This commit fixes several issues in the toolbox-base Dockerfile that were identified during the audit:
- Added SHELL directive with pipefail option where pipes are used
- Fixed syntax error in user creation logic by changing 'else if' to 'elif'
- Removed problematic 'cd' usage, replacing with 'git -C' for directory-specific operations
- Added SHELL directive to second stage where pipes are used
- Improved multi-line RUN command formatting with proper semicolon usage
These changes resolve the following Hadolint errors:
- DL4006: Missing pipefail in RUN commands with pipes
- SC1075: Incorrect use of 'else if' instead of 'elif'
- DL3003: Usage of 'cd' instead of WORKDIR
The Dockerfile now passes Hadolint validation when ignoring version pinning
and multiple RUN command warnings, which are expected in this context.
This commit introduces the complete toolbox-qadocker implementation with the following features:
- Creates a minimal Docker image specifically for auditing Docker images
- Does not use toolbox-base as foundation (bootstrap purpose)
- Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl
- Adds additional tooling: dockerlint and Node.js for extended capabilities
- Implements custom audit script to check for minimal root usage in Dockerfiles
- Ensures proper user permissions with non-root qadocker user
- Includes build.sh, run.sh, docker-compose.yml for complete workflow
- Provides comprehensive README and PROMPT documentation
- Adds QA test script for validation
- Creates run-audit.sh for easy Dockerfile analysis
- Optimized for fast rebuilds and effective Dockerfile validation
- Configured to check for best practices regarding root usage
- Ready to audit toolbox-base and other custom toolboxes
This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
- Removed multiple toolbox directories (toolbox-QADocker, toolbox-dockstack, toolbox-qadocker)
- Created new toolbox-docstack directory
- Added .gitkeep to toolbox-qadocker directory to keep it tracked in git
- The filesystem structure continues to be the authoritative source of truth
- Preserved toolbox-qadocker directory in git with .gitkeep as requested for future work
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Renamed DocStack to dockstack
- Transformed toolbox-template into toolbox-qadocker with new functionality
- Removed NewToolbox.sh script
- Updated PROMPT and configuration files across all toolboxes
- Consolidated audit and testing scripts
- Updated QWEN.md to reflect new filesystem structure as authoritative source
- Merged PROMPT content into QWEN.md as requested
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
The filesystem structure has been intentionally restructured and is now the authoritative source of truth for the project organization.
\n- Updated Dockerfiles in both toolbox-base and toolbox-template
- Modified build scripts and docker-compose configurations
- Added new audit tools and documentation files
- Created new toolbox-DocStack and toolbox-QADocker implementations
- Updated README and maintenance documentation
\n- Updated Dockerfiles in both toolbox-base and toolbox-template
- Modified build scripts and docker-compose configurations
- Added new audit tools and documentation files
- Created new toolbox-DocStack and toolbox-QADocker implementations
- Updated README and maintenance documentation
- Update ToolboxStack/output/toolbox-template/Dockerfile with latest configuration
- Refine template container build process
- Align with project standards and conventions
This enhances the toolbox template container configuration.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest configuration
- Add ToolboxStack/collab/GEMINI-AUDIT-TOOLBOX-20251030-1309.md with audit documentation
- Refine container build process and include security audit information
This enhances the toolbox container configuration and documentation.
- Update ToolboxStack/output/toolbox-template/Dockerfile with latest container settings
- Update ToolboxStack/output/toolbox-template/PROMPT with enhanced instructions
- Update ToolboxStack/output/toolbox-template/SEED with updated seed data
- Update ToolboxStack/output/toolbox-template/aqua.yaml with refined tool management
- Update ToolboxStack/output/toolbox-template/build.sh with improved build process
- Update ToolboxStack/output/toolbox-template/docker-compose.yml with enhanced service definitions
- Update ToolboxStack/output/toolbox-template/release.sh with enhanced release process
- Update ToolboxStack/output/toolbox-template/run.sh with improved runtime configuration
This enhances the toolbox template for creating new developer environments.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container settings
- Update ToolboxStack/output/toolbox-base/aqua.yaml with refined tool management
This enhances the base developer environment configuration.
- Update ToolboxStack/output/toolbox-base/test.sh with enhanced testing capabilities
- Add ToolboxStack/output/toolbox-base/AUDIT_CHECKLIST.md with security audit guidelines
- Add ToolboxStack/output/toolbox-base/security-audit.sh with security auditing tools
- Update ToolboxStack/output/toolbox-template/test.sh with enhanced testing capabilities
- Add ToolboxStack/output/toolbox-template/AUDIT_CHECKLIST.md with security audit guidelines
- Add ToolboxStack/output/toolbox-template/security-audit.sh with security auditing tools
This enhances both the base and template developer environments with security auditing capabilities.
- Update ToolboxStack/output/toolbox-template/.devcontainer/devcontainer.json with improved container settings
- Update ToolboxStack/output/toolbox-template/PROMPT with enhanced instructions
- Update ToolboxStack/output/toolbox-template/SEED with updated seed data
- Update ToolboxStack/output/toolbox-template/docker-compose.yml with enhanced service definitions
- Add ToolboxStack/output/toolbox-template/README.md with documentation
This enhances the toolbox template for creating new developer environments.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container settings
- Update ToolboxStack/output/toolbox-base/aqua.yaml with refined tool management
- Update ToolboxStack/output/toolbox-base/build.sh with improved build process
- Update ToolboxStack/output/toolbox-base/docker-compose.yml with enhanced service definitions
This enhances the base developer environment configuration.
- Update ToolboxStack/output/toolbox-template/Dockerfile with latest configuration
- Add ToolboxStack/output/toolbox-template/release.sh for release management
- Refine template functionality and ensure proper operations
- Align with project standards and conventions
This enhances the ToolboxStack template for creating new developer environments.
- Update ToolboxStack/output/toolbox-base/release.sh with improved release process
- Refine release functionality and ensure proper operation
- Align with project standards and conventions
This enhances the ToolboxStack release capabilities.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container settings
- Refine container build process and dependencies
- Ensure optimal configuration for developer environments
This improves the base developer environment container configuration.
- Update ToolboxStack/output/toolbox-template/run.sh with final runtime configuration adjustments
- Ensure proper startup procedures and environment setup
- Align with project standards and conventions
This completes the updates to the toolbox template runtime.
- Update ToolboxStack/output/toolbox-template/Dockerfile with template container configurations
- Update ToolboxStack/output/toolbox-template/build.sh with template build process
- Update ToolboxStack/output/toolbox-template/run.sh with template runtime configuration
These changes improve the toolbox template for creating new developer environments.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations
- Update ToolboxStack/output/toolbox-base/build.sh with improved build process
- Update ToolboxStack/output/toolbox-base/run.sh with enhanced runtime configuration
These changes improve the base developer environment build and runtime capabilities.
- Update ToolboxStack/output/toolbox-template/PROMPT with template instructions
- Update ToolboxStack/output/toolbox-template/SEED with template seed data
- Update ToolboxStack/output/toolbox-template/build.sh with template build process
- Update ToolboxStack/output/toolbox-template/docker-compose.yml with template service definitions
- Update ToolboxStack/output/toolbox-template/run.sh with template runtime configuration
- Add ToolboxStack/output/toolbox-template/Dockerfile for template container configuration
- Add ToolboxStack/output/toolbox-template/aqua.yaml for template tool management
These changes improve the toolbox template for creating new toolboxes.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations
- Update ToolboxStack/output/toolbox-base/PROMPT with enhanced instructions
- Update ToolboxStack/output/toolbox-base/README.md with current documentation
- Update ToolboxStack/output/toolbox-base/build.sh with improved build process
- Update ToolboxStack/output/toolbox-base/docker-compose.yml with refined service definitions
- Update ToolboxStack/output/toolbox-base/run.sh with enhanced runtime configuration
These changes improve the base developer environment configurations.
- Update ToolboxStack/output/toolbox-base/aqua.yaml with final configuration adjustments
- Ensure proper tool management settings are in place
- Align with project standards and conventions
This completes the updates to the tool management configuration.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations
- Update ToolboxStack/output/toolbox-base/aqua.yaml with refined tool management settings
These changes improve the developer environment container and tool management.
- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations
- Update ToolboxStack/output/toolbox-base/PROMPT with enhanced AI collaboration instructions
- Update ToolboxStack/output/toolbox-base/README.md with current documentation
- Add ToolboxStack/collab/tool-additions/ directory for additional tool configurations
- Update CloudronStack/output/master-control-script.sh with improved automation logic
These changes enhance the developer workspace configuration and
improve automation workflows across the project.
- Update collab/TSYSDevStack-toolbox-prompt.md with latest guidelines
- Update output/PROMPT with improved instructions for AI collaboration
- Update output/toolbox-base/PROMPT with enhanced development guidelines
- Update output/toolbox-base/README.md with current documentation
- Update output/toolbox-base/build.sh with improved build process
- Update output/toolbox-base/docker-compose.yml with refined service definitions
- Update output/toolbox-base/run.sh with enhanced runtime configuration
- Add output/toolbox-base/release.sh for release management processes
These changes improve the developer workspace experience and ensure
consistent tooling across the TSYSDevStack project.
