generated from coulomb/repo-seed
State hub update and Containerization
This commit is contained in:
18
.dockerignore
Normal file
18
.dockerignore
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
.git
|
||||||
|
.pytest_cache
|
||||||
|
.ruff_cache
|
||||||
|
.mypy_cache
|
||||||
|
__pycache__
|
||||||
|
*.pyc
|
||||||
|
*.pyo
|
||||||
|
*.pyd
|
||||||
|
.venv
|
||||||
|
venv
|
||||||
|
env
|
||||||
|
build
|
||||||
|
dist
|
||||||
|
*.egg-info
|
||||||
|
runs
|
||||||
|
reports
|
||||||
|
downloads
|
||||||
|
tmp
|
||||||
23
Containerfile
Normal file
23
Containerfile
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
FROM python:3.12-slim
|
||||||
|
|
||||||
|
LABEL org.opencontainers.image.title="guide-board-core"
|
||||||
|
LABEL org.opencontainers.image.description="Guide Board certification and compliance preparation CLI core."
|
||||||
|
|
||||||
|
ENV PYTHONUNBUFFERED=1
|
||||||
|
|
||||||
|
WORKDIR /opt/guide-board
|
||||||
|
|
||||||
|
COPY pyproject.toml README.md LICENSE ./
|
||||||
|
COPY src ./src
|
||||||
|
COPY docs ./docs
|
||||||
|
COPY extensions ./extensions
|
||||||
|
COPY profiles ./profiles
|
||||||
|
COPY INTENT.md ./
|
||||||
|
|
||||||
|
RUN python -m pip install --no-cache-dir --upgrade pip \
|
||||||
|
&& python -m pip install --no-cache-dir .
|
||||||
|
|
||||||
|
VOLUME ["/runs", "/profiles", "/credentials", "/assets"]
|
||||||
|
|
||||||
|
ENTRYPOINT ["guide-board"]
|
||||||
|
CMD ["--help"]
|
||||||
@@ -28,6 +28,9 @@ PYTHONPATH=src python3 -m guide_board runs gate
|
|||||||
PYTHONPATH=src python3 -m unittest discover -s tests
|
PYTHONPATH=src python3 -m unittest discover -s tests
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The same CLI contracts are packaged by the container baseline. See
|
||||||
|
[docs/CONTAINER.md](docs/CONTAINER.md).
|
||||||
|
|
||||||
The `sample-noop` extension exercises the guide-board contracts without invoking
|
The `sample-noop` extension exercises the guide-board contracts without invoking
|
||||||
an external harness. `open-cmis-tck` is the first real seed extension.
|
an external harness. `open-cmis-tck` is the first real seed extension.
|
||||||
|
|
||||||
@@ -35,6 +38,7 @@ See:
|
|||||||
|
|
||||||
- [INTENT.md](INTENT.md)
|
- [INTENT.md](INTENT.md)
|
||||||
- [docs/ARCHITECTURE-BLUEPRINT.md](docs/ARCHITECTURE-BLUEPRINT.md)
|
- [docs/ARCHITECTURE-BLUEPRINT.md](docs/ARCHITECTURE-BLUEPRINT.md)
|
||||||
|
- [docs/CONTAINER.md](docs/CONTAINER.md)
|
||||||
- [docs/EXTENSION-SDK.md](docs/EXTENSION-SDK.md)
|
- [docs/EXTENSION-SDK.md](docs/EXTENSION-SDK.md)
|
||||||
- [extensions/CANDIDATES.md](extensions/CANDIDATES.md)
|
- [extensions/CANDIDATES.md](extensions/CANDIDATES.md)
|
||||||
- [extensions/open-cmis-tck/INTENT.md](extensions/open-cmis-tck/INTENT.md)
|
- [extensions/open-cmis-tck/INTENT.md](extensions/open-cmis-tck/INTENT.md)
|
||||||
|
|||||||
@@ -726,6 +726,10 @@ Recommended container model:
|
|||||||
- Restricted tools are mounted from licensed local paths.
|
- Restricted tools are mounted from licensed local paths.
|
||||||
- Network access is declared per extension and per assessment profile.
|
- Network access is declared per extension and per assessment profile.
|
||||||
|
|
||||||
|
The baseline `Containerfile` packages the local CLI, schemas, sample profiles,
|
||||||
|
and incubating extensions. See `docs/CONTAINER.md` for mount contracts and the
|
||||||
|
extension-specific image path.
|
||||||
|
|
||||||
Optional service model:
|
Optional service model:
|
||||||
|
|
||||||
- service lists extensions and profiles,
|
- service lists extensions and profiles,
|
||||||
|
|||||||
98
docs/CONTAINER.md
Normal file
98
docs/CONTAINER.md
Normal file
@@ -0,0 +1,98 @@
|
|||||||
|
# Guide Board Container Baseline
|
||||||
|
|
||||||
|
Status: draft
|
||||||
|
Created: 2026-05-07
|
||||||
|
|
||||||
|
## Purpose
|
||||||
|
|
||||||
|
The first container image packages the local CLI contracts, schemas, bundled
|
||||||
|
profiles, and incubating extensions. It is not a certification appliance and it
|
||||||
|
does not include restricted third-party harnesses unless a downstream image or
|
||||||
|
runtime mount provides them.
|
||||||
|
|
||||||
|
## Image Roles
|
||||||
|
|
||||||
|
Use `guide-board-core` for dependency-light checks:
|
||||||
|
|
||||||
|
- extension discovery,
|
||||||
|
- profile validation,
|
||||||
|
- run planning,
|
||||||
|
- sample/no-op assessments,
|
||||||
|
- extensions whose runners use only the core Python runtime.
|
||||||
|
|
||||||
|
Use extension-specific images when a harness needs additional dependencies such
|
||||||
|
as Java, Maven, browser engines, vendor tools, or licensed test suites. Those
|
||||||
|
images should extend `guide-board-core` or mount the core as a package, but they
|
||||||
|
must keep restricted assets outside the public core image.
|
||||||
|
|
||||||
|
## Build
|
||||||
|
|
||||||
|
```sh
|
||||||
|
podman build -t guide-board-core:local -f Containerfile .
|
||||||
|
```
|
||||||
|
|
||||||
|
Docker can be used with the same arguments.
|
||||||
|
|
||||||
|
## Local Baseline Run
|
||||||
|
|
||||||
|
```sh
|
||||||
|
mkdir -p runs
|
||||||
|
podman run --rm \
|
||||||
|
-v "$PWD/runs:/runs" \
|
||||||
|
guide-board-core:local \
|
||||||
|
--root /opt/guide-board run \
|
||||||
|
--target /opt/guide-board/profiles/targets/sample-repository.json \
|
||||||
|
--assessment /opt/guide-board/profiles/assessments/sample-noop.json \
|
||||||
|
--output-dir /runs/sample-noop
|
||||||
|
```
|
||||||
|
|
||||||
|
The run output remains on the host under `runs/sample-noop`.
|
||||||
|
|
||||||
|
## External Profiles
|
||||||
|
|
||||||
|
Mount project-specific profiles read-only:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
podman run --rm \
|
||||||
|
-v "$PWD/profiles:/profiles:ro" \
|
||||||
|
-v "$PWD/runs:/runs" \
|
||||||
|
guide-board-core:local \
|
||||||
|
--root /opt/guide-board run \
|
||||||
|
--target /profiles/targets/example.json \
|
||||||
|
--assessment /profiles/assessments/example.json \
|
||||||
|
--output-dir /runs/example
|
||||||
|
```
|
||||||
|
|
||||||
|
## Credentials And Restricted Assets
|
||||||
|
|
||||||
|
Credentials and licensed harness material should be mounted explicitly:
|
||||||
|
|
||||||
|
```text
|
||||||
|
/credentials runtime secrets or references
|
||||||
|
/assets licensed or locally provided harness assets
|
||||||
|
/profiles target and assessment profiles
|
||||||
|
/runs generated outputs
|
||||||
|
```
|
||||||
|
|
||||||
|
Assessment profiles should declare offline/network expectations. Extension
|
||||||
|
runners should fail as `blocked` or `infrastructure_error` when required mounted
|
||||||
|
assets are absent.
|
||||||
|
|
||||||
|
## CMIS Extension Path
|
||||||
|
|
||||||
|
The core image includes the incubating `open-cmis-tck` extension metadata,
|
||||||
|
preflight runner, command wrapper, and mappings. It does not include the final
|
||||||
|
Apache Chemistry TCK dependency graph. A future CMIS image should add Java/Maven
|
||||||
|
and document how the OpenCMIS TCK artifacts are resolved or mounted.
|
||||||
|
|
||||||
|
## Service Path
|
||||||
|
|
||||||
|
A service image should call the same CLI contracts used here:
|
||||||
|
|
||||||
|
- validate profiles,
|
||||||
|
- build run plans,
|
||||||
|
- execute runs,
|
||||||
|
- read run metadata, evidence, reports, retention summaries, trends, and gates.
|
||||||
|
|
||||||
|
The service layer may add job tracking and HTTP transport, but it should not
|
||||||
|
create separate execution semantics.
|
||||||
@@ -248,7 +248,7 @@ Progress:
|
|||||||
|
|
||||||
```task
|
```task
|
||||||
id: GUIDE-BOARD-WP-0001-T008
|
id: GUIDE-BOARD-WP-0001-T008
|
||||||
status: todo
|
status: done
|
||||||
priority: medium
|
priority: medium
|
||||||
state_hub_task_id: "21e5c1e0-b02e-408d-a657-1771750e9b30"
|
state_hub_task_id: "21e5c1e0-b02e-408d-a657-1771750e9b30"
|
||||||
```
|
```
|
||||||
@@ -261,6 +261,16 @@ Acceptance:
|
|||||||
- Restricted or license-gated harnesses are represented as mounted external
|
- Restricted or license-gated harnesses are represented as mounted external
|
||||||
assets, not redistributed guide-board content.
|
assets, not redistributed guide-board content.
|
||||||
|
|
||||||
|
Progress:
|
||||||
|
|
||||||
|
- Added a dependency-light `guide-board-core` `Containerfile`.
|
||||||
|
- Added `.dockerignore` to keep local run outputs and development artifacts out
|
||||||
|
of the image build context.
|
||||||
|
- Added `docs/CONTAINER.md` with mount contracts for profiles, credentials,
|
||||||
|
runs, and restricted harness assets.
|
||||||
|
- Documented the extension-specific image path for CMIS Java/Maven/OpenCMIS TCK
|
||||||
|
dependencies.
|
||||||
|
|
||||||
## D1.10 - Optional Local Service API
|
## D1.10 - Optional Local Service API
|
||||||
|
|
||||||
```task
|
```task
|
||||||
|
|||||||
Reference in New Issue
Block a user