From 8a29204746e6cb91e3933effc19f4c830e7abe35 Mon Sep 17 00:00:00 2001 From: ArthurFlag Date: Mon, 23 Jun 2025 15:38:37 +0200 Subject: [PATCH 1/3] gordon: support for DHI migration --- content/manuals/ai/gordon/_index.md | 12 +++++++++--- content/manuals/dhi/how-to/migrate.md | 19 +++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/content/manuals/ai/gordon/_index.md b/content/manuals/ai/gordon/_index.md index 83b1faf5fd5..23d814e2207 100644 --- a/content/manuals/ai/gordon/_index.md +++ b/content/manuals/ai/gordon/_index.md @@ -101,9 +101,10 @@ If you have concerns about data collection or usage, you can ## Using Ask Gordon -The primary interfaces to Docker's AI capabilities are through the **Ask -Gordon** view in Docker Desktop, or if you prefer to use the CLI: the `docker -ai` CLI command. +You can access Gordon: + +- In Docker Desktop, in the **Ask Gordon** view. +- Via the Docker CLI, with the `docker ai` CLI command. Once you've enabled the Docker AI features, you'll also find references to **Ask Gordon** in various other places throughout the Docker Desktop user interface. @@ -119,6 +120,7 @@ ways things you can try: - [Troubleshoot a crashed container](#troubleshoot-a-crashed-container) - [Get help with running a container](#get-help-with-running-a-container) - [Improve a Dockerfile](#improve-a-dockerfile) +- [Migrate a Dockerfile to DHI](#migrate-a-dockerfile-to-dhi) For more examples, try asking Gordon directly. For example: @@ -194,6 +196,10 @@ across several dimensions: - Portability - Resource efficiency +### Migrate a Dockerfile to DHI + +See [Use Gordon AI](/manuals/dhi/how-to/migrate.md#use-gordon-ai) in the DHI section. + ## Disable Ask Gordon ### For individual users diff --git a/content/manuals/dhi/how-to/migrate.md b/content/manuals/dhi/how-to/migrate.md index ba1710767f2..8f57467ba89 100644 --- a/content/manuals/dhi/how-to/migrate.md +++ b/content/manuals/dhi/how-to/migrate.md @@ -240,3 +240,22 @@ ENTRYPOINT [ "python", "/app/image.py" ] {{< /tab >}} {{< /tabs >}} + +### Use Gordon AI + +Alternatively, you can request assistance to +[Gordon](/manuals/ai/gordon/_index.md), Docker's AI feature, to act as a DevSecOps Agent +and migrate your Dockerfile: + +1. In the terminal, navigate to the directory containing your Dockerfile. +1. Run: + + ```bash + docker ai "Migrate my dockerfile to DHI" + ``` + +1. Follow the conversation with Gordon. When it requests access to the filesystem, + type `yes` to enable it to update the file. + +> [!IMPORTANT] +> As with any AI tool, you must verify Gordon's edits and test your image. From 41b606649db40bffde12f79f45a392c1f3821ee3 Mon Sep 17 00:00:00 2001 From: ArthurFlag Date: Wed, 25 Jun 2025 11:22:15 +0200 Subject: [PATCH 2/3] update --- content/manuals/ai/gordon/_index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/manuals/ai/gordon/_index.md b/content/manuals/ai/gordon/_index.md index 23d814e2207..c3520c55a5a 100644 --- a/content/manuals/ai/gordon/_index.md +++ b/content/manuals/ai/gordon/_index.md @@ -20,7 +20,8 @@ of the Docker ecosystem. ## What is Ask Gordon? -Ask Gordon provides AI-powered assistance in Docker tools. It offers contextual help for tasks like: +Ask Gordon provides AI-powered assistance in Docker tools and can act as a DevSecOps agent. +It offers contextual help for tasks like: - Improving Dockerfiles - Running and troubleshooting containers From 895e490f9381682258c3dd0157f8ceabab380061 Mon Sep 17 00:00:00 2001 From: ArthurFlag Date: Thu, 26 Jun 2025 17:00:27 +0200 Subject: [PATCH 3/3] feedback --- content/includes/gordondhi.md | 24 +++++++++++++++++++++ content/manuals/ai/gordon/_index.md | 12 +++++++++-- content/manuals/dhi/features/integration.md | 2 +- content/manuals/dhi/how-to/migrate.md | 24 ++++++--------------- 4 files changed, 42 insertions(+), 20 deletions(-) create mode 100644 content/includes/gordondhi.md diff --git a/content/includes/gordondhi.md b/content/includes/gordondhi.md new file mode 100644 index 00000000000..b807b94db35 --- /dev/null +++ b/content/includes/gordondhi.md @@ -0,0 +1,24 @@ +1. Ensure Gordon is [enabled](/manuals/ai/gordon.md#enable-ask-gordon). +1. In Gordon's Toolkit, ensure Gordon's [Developer MCP toolkit is enabled](/manuals/ai/gordon/mcp/built-in-tools.md#configuration). +1. In the terminal, navigate to the directory containing your Dockerfile. +1. Start a conversation with Gordon: + ```bash + docker ai + ``` +1. Type: + ```console + "Migrate my dockerfile to DHI" + ``` +1. Follow the conversation with Gordon. When it requests access to the filesystem and more, + type `yes` to enable it to update your Dockerfile. + +When the migration is complete, you see a success message: + +```text +The migration to Docker Hardened Images (DHI) is complete. The updated Dockerfile +successfully builds the image, and no vulnerabilities were detected in the final image. +The functionality and optimizations of the original Dockerfile have been preserved. +``` + +> [!IMPORTANT] +> As with any AI tool, you must verify Gordon's edits and test your image. diff --git a/content/manuals/ai/gordon/_index.md b/content/manuals/ai/gordon/_index.md index c3520c55a5a..26b76cf3f16 100644 --- a/content/manuals/ai/gordon/_index.md +++ b/content/manuals/ai/gordon/_index.md @@ -20,13 +20,14 @@ of the Docker ecosystem. ## What is Ask Gordon? -Ask Gordon provides AI-powered assistance in Docker tools and can act as a DevSecOps agent. +Ask Gordon provides AI-powered assistance in Docker tools. It offers contextual help for tasks like: - Improving Dockerfiles - Running and troubleshooting containers - Interacting with your images and code - Finding vulnerabilities or configuration issues +- Migrating a Dockerfile to use [Docker Hardened Images](/manuals/dhi/_index.md) It understands your local environment, including source code, Dockerfiles, and images, to provide personalized and actionable guidance. @@ -199,7 +200,14 @@ across several dimensions: ### Migrate a Dockerfile to DHI -See [Use Gordon AI](/manuals/dhi/how-to/migrate.md#use-gordon-ai) in the DHI section. +Migrating your Dockerfile to use [Docker Hardened Images](/manuals/dhi/_index.md) helps you build +more secure, minimal, and production-ready containers. DHIs are designed to +reduce vulnerabilities, enforce best practices, and simplify compliance, making +them a strong foundation for secure software supply chains. + +To request Gordon's help for the migration: + +{{% include "gordondhi.md" %}} ## Disable Ask Gordon diff --git a/content/manuals/dhi/features/integration.md b/content/manuals/dhi/features/integration.md index 9ab6340ff2c..b33a20ad816 100644 --- a/content/manuals/dhi/features/integration.md +++ b/content/manuals/dhi/features/integration.md @@ -78,4 +78,4 @@ and CI to scanning and deployment. They: - Include security metadata that plugs into your existing compliance systems This means you can adopt stronger security controls without disrupting your -engineering workflows. \ No newline at end of file +engineering workflows. diff --git a/content/manuals/dhi/how-to/migrate.md b/content/manuals/dhi/how-to/migrate.md index 8f57467ba89..412b90cd2b4 100644 --- a/content/manuals/dhi/how-to/migrate.md +++ b/content/manuals/dhi/how-to/migrate.md @@ -9,7 +9,9 @@ keywords: migrate dockerfile, hardened base image, multi-stage build, non-root c {{< summary-bar feature_name="Docker Hardened Images" >}} This guide helps you migrate your existing Dockerfiles to use Docker Hardened -Images (DHIs). DHIs are minimal and security-focused, which may require +Images (DHIs) [manually](#step-1-update-the-base-image-in-your-dockerfile), +or with [Gordon](#use-gordon). +DHIs are minimal and security-focused, which may require adjustments to your base images, build process, and runtime configuration. This guide focuses on migrating framework images, such as images for building @@ -241,21 +243,9 @@ ENTRYPOINT [ "python", "/app/image.py" ] {{< /tab >}} {{< /tabs >}} -### Use Gordon AI +### Use Gordon -Alternatively, you can request assistance to -[Gordon](/manuals/ai/gordon/_index.md), Docker's AI feature, to act as a DevSecOps Agent -and migrate your Dockerfile: +Alternatively, you can request assistance to +[Gordon](/manuals/ai/gordon/_index.md), Docker's AI feature, to migrate your Dockerfile: -1. In the terminal, navigate to the directory containing your Dockerfile. -1. Run: - - ```bash - docker ai "Migrate my dockerfile to DHI" - ``` - -1. Follow the conversation with Gordon. When it requests access to the filesystem, - type `yes` to enable it to update the file. - -> [!IMPORTANT] -> As with any AI tool, you must verify Gordon's edits and test your image. +{{% include "gordondhi.md" %}}