KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6deeb670f686bd87442b4efc3331b85a5362137
TSYSDevStack/ToolboxStack/collab/prompts/FeatureWork/toolbox-qadocker.md
ReachableCEO 124d51ebff feat: implement toolbox-qadocker for Docker image auditing and QA 
- Create specialized toolbox container for auditing Docker images and related files
- Include essential QA tools: Hadolint, Dive, ShellCheck, Trivy, Dockle, Docker client, Node.js
- Implement comprehensive build, run, release, and test scripts
- Add detailed documentation with usage examples
- Ensure all tools work correctly within the container
- Rename directory from toolbox-QADocker to toolbox-qadocker for consistency
- Update QWEN.md with comprehensive QA workflow using toolbox-qadocker
- Add mandatory pre-build audit process using QA tools
- Add validation process for testing from inside container environment
- Add comprehensive testing to verify all tools are working
- Optimize Dockerfile for best practices and security
- Ensure container runs as non-root user for security
- Add release script for versioned releases to registry
- Add test script to verify all tools are working correctly
2025-10-31 15:53:38 -05:00

1.5 KiB
Raw Blame History

The first toolbox we need to build is for performing audit/QA work on the custom toolbox images we are trying to build.

Finish the design/validation/auditing/building/testing of the

tsysdevstack-toolboxstack-toolbox-qadocker

dockerimage.

This will be the ONLY image that we build (other than tsysdevstack-toolboxstack-toolbox-base itself) which DOES NOT use the toolbox-base image as its foundation.

The toolbox-qadocker image is used for bootstrap purposes and is meant to audit toolbox-base and every other custom toolbox we make.

The toolbox-qadocker image should be minimal, simple. It should be easy to extend, it should be able to be re-built quickly.

Adopt all best common practices

Add in

  • hadolint
  • docky
  • dive

and other useful qa/linting tools for QA of Dockerfile/shellscripts etc commonly used in the docker image build/release process.

Ensure it will be useful for auditing docker images (hadolint etc). Its meant to run quickly and be utilized by AI CLI agents when they are making container images.

Do the work in:

output/toolbox-qadocker

Ensure the container image builds and the tools work

Use it to QA itself.

DO NOT USE root for anything but apt-get and bootstrapping aqua if needed.

All work that can be done as the qadocker user should be done as the qadocker user

Optimize the Dockerfile that you generate. Check it for errors. Ensure it will past the strictest linting checks.

DO NOT USE ANY OTHER MATERIAL IN THIS PROJECT for your work.

Do the image creation completely from scratch.