Skip to content

Gordon DHI migration #22885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Gordon DHI migration #22885

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8a29204
gordon: support for DHI migration
ArthurFlag Jun 23, 2025
41b6066
update
ArthurFlag Jun 25, 2025
895e490
feedback
ArthurFlag Jun 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions content/includes/gordondhi.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
1. Ensure Gordon is [enabled](/manuals/ai/gordon.md#enable-ask-gordon).
1. In Gordon's Toolkit, ensure Gordon's [Developer MCP toolkit is enabled](/manuals/ai/gordon/mcp/built-in-tools.md#configuration).
1. In the terminal, navigate to the directory containing your Dockerfile.
1. Start a conversation with Gordon:
```bash
docker ai
```
1. Type:
```console
"Migrate my dockerfile to DHI"
```
1. Follow the conversation with Gordon. When it requests access to the filesystem and more,
type `yes` to enable it to update your Dockerfile.

When the migration is complete, you see a success message:

```text
The migration to Docker Hardened Images (DHI) is complete. The updated Dockerfile
successfully builds the image, and no vulnerabilities were detected in the final image.
The functionality and optimizations of the original Dockerfile have been preserved.
```

> [!IMPORTANT]
> As with any AI tool, you must verify Gordon's edits and test your image.
23 changes: 19 additions & 4 deletions content/manuals/ai/gordon/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,14 @@

## What is Ask Gordon?

Ask Gordon provides AI-powered assistance in Docker tools. It offers contextual help for tasks like:
Ask Gordon provides AI-powered assistance in Docker tools.
It offers contextual help for tasks like:

- Improving Dockerfiles
- Running and troubleshooting containers
- Interacting with your images and code
- Finding vulnerabilities or configuration issues
- Migrating a Dockerfile to use [Docker Hardened Images](/manuals/dhi/_index.md)

It understands your local environment, including source code, Dockerfiles, and images, to provide personalized and actionable guidance.

Expand Down Expand Up @@ -101,9 +103,10 @@

## Using Ask Gordon

The primary interfaces to Docker's AI capabilities are through the **Ask
Gordon** view in Docker Desktop, or if you prefer to use the CLI: the `docker
ai` CLI command.
You can access Gordon:

- In Docker Desktop, in the **Ask Gordon** view.
- Via the Docker CLI, with the `docker ai` CLI command.

Once you've enabled the Docker AI features, you'll also find references to **Ask
Gordon** in various other places throughout the Docker Desktop user interface.
Expand All @@ -119,6 +122,7 @@
- [Troubleshoot a crashed container](#troubleshoot-a-crashed-container)
- [Get help with running a container](#get-help-with-running-a-container)
- [Improve a Dockerfile](#improve-a-dockerfile)
- [Migrate a Dockerfile to DHI](#migrate-a-dockerfile-to-dhi)

Check warning on line 125 in content/manuals/ai/gordon/_index.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.Acronyms] 'DHI' has no definition.

Raw Output:
{"message": "[Docker.Acronyms] 'DHI' has no definition.", "location": {"path": "content/manuals/ai/gordon/_index.md", "range": {"start": {"line": 125, "column": 28}}}, "severity": "WARNING"}

For more examples, try asking Gordon directly. For example:

Expand Down Expand Up @@ -194,6 +198,17 @@
- Portability
- Resource efficiency

### Migrate a Dockerfile to DHI

Check warning on line 201 in content/manuals/ai/gordon/_index.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.Acronyms] 'DHI' has no definition.

Raw Output:
{"message": "[Docker.Acronyms] 'DHI' has no definition.", "location": {"path": "content/manuals/ai/gordon/_index.md", "range": {"start": {"line": 201, "column": 29}}}, "severity": "WARNING"}

Migrating your Dockerfile to use [Docker Hardened Images](/manuals/dhi/_index.md) helps you build
more secure, minimal, and production-ready containers. DHIs are designed to
reduce vulnerabilities, enforce best practices, and simplify compliance, making
them a strong foundation for secure software supply chains.

To request Gordon's help for the migration:

{{% include "gordondhi.md" %}}

## Disable Ask Gordon

### For individual users
Expand Down
2 changes: 1 addition & 1 deletion content/manuals/dhi/features/integration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,4 +78,4 @@ and CI to scanning and deployment. They:
- Include security metadata that plugs into your existing compliance systems

This means you can adopt stronger security controls without disrupting your
engineering workflows.
engineering workflows.
11 changes: 10 additions & 1 deletion content/manuals/dhi/how-to/migrate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ keywords: migrate dockerfile, hardened base image, multi-stage build, non-root c
{{< summary-bar feature_name="Docker Hardened Images" >}}

This guide helps you migrate your existing Dockerfiles to use Docker Hardened
Images (DHIs). DHIs are minimal and security-focused, which may require
Images (DHIs) [manually](#step-1-update-the-base-image-in-your-dockerfile),
or with [Gordon](#use-gordon).
DHIs are minimal and security-focused, which may require
adjustments to your base images, build process, and runtime configuration.

This guide focuses on migrating framework images, such as images for building
Expand Down Expand Up @@ -240,3 +242,10 @@ ENTRYPOINT [ "python", "/app/image.py" ]

{{< /tab >}}
{{< /tabs >}}

### Use Gordon

Alternatively, you can request assistance to
[Gordon](/manuals/ai/gordon/_index.md), Docker's AI feature, to migrate your Dockerfile:

{{% include "gordondhi.md" %}}