Docs/cicd improve

README.md

@@ -773,152 +773,7 @@ Different CI/CD services have different containerized environment designs that i
 
 ## CI/CD INTEGRATIONS
 
-### Integrating Slim in Jenkins
-#### Prerequisites:
-- Spin up a virtual machine(e.g.EC2 Instance, Azure VM, GCE) which has an Ubuntu OS via your desired cloud platform(AWS, Azure, GCP), SSH into the machine, update the machine packages and install docker. An example of this step is highlighted below given you are running an AWS EC2 Instance.
-```
-sudo apt update -y
-```
-```
-sudo apt install docker -y
-```
-```
-sudo systemctl start docker
-```
-```
-sudo usermod -aG docker ec2-user
-```
-- Install Jenkins on the virtual machine using docker as stipulated by the [Jenkins Documentation](https://github.com/jenkinsci/docker/blob/master/README.md), this step pulls [Jenkins Image from DockerHub](https://hub.docker.com/r/jenkins/jenkins), runs Jenkins as a container via port 8080 and creates an explicit docker volume on the host machine to retain Jenkins data. Given you are running an AWS EC2 Instance, create a TCP rule with port 8080 in the Instance security group rules which allows only your Internet Protocol(IP) address to access the Jenkins server. 
-```
-docker run -p 8080:8080 -p 50000:50000 -d -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts
-```
-- Given Jenkins is now running as a containerized environment in the virtual machine, you need to make docker available in the Jenkins container, you can do this by bind mounting the virtual machine docker unix socket onto the jenkins container, note that to carry out this step you need to stop the running jenkins container, you can find the jenkins container ID by using the docker ps command, the commands to execute are highlighted below. This step is essential as it makes docker available in the Jenkins container, and with docker you can pull Slim Image which is to be used in further steps.
-```
-docker ps 
-```
-```
-docker stop [jenkins_container_id]
-```
-```
-docker run -p 8080:8080 -p 50000:50000 -d \  
--v jenkins_home:/var/jenkins_home \ 
--v /var/run/docker.sock:/var/run/docker.sock \ 
--v $(which docker):/usr/bin/docker jenkins/jenkins:lts
-```
-- Enable Docker permissions in the new jenkins container, such that Jenkins can perform docker commands and pull the [Slim Official Image](https://hub.docker.com/r/dslim/docker-slim) in the container. To do this, you need to get into the Jenkins container as a root user, you can find the jenkins container ID by using the docker ps command, the commands to execute are highlighted below:
-```
-docker exec -u 0 -it [jenkins_container_id] bash
-```
-```
-chmod 666 /var/run/docker.sock 
-```
-```
-docker pull dslim/slim
-```
-#### Jenkinsfile Slim Stage
-Given you have completed the prerequisite steps above, you can build a docker image and minify the image size using Slim via the snippet stage below which should be highlighted in your Jenkinsfile stages.
-```
-stage("Build and Slim Docker Image") {
-  steps {
-      script {
-          echo "building and slimming docker image..."
-          sh 'docker build -t IMAGE_NAME:$BUILD_NUMBER .'
-          sh 'docker run --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/slim \
-              build --target IMAGE_NAME:$BUILD_NUMBER --tag IMAGE_NAME:slim-$BUILD_NUMBER \
-              exit'
-      }
-  }
-}
-```
-- The snippet stage above allows for customization, you should replace the image name--IMAGE_NAME with your desired image name, the environment variable tag--$BUILD_NUMBER represents a unique incremental number allocated by Jenkins each time your jenkins pipeline runs. 
-- The docker build command builds a Docker Image of your application from a Dockerfile.
-- The docker run command runs Slim in a non-interactive mode via the docker unix socket, minifies the built(target) image--IMAGE_NAME:$BUILD_NUMBER, and adjusting it to a new slimmed image with the image/tag--IMAGE_NAME:slim-$BUILD_NUMBER.
-- You should put the Slim stage before a docker tag/push stage and after a build/test artifact in your Jenkinsfile, an example pipeline is highlighted below for a sample nodejs application; The first stage test and builds an artifact of the application; The second stage builds a docker image and a slimmed version of the docker image; The third stage tags the slimmed docker image with a DockerHub account remote repository and pushes the image to the remote repository.
-```
-pipeline {
-    agent any
-    stages {
-        stage("building nodejs app") {
-            steps{
-                script {
-                    echo "building nodejs app..."
-                    sh 'npm run test'
-                    sh 'npm pack'
-                }
-            }
-        }
-        stage("Build and Slim Docker Image") {
-            steps {
-                script {
-                    echo "building and slimming docker image..."
-                    sh 'docker build -t node_alpine:$BUILD_NUMBER .'
-                    sh 'docker run --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/slim \
-                        build --target node_alpine:$BUILD_NUMBER --tag node_alpine:slim-$BUILD_NUMBER \
-                        exit'
-                }
-            }
-        }
-        stage("Push Slim Image to Regristy") {
-            steps {
-                script {
-                    echo 'pushing image to docker regristry...'
-                    withCredentials([usernamePassword(credentialsId: 'docker-hub-credentials', passwordVariable: 'PASS', usernameVariable: 'USER')]) {
-                        sh 'docker tag node_alpine:slim-$BUILD_NUMBER $USER/node_alpine:slim-$BUILD_NUMBER'
-                        sh 'echo $PASS | docker login -u $USER --password-stdin'
-                        sh 'docker push $USER/node_alpine:slim-$BUILD_NUMBER'
-                    }
-                }
-            }
-        }
-    }
-}   
-```
-
-### Integrating Slimtoolkit in Github Actions
-#### Github Action
-Integrating SlimToolkit in Github Actions in your CI/CD workflow involves using the [Docker-Slim Github Action](https://github.com/marketplace/actions/docker-slim-github-action), this Action(snippet below) minifies a target docker image--IMAGE_NAME:latest in your workflow, making it smaller and adjusting the new slimmed image as IMAGE_NAME:slim.  
-```
-# Slim it!
-- uses: kitabisa/docker-slim-action@v1
-  env:
-    DSLIM_HTTP_PROBE: false
-  with:
-    target: IMAGE_NAME:latest
-    tag: "slim"
-```
-#### Github Actions Slim Workflow
-You can integrate the Docker-Slim Github Action in your workflow by inserting the Action after a [Docker Build/Push Github Action](https://github.com/docker/build-push-action), before [Docker Login Github Action](https://github.com/docker/login-action) and docker tag/push commands, a customized example workflow is highlighted below. Note that the environment variable tag--{{github.run_number}} in the workflow represents a unique incremental number allocated by Github Actions each time your workflow runs.
-```
-# Build the Docker image first
-- uses: docker/build-push-action@v4
-  with:
-    push: false
-    tags: IMAGE_NAME:{{github.run_number}} 
-
-# Slim the Image
-- uses: kitabisa/docker-slim-action@v1
-  env:
-    DSLIM_HTTP_PROBE: false
-  with:
-    target: IMAGE_NAME:{{github.run_number}}
-    tag: "slim-{{github.run_number}}"
-
-# Docker Hub Login
-  uses: docker/login-action@v2
-  with:
-    username: ${{ secrets.DOCKERHUB_USERNAME }}
-    password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-# Push to the registry
-- run: | 
-   docker tag IMAGE_NAME:slim-{{github.run_number}} ${{ secrets.DOCKERHUB_USERNAME }}/IMAGE_NAME:slim-{{github.run_number}}
-   docker push ${{ secrets.DOCKERHUB_USERNAME }}/IMAGE_NAME:slim-{{github.run_number}}
-```
-The workflow above indicates four steps:
-- A [Docker Build/Push Github Action](https://github.com/docker/build-push-action) for building a docker image with the image name/tag--IMAGE_NAME:{{github.run_number}}, you should give replace IMAGE_NAME with your desired image name. Note that this Action must have a false option to push the built image--given that you need the image slimmed/minified before pushing it to a container registry. 
-- A Docker-Slim Github Action which minifies the target image--IMAGE_NAME:{{github.run_number}}, this Action has the "slim-{{github.run_number}}" tag and adds this tag to the slimmed/minified docker image such that the image name/tag becomes IMAGE_NAME:slim-{{github.run_number}}.
-- A Docker Login Github Action which logs into your DockerHub container regristry account, you should store your DockerHub username and personal access token as secrets in the github repository meant for the workflow. Suppose your container registry is not DockerHub, you can check the [Docker Login Github Action documentation](https://github.com/docker/login-action) for the use case of logging into your desired container registry. 
-- A docker tag command for naming/tagging the slimmed image with your DockerHub account remote repository name which could be the same name(IMAGE_NAME) as the slimmed image; A docker push command to push the slimmed image to your Dockerhub account remote repository.
+For expanded, provider-specific guidance (examples for GitHub Actions, GitLab CI, Jenkins, Cloud Build and troubleshooting notes for containerized CI), see `docs/CI/CD.md` in this repository.
 
 
 ## DOCKER CONNECT OPTIONS

docs/ci/cd.md

@@ -0,0 +1,107 @@
+# CI/CD Integrations (compact)
+
+This file collects practical guidance and examples for integrating SlimToolkit into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Cloud Build, etc.).
+
+Quick checklist
+- Inputs: built image tag (or Dockerfile + context).
+- Outputs: slimmed image tag (recommended: `<name>:slim-<build-id>`) or artifacts directory with `Dockerfile` + `files.tar`.
+- Key failure modes: no Docker socket, restricted privileges (seccomp/AppArmor), registry auth failures.
+
+Recommended flow
+1. Build the fat image on the CI runner (don't push yet).
+2. Run Slim on the runner (mount the Docker socket or configure DOCKER_HOST) so it can access the local image.
+3. Tag and push the slim image to your registry.
+
+Important flags and env
+- `--target <image:tag>`: image to slim.
+- `--tag <tag>`: tag for the slim output image.
+- `DSLIM_HTTP_PROBE` / `--http-probe`: control HTTP probing (set `DSLIM_HTTP_PROBE=false` in CI if probes are flaky).
+- `--continue-after`: use `timeout`, `signal`, or `exec` to automate completion in CI.
+- `--sensor-ipc-mode` and `--sensor-ipc-endpoint`: tune sensor communication in constrained environments.
+
+GitHub Actions (runner builds image, runs Slim, pushes)
+
+Example snippet:
+
+```yaml
+name: Build and Slim
+on: [push]
+jobs:
+  slim:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build image (local)
+        uses: docker/build-push-action@v4
+        with:
+          push: false
+          tags: myapp:${{ github.run_number }}
+
+      - name: Slim the image
+        env:
+          DSLIM_HTTP_PROBE: false
+        run: |
+          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
+            dslim/slim build --target myapp:${{ github.run_number }} --tag myapp:slim-${{ github.run_number }} --continue-after=timeout
+
+      - name: Login and push
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - run: docker push myapp:slim-${{ github.run_number }}
+```
+
+Notes:
+- Mounting `/var/run/docker.sock` gives Slim access to the runner's Docker daemon. If using `docker:dind` or a remote daemon, set `DOCKER_HOST` and copy TLS certs as needed.
+- If HTTP probing is unreliable in CI, disable it and use `--exec` or `--continue-after=signal` with your test runner.
+
+GitLab CI (dind) minimal example
+
+```yaml
+variables:
+  DOCKER_HOST: tcp://docker:2375
+  DOCKER_TLS_CERTDIR: ""
+services:
+  - name: docker:dind
+    command: ["--host=tcp://0.0.0.0:2375"]
+
+build:
+  script:
+    - docker build -t myapp:$CI_PIPELINE_IID .
+
+slim:
+  script:
+    - docker run --rm -e DSLIM_HTTP_PROBE=false -v /var/run/docker.sock:/var/run/docker.sock \
+      dslim/slim build --target myapp:$CI_PIPELINE_IID --tag myapp:slim-$CI_PIPELINE_IID --continue-after=timeout
+
+push:
+  script:
+    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
+    - docker push myapp:slim-$CI_PIPELINE_IID
+```
+
+Jenkins (quick snippet)
+
+```groovy
+stage('Build and Slim') {
+  steps {
+    sh 'docker build -t myapp:$BUILD_NUMBER .'
+    sh "docker run --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/slim build --target myapp:$BUILD_NUMBER --tag myapp:slim-$BUILD_NUMBER --continue-after=timeout"
+  }
+}
+```
+
+Containerized CI gotchas
+- Missing Docker socket: mount `/var/run/docker.sock` or set `DOCKER_HOST`.
+- Privileges: Slim may need elevated capabilities to generate seccomp/AppArmor profiles; consider a privileged runner or disable profile generation.
+- File flags: flags that take file paths (e.g., `--include-path-file`) require those files to be mounted into the Slim container.
+
+Troubleshooting checklist
+- Sensor communication issues: try `--sensor-ipc-mode=proxy` or set `--sensor-ipc-endpoint` explicitly.
+- Probes failing: set `DSLIM_HTTP_PROBE=false` and drive tests with `--exec` or `--continue-after=signal`.
+- Permission errors: ensure the runner user can access the Docker socket and mounted files.
+
+If you'd like, I can further shorten any example or add one specific to your CI provider.