auto_review/sandbox (issue-10-mandatory-sandbox-manual1)
Installation
docker pull git.johnwilger.com/jwilger/auto_review/sandbox:issue-10-mandatory-sandbox-manual1sha256:f0dba0a49ebf394cfe8c1ac4ad4c2435ce58562a1698c987fb236d58a05c2fb7Image layers
| # debian.sh --arch 'amd64' out/ 'bookworm' '@1776729600' |
| ARG TARGETARCH=amd64 |
| ARG ACTIONLINT_VERSION=1.7.12 |
| ARG GITLEAKS_VERSION=8.30.1 |
| ARG GOLANGCI_LINT_VERSION=2.12.1 |
| ARG GOSEC_VERSION=2.26.1 |
| RUN |5 TARGETARCH=amd64 ACTIONLINT_VERSION=1.7.12 GITLEAKS_VERSION=8.30.1 GOLANGCI_LINT_VERSION=2.12.1 GOSEC_VERSION=2.26.1 /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates curl git unzip shellcheck yamllint cppcheck nodejs npm python3 python3-pip ruby ruby-dev build-essential php-cli composer default-jre && rm -rf /var/lib/apt/lists/* # buildkit |
| RUN |5 TARGETARCH=amd64 ACTIONLINT_VERSION=1.7.12 GITLEAKS_VERSION=8.30.1 GOLANGCI_LINT_VERSION=2.12.1 GOSEC_VERSION=2.26.1 /bin/sh -c pip3 install --break-system-packages ruff semgrep sqlfluff checkov mypy bandit ansible-lint pylint vim-vint # buildkit |
| RUN |5 TARGETARCH=amd64 ACTIONLINT_VERSION=1.7.12 GITLEAKS_VERSION=8.30.1 GOLANGCI_LINT_VERSION=2.12.1 GOSEC_VERSION=2.26.1 /bin/sh -c gem install --no-document rubocop # buildkit |
| RUN |5 TARGETARCH=amd64 ACTIONLINT_VERSION=1.7.12 GITLEAKS_VERSION=8.30.1 GOLANGCI_LINT_VERSION=2.12.1 GOSEC_VERSION=2.26.1 /bin/sh -c composer global require --no-interaction --quiet phpstan/phpstan && ln -sf /root/.composer/vendor/bin/phpstan /usr/local/bin/phpstan # buildkit |
| RUN |5 TARGETARCH=amd64 ACTIONLINT_VERSION=1.7.12 GITLEAKS_VERSION=8.30.1 GOLANGCI_LINT_VERSION=2.12.1 GOSEC_VERSION=2.26.1 /bin/sh -c npm install -g eslint markdownlint-cli @biomejs/biome oxlint stylelint stylelint-config-standard-scss htmlhint prettier jsonlint # buildkit |
| RUN |5 TARGETARCH=amd64 ACTIONLINT_VERSION=1.7.12 GITLEAKS_VERSION=8.30.1 GOLANGCI_LINT_VERSION=2.12.1 GOSEC_VERSION=2.26.1 /bin/sh -c set -eux; curl -fsSL "https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64" -o /usr/local/bin/hadolint && chmod +x /usr/local/bin/hadolint; curl -fsSL "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_${TARGETARCH}.tar.gz" | tar -xz -C /usr/local/bin actionlint; curl -fsSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" | tar -xz -C /usr/local/bin gitleaks; curl -fsSL "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-${TARGETARCH}.tar.gz" | tar -xz -C /tmp && mv /tmp/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-${TARGETARCH}/golangci-lint /usr/local/bin/; curl -fsSL "https://github.com/securego/gosec/releases/download/v${GOSEC_VERSION}/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz" | tar -xz -C /usr/local/bin gosec; curl -fsSL "https://github.com/dominikh/go-tools/releases/latest/download/staticcheck_linux_amd64.tar.gz" | tar -xz -C /tmp && mv /tmp/staticcheck/staticcheck /usr/local/bin/ && rm -rf /tmp/staticcheck; curl -fsSL "https://github.com/terraform-linters/tflint/releases/latest/download/tflint_linux_amd64.zip" -o /tmp/tflint.zip && unzip -q /tmp/tflint.zip -d /tmp/tflint && mv /tmp/tflint/tflint /usr/local/bin/ && rm -rf /tmp/tflint /tmp/tflint.zip; curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_Linux-64bit.tar.gz" | tar -xz -C /usr/local/bin trivy; curl -fsSL "https://github.com/google/osv-scanner/releases/latest/download/osv-scanner_linux_${TARGETARCH}" -o /usr/local/bin/osv-scanner; curl -fsSL "https://github.com/ast-grep/ast-grep/releases/latest/download/app-x86_64-unknown-linux-gnu.zip" -o /tmp/ast-grep.zip && unzip -q /tmp/ast-grep.zip -d /tmp/ast-grep && mv /tmp/ast-grep/ast-grep /usr/local/bin/ && rm -rf /tmp/ast-grep /tmp/ast-grep.zip; curl -fsSL "https://github.com/tamasfe/taplo/releases/latest/download/taplo-linux-x86_64.gz" | gunzip > /usr/local/bin/taplo; curl -fsSL "https://github.com/dotenv-linter/dotenv-linter/releases/latest/download/dotenv-linter-linux-x86_64.tar.gz" | tar -xz -C /usr/local/bin dotenv-linter; curl -fsSL "https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz" | tar -xz -C /usr/local/bin kubeconform; curl -fsSL "https://github.com/errata-ai/vale/releases/download/v3.7.1/vale_3.7.1_Linux_64-bit.tar.gz" | tar -xz -C /usr/local/bin vale; curl -fsSL "https://github.com/realm/SwiftLint/releases/latest/download/swiftlint_linux_amd64.zip" -o /tmp/swiftlint.zip && unzip -q /tmp/swiftlint.zip -d /tmp/swiftlint && mv /tmp/swiftlint/swiftlint /usr/local/bin/ && rm -rf /tmp/swiftlint /tmp/swiftlint.zip; curl -fsSL "https://github.com/bufbuild/buf/releases/latest/download/buf-Linux-x86_64" -o /usr/local/bin/buf; curl -fsSL "https://github.com/crate-ci/typos/releases/download/v1.27.0/typos-v1.27.0-x86_64-unknown-linux-musl.tar.gz" | tar -xz -C /usr/local/bin ./typos; curl -fsSL "https://github.com/pmd/pmd/releases/download/pmd_releases%2F7.0.0/pmd-dist-7.0.0-bin.zip" -o /tmp/pmd.zip && unzip -q /tmp/pmd.zip -d /opt && ln -sf /opt/pmd-bin-7.0.0/bin/pmd /usr/local/bin/pmd && rm /tmp/pmd.zip; curl -fsSL "https://github.com/pinterest/ktlint/releases/latest/download/ktlint" -o /usr/local/bin/ktlint; curl -fsSL "https://get.helm.sh/helm-v3.16.0-linux-amd64.tar.gz" | tar -xz -C /tmp && mv /tmp/linux-amd64/helm /usr/local/bin/ && rm -rf /tmp/linux-amd64; curl -fsSL "https://github.com/mvdan/sh/releases/latest/download/shfmt_v3.13.1_linux_amd64" -o /usr/local/bin/shfmt; chmod +x /usr/local/bin/* # buildkit |
| USER 65534:65534 |
| WORKDIR /work |
Details
Versions (1)
View all
issue-10-mandatory-sandbox-manual1
2026-05-02