diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa90b4db56afa172185739401bcf5d1d25049953..ead83dfdf0b07ef83e1d76ceada6cc7e2cd79211 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -211,3 +211,19 @@ push-toolbx:
needs:
- job: build-toolbx
artifacts: true
+
+# workbench image:
+
+build-workbench:
+ extends: .container-build
+ variables:
+ CONTEXT: workbench
+
+push-workbench:
+ extends: .container-push
+ variables:
+ CONTEXT: workbench
+ IMAGE: workbench
+ needs:
+ - job: build-workbench
+ artifacts: true
diff --git a/workbench/.dockerignore b/workbench/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..857ef49f9feeb95d0a162b13367eb5c270a9e5ab
--- /dev/null
+++ b/workbench/.dockerignore
@@ -0,0 +1,3 @@
+*
+!bash_completion.d/*
+!bin/*
diff --git a/workbench/Dockerfile b/workbench/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..3f9e1ec957213cab3280448dbe6b7c52a1c28177
--- /dev/null
+++ b/workbench/Dockerfile
@@ -0,0 +1,294 @@
+# hadolint ignore=DL3007
+FROM registry.shore.co.il/toolbx:latest
+SHELL ["/bin/bash", "-o", "pipefail", "-xc"]
+# hadolint ignore=DL3008,DL3013,DL3016,DL3027,DL4001
+RUN apt-get update && \
+ curl --location --silent --fail --show-error https://github.com/kubernetes/kompose/releases/download/v1.26.1/kompose_1.26.1_amd64.deb --output /tmp/kompose.deb && \
+ curl --location --silent --fail --show-error https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb --output /tmp/session-manager-plugin.deb && \
+ DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
+ adb \
+ apache2-utils \
+ aspell-he \
+ at \
+ aws-vault \
+ bash-completion \
+ bats \
+ bc \
+ build-essential \
+ bundler \
+ bzr \
+ ca-certificates \
+ clickhouse-client \
+ cmake \
+ composer \
+ consul \
+ curl \
+ dbus-x11 \
+ default-jdk-headless \
+ default-mysql-client \
+ devscripts \
+ direnv \
+ dirmngr \
+ dnsutils \
+ docker.io \
+ dos2unix \
+ easy-rsa \
+ entr \
+ expect \
+ flatpak \
+ flatpak-builder \
+ flatpak-xdg-utils \
+ fuse3 \
+ gdal-bin \
+ gettext-base \
+ gh \
+ gir1.2-glib-2.0 \
+ gir1.2-ostree-1.0 \
+ git \
+ gnupg \
+ golang \
+ gomplate \
+ google-cloud-cli-skaffold \
+ google-cloud-sdk \
+ go-md2man \
+ gpgv \
+ helm \
+ hugo \
+ hunspell \
+ hunspell-he \
+ hyphen-en-us \
+ ipcalc \
+ iproute2 \
+ iputils-ping \
+ iputils-tracepath \
+ jp \
+ jq \
+ keyutils \
+ /tmp/kompose.deb \
+ kops \
+ krb5-config \
+ kubectl \
+ ldap-utils \
+ less \
+ libbz2-dev \
+ libcairo2-dev \
+ libcap2-bin \
+ libdbus-1-dev \
+ libgirepository1.0-dev \
+ liblcms2-dev \
+ libldap2-dev \
+ liblzma-dev \
+ libmariadb-dev \
+ libncursesw5-dev \
+ libnotify-bin \
+ libpq-dev \
+ libproj-dev \
+ libprotobuf-dev \
+ libreadline-dev \
+ libsasl2-dev \
+ libsecret-tools \
+ libsqlite3-dev \
+ libwebp-dev \
+ libxml2-dev \
+ libxmlsec1-dev \
+ libyaml-dev \
+ llvm \
+ lsof \
+ lz4 \
+ man-db \
+ mariadb-client \
+ mat2 \
+ mercurial \
+ meson \
+ minikube \
+ mlocate \
+ mongodb-database-tools \
+ mythes-en-us \
+ netcat-openbsd \
+ nodejs \
+ npm \
+ ostree \
+ packer \
+ php-cli \
+ podman \
+ postgresql-client \
+ protobuf-compiler \
+ python3-dev \
+ python3-pip \
+ python3-venv \
+ rclone \
+ redis-tools \
+ rename \
+ reprepro \
+ rsync \
+ ruby-dev \
+ /tmp/session-manager-plugin.deb \
+ sharutils \
+ shellcheck \
+ signify-openbsd \
+ skopeo \
+ sops \
+ subversion \
+ sudo \
+ swaks \
+ systemd \
+ task-english \
+ task-hebrew \
+ task-ssh-server \
+ telnet \
+ terraform \
+ time \
+ tk-dev \
+ tmux \
+ tnftp \
+ transmission-cli \
+ ttyrec \
+ udftools \
+ unzip \
+ vagrant \
+ vault \
+ vcdimager \
+ vim-nox \
+ w3m-img \
+ wget \
+ whois \
+ xdg-user-dirs \
+ zip \
+ && \
+ sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/; s/# en_IL UTF-8/en_IL UTF-8/; s/# he_IL.UTF-8 UTF-8/he_IL.UTF-8 UTF-8/;' /etc/locale.gen && \
+ locale-gen && \
+ python3 -m pip install --use-deprecated=legacy-resolver --no-cache-dir \
+ https://github.com/aws/aws-cli/archive/refs/heads/v2.zip \
+ ansible \
+ ansible-runner \
+ awslogs \
+ bcrypt \
+ black \
+ bump2version \
+ colorama \
+ boto \
+ boto3 \
+ chalice \
+ check-manifest \
+ cookiecutter \
+ cryptography \
+ dnspython \
+ docker \
+ elasticsearch-curator \
+ elasticsearch[async] \
+ fabric \
+ flit \
+ github3.py \
+ Glances \
+ gunicorn \
+ hashin \
+ httpbin \
+ httpie \
+ identify \
+ importlab \
+ invoke \
+ iredis \
+ khal \
+ khard \
+ litecli \
+ magic-wormhole \
+ mariadb \
+ mycli \
+ netaddr \
+ paramiko \
+ parse \
+ passhole \
+ passlib \
+ pdm \
+ pgcli \
+ pipenv \
+ pip-tools \
+ poetry \
+ pre-commit \
+ protobuf \
+ psycopg2 \
+ pur \
+ pygments \
+ pymongo \
+ PyMySQL \
+ PyGObject \
+ pyopenssl \
+ 'python-gitlab[autocompletion,yaml]' \
+ python-hcl2 \
+ pyxdg \
+ redis \
+ remarshal \
+ requests \
+ rich-cli \
+ sh \
+ sqlite-utils \
+ template \
+ todoman \
+ tox \
+ transmission-rpc \
+ ziglang \
+ && \
+ echo pdm-publish pdm-version | xargs -n1 pdm plugin add && \
+ npm install --global \
+ corepack \
+ @playwright/test \
+ && \
+ export GOPATH=/usr/local/lib/go && \
+ export PATH="$GOPATH/bin:$PATH" && \
+ mkdir "$GOPATH" && \
+ export GO111MODULE=on && \
+ go install github.com/giantswarm/semver-bump@latest && \
+ go install github.com/nishanths/license/v5@latest && \
+ go install github.com/spelufo/on-change@latest && \
+ go install github.com/kaorimatz/mysqldump-loader@v0.4.1 && \
+ go install github.com/lucagrulla/cw@latest && \
+ go install github.com/kvz/json2hcl@latest && \
+ go install github.com/hashicorp/envconsul@latest && \
+ go install sigs.k8s.io/kustomize/kustomize/v4@latest && \
+ go install github.com/1player/host-spawn@latest && \
+ wget https://raw.githubusercontent.com/rabbitmq/rabbitmq-server/v3.8.16/deps/rabbitmq_management/bin/rabbitmqadmin -qO /usr/local/bin/rabbitmqadmin && \
+ chmod +x /usr/local/bin/rabbitmqadmin && \
+ wget https://github.com/docker/compose/releases/download/v2.14.0/docker-compose-linux-x86_64 -qO /usr/local/bin/docker-compose && \
+ chmod +x /usr/local/bin/docker-compose && \
+ mkdir /usr/local/share/bfg && \
+ wget 'https://search.maven.org/remote_content?g=com.madgag&a=bfg&v=LATEST' -qO /usr/local/share/bfg/bfg.jar && \
+ curl --silent --location --fail --show-error "https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-$(go env GOOS)-$(go env GOARCH)" --output /tmp/reg && \
+ install -o root -g root -m 0755 /tmp/reg /usr/local/bin/reg && \
+ curl --silent --location --fail --show-error "https://github.com/rancher/rke/releases/download/v1.3.8/rke_$(go env GOOS)-$(go env GOARCH)" --output /tmp/rke && \
+ install -o root -g root -m 0755 /tmp/rke /usr/local/bin/rke && \
+ curl --silent --location --fail --show-error https://github.com/SelfAdjointOperator/better-adb-sync/archive/refs/heads/master.tar.gz | tar -zxC /opt/ && \
+ ln --symbolic /opt/better-adb-sync-master/src/adbsync.py /usr/local/bin/adbsynnc && \
+ _PIPENV_COMPLETE=bash_source pipenv > /etc/bash_completion.d/pipenv && \
+ rabbitmqadmin --bash-completion > /etc/bash_completion.d/rabbitmqadmin && \
+ #poetry completions bash > /etc/bash_completion.d/poetry && \
+ register-python-argcomplete gitlab > /etc/bash_completion.d/gitlab && \
+ invoke --print-completion-script bash > /etc/bash_completion.d/invoke && \
+ fab --print-completion-script bash > /etc/bash_completion.d/fabric && \
+ helm completion bash > /etc/bash_completion.d/helm && \
+ semver-bump completion bash > /etc/bash_completion.d/semver-bump && \
+ pdm completion bash > /etc/bash_completion.d/pdm && \
+ kompose completion bash > /etc/bash_completion.d/kompose && \
+ skaffold completion bash > /etc/bash_completion.d/skaffold && \
+ kustomize completion bash > /etc/bash_completion.d/kustomize && \
+ wget https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose -qO /etc/bash_completion.d/docker-compose && \
+ wget https://raw.githubusercontent.com/ansible-community/molecule/1.25.1/asset/bash_completion/molecule.bash-completion.sh -qO /etc/bash_completion.d/molecule && \
+ wget https://github.com/mrolli/packer-bash-completion/raw/master/packer -qO /etc/bash_completion.d/packer && \
+ wget https://raw.githubusercontent.com/dsifford/yarn-completion/v0.17.0/yarn-completion.bash -qO /etc/bash_completion.d/yarn && \
+ #wget https://raw.githubusercontent.com/ziglang/shell-completions/master/_zig -qO /etc/bash_completion.d/zig && \
+ git clone https://github.com/asdf-vm/asdf.git /opt/asdf && \
+ ln --symbolic --target /etc/profile.d/ /opt/asdf/asdf.sh && \
+ ln --symbolic /opt/asdf/completions/asdf.bash /etc/bash_completion.d/asdf && \
+ mkdir -p /usr/local/share/ca-certificates && \
+ wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -qO - | \
+ awk '/-----BEGIN[A-Z0-9 ]*CERTIFICATE-----/ {n++} n > 0 {print > ("/usr/local/share/ca-certificates/rds-" (1+n) ".crt")}' && \
+ update-ca-certificates && \
+ echo "export PATH=$GOPATH/bin:\$PATH" > /etc/profile.d/workbench.sh && \
+ # pragma: allowlist nextline secret
+ rm /etc/ssh/ssh_host_* && \
+ rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/* ~/.cache/*
+COPY --chown=root:root bash_completion.d/* /etc/bash_completion.d/
+COPY --chown=root:root bin/* /usr/local/bin/
+ENV PATH /usr/local/lib/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV ASDF_DIR /opt/asdf
+VOLUME /run/sshd
+CMD ["/bin/bash"]
diff --git a/workbench/README.md b/workbench/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..17398e90605e49c45e82f828a3a188c20c0dda2e
--- /dev/null
+++ b/workbench/README.md
@@ -0,0 +1,24 @@
+# Workbench
+
+[](https://git.shore.co.il/shore/workbench/-/commits/master)
+
+A Docker image for a portable working environment, meant to be used with
+[Toolbox](https://github.com/containers/toolbox).
+
+## Usage
+
+```
+toolbox create --registry registry.shore.co.il/workbench
+toolbox enter workbench
+```
+
+## License
+
+This software is licensed under the MIT license (see `LICENSE.txt`).
+
+## Author Information
+
+Nimrod Adar, [contact me](mailto:nimrod@shore.co.il) or visit my
+[website](https://www.shore.co.il/). Patches are welcome via
+[`git send-email`](http://git-scm.com/book/en/v2/Git-Commands-Email). The repository
+is located at: <https://git.shore.co.il/explore/>.
diff --git a/workbench/bash_completion.d/aws b/workbench/bash_completion.d/aws
new file mode 100644
index 0000000000000000000000000000000000000000..11567c59602a444e122d9f3b002933f0802c5610
--- /dev/null
+++ b/workbench/bash_completion.d/aws
@@ -0,0 +1,2 @@
+# vim: ft=bash
+complete -C 'aws_completer' aws
diff --git a/workbench/bash_completion.d/pre-commit b/workbench/bash_completion.d/pre-commit
new file mode 100644
index 0000000000000000000000000000000000000000..efae4b430fd86d1726e47c4350e6005c90460e05
--- /dev/null
+++ b/workbench/bash_completion.d/pre-commit
@@ -0,0 +1,17 @@
+# vim: ft=bash
+
+_pre_commit () {
+ local cur prev words cword opts
+ _init_completion || return
+ opts='-h --help -V --version'
+ commands='autoupdate clean gc init-templatedir install install-hooks migrate-config run sample-config try-repo uninstall validate-config validate-manifest help hook-impl'
+
+ if [[ $cur == -* ]]
+ then
+ COMPREPLY=($(compgen -W "$opts" -- "$cur"))
+ else
+ COMPREPLY=($(compgen -W "$commands" -- "$cur"))
+ fi
+}
+
+complete -F _pre_commit pre-commit
diff --git a/workbench/bash_completion.d/sops b/workbench/bash_completion.d/sops
new file mode 100644
index 0000000000000000000000000000000000000000..95dfa202a5d5f5f2dcc78fe890d93c0f1014fef7
--- /dev/null
+++ b/workbench/bash_completion.d/sops
@@ -0,0 +1,16 @@
+_cli_bash_autocomplete() {
+ if [[ "${COMP_WORDS[0]}" != "source" ]]; then
+ local cur opts base
+ COMPREPLY=()
+ cur="${COMP_WORDS[COMP_CWORD]}"
+ if [[ "$cur" == "-"* ]]; then
+ opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
+ else
+ opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
+ fi
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ fi
+}
+
+complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete sops
diff --git a/workbench/bash_completion.d/terraform b/workbench/bash_completion.d/terraform
new file mode 100644
index 0000000000000000000000000000000000000000..377b0d3926190f08eaa431243cd042d0e9afeaa8
--- /dev/null
+++ b/workbench/bash_completion.d/terraform
@@ -0,0 +1,2 @@
+# vim: ft=bash
+complete -C terraform terraform
diff --git a/workbench/bash_completion.d/vault b/workbench/bash_completion.d/vault
new file mode 100644
index 0000000000000000000000000000000000000000..105ea4ecea45f33ff36ba3d703fee31709b025a9
--- /dev/null
+++ b/workbench/bash_completion.d/vault
@@ -0,0 +1,2 @@
+# vim: ft=bash
+complete -C vault vault
diff --git a/workbench/bin/bfg b/workbench/bin/bfg
new file mode 100755
index 0000000000000000000000000000000000000000..62831738595ab466b5f2130dba1914cdfc5097c3
--- /dev/null
+++ b/workbench/bin/bfg
@@ -0,0 +1,4 @@
+#!/bin/sh
+set -eu
+
+exec java -jar /usr/local/share/bfg/bfg.jar "$@"
diff --git a/workbench/bin/gnome-open b/workbench/bin/gnome-open
new file mode 100755
index 0000000000000000000000000000000000000000..328ab9ac8d0e5dbe0b5fff9129f9adff21bfd3e0
--- /dev/null
+++ b/workbench/bin/gnome-open
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec gio open "$@"
diff --git a/workbench/bin/gpg2 b/workbench/bin/gpg2
new file mode 100755
index 0000000000000000000000000000000000000000..c444d5e4fdb2e5de2eb9819f2e90be9c94a49199
--- /dev/null
+++ b/workbench/bin/gpg2
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec gpg "$@"
diff --git a/workbench/bin/zig b/workbench/bin/zig
new file mode 100755
index 0000000000000000000000000000000000000000..287da91c8496bf5bab2c3db19e591747da64e6bf
--- /dev/null
+++ b/workbench/bin/zig
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m ziglang "$@"