- Create specialized toolbox container for auditing Docker images and related files
- Include essential QA tools: Hadolint, Dive, ShellCheck, Trivy, Dockle, Docker client, Node.js
- Implement comprehensive build, run, release, and test scripts
- Add detailed documentation with usage examples
- Ensure all tools work correctly within the container
- Rename directory from toolbox-QADocker to toolbox-qadocker for consistency
- Update QWEN.md with comprehensive QA workflow using toolbox-qadocker
- Add mandatory pre-build audit process using QA tools
- Add validation process for testing from inside container environment
- Add comprehensive testing to verify all tools are working
- Optimize Dockerfile for best practices and security
- Ensure container runs as non-root user for security
- Add release script for versioned releases to registry
- Add test script to verify all tools are working correctly
This commit introduces the complete toolbox-qadocker implementation with the following features:
- Creates a minimal Docker image specifically for auditing Docker images
- Does not use toolbox-base as foundation (bootstrap purpose)
- Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl
- Adds additional tooling: dockerlint and Node.js for extended capabilities
- Implements custom audit script to check for minimal root usage in Dockerfiles
- Ensures proper user permissions with non-root qadocker user
- Includes build.sh, run.sh, docker-compose.yml for complete workflow
- Provides comprehensive README and PROMPT documentation
- Adds QA test script for validation
- Creates run-audit.sh for easy Dockerfile analysis
- Optimized for fast rebuilds and effective Dockerfile validation
- Configured to check for best practices regarding root usage
- Ready to audit toolbox-base and other custom toolboxes
This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
- Removed multiple toolbox directories (toolbox-QADocker, toolbox-dockstack, toolbox-qadocker)
- Created new toolbox-docstack directory
- Added .gitkeep to toolbox-qadocker directory to keep it tracked in git
- The filesystem structure continues to be the authoritative source of truth
- Preserved toolbox-qadocker directory in git with .gitkeep as requested for future work
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- Renamed DocStack to dockstack
- Transformed toolbox-template into toolbox-qadocker with new functionality
- Removed NewToolbox.sh script
- Updated PROMPT and configuration files across all toolboxes
- Consolidated audit and testing scripts
- Updated QWEN.md to reflect new filesystem structure as authoritative source
- Merged PROMPT content into QWEN.md as requested
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
The filesystem structure has been intentionally restructured and is now the authoritative source of truth for the project organization.
