ReachableCEO
343534ac12
This commit introduces the complete toolbox-qadocker implementation with the following features: - Creates a minimal Docker image specifically for auditing Docker images - Does not use toolbox-base as foundation (bootstrap purpose) - Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl - Adds additional tooling: dockerlint and Node.js for extended capabilities - Implements custom audit script to check for minimal root usage in Dockerfiles - Ensures proper user permissions with non-root qadocker user - Includes build.sh, run.sh, docker-compose.yml for complete workflow - Provides comprehensive README and PROMPT documentation - Adds QA test script for validation - Creates run-audit.sh for easy Dockerfile analysis - Optimized for fast rebuilds and effective Dockerfile validation - Configured to check for best practices regarding root usage - Ready to audit toolbox-base and other custom toolboxes This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
🌐 TSYSDevStack
A constellation of curated stacks that power rapid prototyping, support simulations, developer workspaces, and (soon) lifecycle orchestration for TSYS Group.
📚 Stack Directory Map
| Stack | Focus | Highlights |
|---|---|---|
| 🛰️ CloudronStack | Cloudron application packaging and upstream research. | Catalog of third-party services grouped by capability. |
| ♻️ LifecycleStack | Promotion workflows, governance, and feedback loops. | Roadmap placeholders ready for lifecycle charters. |
| 🛟 SupportStack | Demo environment for support tooling (homepage, WakaAPI, MailHog, socket proxy). | Control script automation, Docker Compose bundles, targeted shell tests. |
| 🧰 ToolboxStack | Reproducible developer workspaces and containerized tooling. | Ubuntu-based dev container with mise, aqua, and helper scripts. |
🚀 Quick Start
- Clone & Inspect
git clone <repo-url> cd TSYSDevStack tree -L 2 # optional: explore the stack layout - Run the Support Stack Demo
cd SupportStack ./output/code/TSYSDevStack-SupportStack-Demo-Control.sh start ./output/code/TSYSDevStack-SupportStack-Demo-Control.sh testUses Docker Compose bundles under
SupportStack/output/docker-compose/. - Enter the Toolbox Workspace
cd ToolboxStack/output/toolbox-base ./build.sh && ./run.sh up docker exec -it tsysdevstack-toolboxstack-toolbox-base zsh
🤖 AI Collaboration
This project uses Qwen AI agents for development and maintenance:
- Topside: Manages top-level README.md and directory structure
- CloudronBot: Handles CloudronStack documentation and packaging
- LifecycleBot: Manages LifecycleStack workflows
- SupportBot: Maintains SupportStack operations
- ToolboxBot: Handles ToolboxStack workspace management
🧭 Working Agreement
- Stacks stay in sync. When you add or modify automation, update both the relevant stack README and any linked prompts/docs.
- Collab vs Output. Use
collab/for planning and prompts, keep runnable artifacts underoutput/. - Document forward. New workflows should land alongside tests and a short entry in the appropriate README table.
- AI Agent Coordination. Use Qwen agents for documentation updates, code changes, and maintaining consistency across stacks.
📄 License
See LICENSE for full terms. Contributions are welcome—open a discussion in the relevant stack’s collab/ area to kick things off.