
||||
echo "Error: Container is not running as toolbox user. Current user: $RUNTIME_USER" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "All verifications passed. Security model is correct."
|
||||
|
||||
if [[ "${PUSH}" == "true" ]]; then
|
||||
echo "Pushing ${IMAGE_NAME}:${TAG}"
|
||||
@@ -157,7 +177,7 @@ if [[ "${PUSH}" == "true" ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "${TAG}" == "dev" && -n "${VERSION_TAG}" ]]; then
|
||||
if [[ "${TAG}" == "dev" && -n "${VERSION_TAG}" ]; then
|
||||
if ! docker tag "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:${VERSION_TAG}"; then
|
||||
echo "Error: Failed to tag ${IMAGE_NAME}:${VERSION_TAG}" >&2
|
||||
exit 1
|
||||
@@ -190,4 +210,4 @@ else
|
||||
echo "Trivy not found. Install Trivy to perform security scanning."
|
||||
fi
|
||||
|
||||
echo "Build process completed successfully with all verifications."
|
||||
echo "Build process completed successfully with all verifications and security checks."
|
||||
Reference in New Issue
Block a user