feat: Minimal scratch-based image with input validation and output customization

[e7d]

Summary

Major refactoring to reduce image size by 46% while adding comprehensive input validation, configurable output formatting, and graceful error handling.

Changes

Docker Image Optimization

• Switched to multi-stage build with Alpine builder + scratch runtime
• Image size reduced from 58.6 MB to 31.5 MB (46% smaller)
• Zero CVEs - scratch base has no OS packages to scan
• Non-root execution - runs as user 65534:65534 (nobody)
• Multi-arch support - linux/amd64, arm/v7, arm64/v8, ppc64le, s390x

Input Validation

• Added validateSizeString() - validates SIZE, WARMUP_SIZE with unit suffixes
• Added validateBinaryFlag() - validates WARMUP, DRY_RUN (0 or 1)
• Added validateRuntime() - validates RUNTIME format (e.g., 5s, 2m, 1h)
• Added validateInteger() - validates LOOPS with optional zero allowance
• Added ensureWritableTarget() - prevents running on root filesystem
• All validation errors provide clear, actionable messages

Configurable Output

• EMOJI env var - set to 0 to disable emojis, auto-detected from TERM
• COLOR env var - set to 0 to disable colors, auto-detected from TERM
• Symbol fallbacks: ✅→[OK], ❌→[FAIL], 🛑→[STOP], ➤→>
• Works correctly in terminals with TERM=dumb

Graceful Job Skipping

• Jobs with test size smaller than block size are now skipped gracefully
• Skipped jobs shown inline as "Skipped" during execution
• Summary at end lists all skipped jobs with reasons
• Prevents fio "size too small" errors with small SIZE values

Code Cleanup

• Renamed internal COLOR array to JOBCOLOR to avoid env var conflict
• Removed unnecessary comments
• Consolidated ENV declarations in Dockerfile

Testing

• All input validation tests pass
• Tested with SIZE=4M, RUNTIME=1s for fast iteration
• Verified emoji/color detection and fallbacks
• Confirmed non-root execution with writable /disk directory

Breaking Changes

None - all existing usage patterns continue to work.

Related Issues

Replaces #15
Closes #16

[github-actions]

🔍 Vulnerabilities of ghcr.io/e7db/diskmark:pr-17

📦 Image Reference ghcr.io/e7db/diskmark:pr-17

digest	sha256:e304649b9dbdad1a024f39f44025814c2f4183d9168b449e17379eb7caec28b8
vulnerabilities
platform	linux/amd64
size	16 MB
packages	1

[github-actions]

Recommended fixes for image ghcr.io/e7db/diskmark:pr-17

Base image is alpine:latest

Name	3.23.2
Digest	sha256:1882fa4569e0c591ea092d3766c4893e19b8901a8e649de7067188aba3cc0679
Vulnerabilities
Pushed	3 weeks ago
Size	3.9 MB
Packages	20
OS	3.23.2

The base image is also available under the supported tag(s): 3, 3.23, 3.23.2

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	ghcr.io/e7db/diskmark:latest	ghcr.io/e7db/diskmark:pr-17
- digest	339238293c54	e304649b9dbd
- tag	latest	pr-17
- provenance	c811f8e	a763a18
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	67 MB	16 MB (-51 MB)
- packages	211	1 (-210)

Environment Variables (2 changes)

• + 2 added
• 8 unchanged

 DATA=random
 IO=direct
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 PROFILE=auto
 RUNTIME=5s
 SIZE=1G
 TARGET=/disk
+TERM=xterm
 WARMUP=1
+WARMUP_SIZE=

Labels (3 changes)

• - 1 removed
• ± 2 changed
• 6 unchanged

-org.opencontainers.image.created=2026-01-10T01:38:37.849Z
+org.opencontainers.image.created=2026-01-10T12:24:01.870Z
 org.opencontainers.image.description=A disk benchmarking tool for Docker
 org.opencontainers.image.licenses=Apache-2.0
-org.opencontainers.image.ref.name=ubuntu
 org.opencontainers.image.revision=
 org.opencontainers.image.source=https://github.com/e7db/docker-diskmark
 org.opencontainers.image.title=docker-diskmark
 org.opencontainers.image.url=https://github.com/e7db/docker-diskmark
-org.opencontainers.image.version=latest
+org.opencontainers.image.version=pr-17

Packages and Vulnerabilities (211 package changes and 0 vulnerability changes)

• ➕ 1 packages added
• ➖ 210 packages removed

Changes for packages of type deb (210 changes)

	Package	Version ghcr.io/e7db/diskmark:latest	Version ghcr.io/e7db/diskmark:pr-17
➖	acl	2.3.2-2
➖	adduser	3.152ubuntu1
➖	apt	3.1.6ubuntu2
➖	attr	1:2.5.2-3build1
➖	audit	1:4.0.5-1build1
➖	base-files	14ubuntu3
➖	base-passwd	3.6.7
➖	bash	5.2.37-2ubuntu5
➖	boost1.88	1.88.0-1.4ubuntu1
➖	bsdutils	1:2.41-4ubuntu4.1
➖	bzip2	1.0.8-6build1
➖	ca-certificates	20250419
➖	cdebconf	0.279ubuntu1
➖	ceph	19.2.3-0ubuntu1.25.10.1
➖	coreutils	9.5-1ubuntu4
➖	coreutils-from	0.0.0~ubuntu24
➖	coreutils-from-uutils	0.0.0~ubuntu24
➖	cryptsetup	2:2.8.0-1ubuntu2
➖	dash	0.5.12-12ubuntu2
➖	db5.3	5.3.28+dfsg2-9ubuntu1
➖	debconf	1.5.91
➖	debianutils	5.23.2
➖	diffutils	1:3.10-4
➖	dmsetup	2:1.02.205-2ubuntu2
➖	dpkg	1.22.21ubuntu3.1
➖	e2fsprogs	1.47.2-3ubuntu2
➖	expat	2.7.1-2
➖	findutils	4.10.0-3build1
➖	fio	3.39-1
➖	gcc-15	15.2.0-4ubuntu4
➖	gcc-15-base	15.2.0-4ubuntu4
➖	glibc	2.42-0ubuntu3
➖	glusterfs	11.1-6
➖	gmp	2:6.3.0+dfsg-5ubuntu1
➖	gnu-coreutils	9.5-1ubuntu4
➖	gnupg2	2.4.8-2ubuntu2
➖	gnutls28	3.8.9-3ubuntu2
➖	gpgv	2.4.8-2ubuntu2
➖	grep	3.11-4build1
➖	gzip	1.13-1ubuntu4
➖	hostname	3.25
➖	ibverbs-providers	56.1-1ubuntu1
➖	init-system-helpers	1.68
➖	json-c	0.18+ds-1
➖	keyutils	1.6.3-6ubuntu2
➖	kmod	34.2-2ubuntu1
➖	krb5	1.21.3-5ubuntu2
➖	krb5-locales	1.21.3-5ubuntu2
➖	libacl1	2.3.2-2
➖	libaio	0.3.113-8
➖	libaio1t64	0.3.113-8
➖	libapt-pkg7.0	3.1.6ubuntu2
➖	libattr1	1:2.5.2-3build1
➖	libaudit-common	1:4.0.5-1build1
➖	libaudit1	1:4.0.5-1build1
➖	libblkid1	2.41-4ubuntu4.1
➖	libboost-iostreams1.88.0	1.88.0-1.4ubuntu1
➖	libboost-thread1.88.0	1.88.0-1.4ubuntu1
➖	libbsd	0.12.2-2build1
➖	libbsd0	0.12.2-2build1
➖	libbz2-1.0	1.0.8-6build1
➖	libc-bin	2.42-0ubuntu3
➖	libc6	2.42-0ubuntu3
➖	libcap-ng	0.8.5-4build2
➖	libcap-ng0	0.8.5-4build2
➖	libcap2	1:2.75-7ubuntu2
➖	libcom-err2	1.47.2-3ubuntu2
➖	libcrypt1	1:4.4.38-1build1
➖	libcryptsetup12	2:2.8.0-1ubuntu2
➖	libdaxctl1	77-2.2ubuntu2
➖	libdb5.3t64	5.3.28+dfsg2-9ubuntu1
➖	libdebconfclient0	0.279ubuntu1
➖	libdevmapper1.02.1	2:1.02.205-2ubuntu2
➖	libexpat1	2.7.1-2
➖	libext2fs2t64	1.47.2-3ubuntu2
➖	libffi	3.5.2-1build1
➖	libffi8	3.5.2-1build1
➖	libgcc-s1	15.2.0-4ubuntu4
➖	libgcrypt20	1.11.0-7build1
➖	libgfapi0	11.1-6
➖	libgfrpc0	11.1-6
➖	libgfxdr0	11.1-6
➖	libglusterfs0	11.1-6
➖	libgmp10	2:6.3.0+dfsg-5ubuntu1
➖	libgnutls30t64	3.8.9-3ubuntu2
➖	libgpg-error	1.51-4
➖	libgpg-error0	1.51-4
➖	libgssapi-krb5-2	1.21.3-5ubuntu2
➖	libhogweed6t64	3.10.1-1
➖	libibverbs1	56.1-1ubuntu1
➖	libidn2	2.3.8-4
➖	libidn2-0	2.3.8-4
➖	libjson-c5	0.18+ds-1
➖	libk5crypto3	1.21.3-5ubuntu2
➖	libkeyutils1	1.6.3-6ubuntu2
➖	libkmod2	34.2-2ubuntu1
➖	libkrb5-3	1.21.3-5ubuntu2
➖	libkrb5support0	1.21.3-5ubuntu2
➖	liblastlog2-2	2.41-4ubuntu4.1
➖	liblz4-1	1.10.0-4build1
➖	liblzma5	5.8.1-1build2
➖	libmd	1.1.0-2build3
➖	libmd0	1.1.0-2build3
➖	libmount1	2.41-4ubuntu4.1
➖	libnbd	1.22.2-1build2
➖	libnbd0	1.22.2-1build2
➖	libncursesw6	6.5+20250216-2build1
➖	libndctl6	77-2.2ubuntu2
➖	libnettle8t64	3.10.1-1
➖	libnfs	5.0.2-1build1
➖	libnfs14	5.0.2-1build1
➖	libnl-3-200	3.7.0-2build1
➖	libnl-route-3-200	3.7.0-2build1
➖	libnl3	3.7.0-2build1
➖	libnuma1	2.0.19-1
➖	libp11-kit0	0.25.5-3ubuntu1
➖	libpam-modules	1.7.0-5ubuntu2
➖	libpam-modules-bin	1.7.0-5ubuntu2
➖	libpam-runtime	1.7.0-5ubuntu2
➖	libpam0g	1.7.0-5ubuntu2
➖	libpcre2-8-0	10.46-1
➖	libpmem1	1.13.1-1.1ubuntu3
➖	libpmemobj1	1.13.1-1.1ubuntu3
➖	libproc2-0	2:4.0.4-8ubuntu3
➖	libpython3-stdlib	3.13.7-1
➖	libpython3.13-minimal	3.13.7-1ubuntu0.1
➖	libpython3.13-stdlib	3.13.7-1ubuntu0.1
➖	librados2	19.2.3-0ubuntu1.25.10.1
➖	librbd1	19.2.3-0ubuntu1.25.10.1
➖	librdmacm1t64	56.1-1ubuntu1
➖	libreadline8t64	8.3-3
➖	libseccomp	2.6.0-2ubuntu2
➖	libseccomp2	2.6.0-2ubuntu2
➖	libselinux	3.8.1-1build1
➖	libselinux1	3.8.1-1build1
➖	libsemanage	3.8.1-1
➖	libsemanage-common	3.8.1-1
➖	libsemanage2	3.8.1-1
➖	libsepol	3.8.1-1
➖	libsepol2	3.8.1-1
➖	libsmartcols1	2.41-4ubuntu4.1
➖	libsqlite3-0	3.46.1-8
➖	libss2	1.47.2-3ubuntu2
➖	libssl3t64	3.5.3-1ubuntu2
➖	libstdc++6	15.2.0-4ubuntu4
➖	libsystemd0	257.9-0ubuntu2
➖	libtasn1-6	4.20.0-2build1
➖	libtinfo6	6.5+20250216-2build1
➖	libtirpc	1.3.6+ds-1
➖	libtirpc-common	1.3.6+ds-1
➖	libtirpc3t64	1.3.6+ds-1
➖	libudev1	257.9-0ubuntu2
➖	libunistring	1.3-2
➖	libunistring5	1.3-2
➖	libuuid1	2.41-4ubuntu4.1
➖	libxcrypt	1:4.4.38-1build1
➖	libxml2	2.14.5+dfsg-0.2
➖	libxml2-16	2.14.5+dfsg-0.2
➖	libxxhash0	0.8.3-2
➖	libzstd	1.5.7+dfsg-1build2
➖	libzstd1	1.5.7+dfsg-1build2
➖	login	1:4.16.0-2+really2.41-4ubuntu4.1
➖	login.defs	1:4.17.4-2ubuntu2
➖	logsave	1.47.2-3ubuntu2
➖	lvm2	2.03.31-2ubuntu2
➖	lz4	1.10.0-4build1
➖	mawk	1.3.4.20250131-1
➖	media-types	13.0.0
➖	mount	2.41-4ubuntu4.1
➖	ncurses	6.5+20250216-2build1
➖	ncurses-base	6.5+20250216-2build1
➖	ncurses-bin	6.5+20250216-2build1
➖	ndctl	77-2.2ubuntu2
➖	netbase	6.5
➖	nettle	3.10.1-1
➖	numactl	2.0.19-1
➖	openssl	3.5.3-1ubuntu2
➖	openssl-provider-legacy	3.5.3-1ubuntu2
➖	p11-kit	0.25.5-3ubuntu1
➖	pam	1.7.0-5ubuntu2
➖	passwd	1:4.17.4-2ubuntu2
➖	pcre2	10.46-1
➖	perl	5.40.1-6build1
➖	perl-base	5.40.1-6build1
➖	pmdk	1.13.1-1.1ubuntu3
➖	procps	2:4.0.4-8ubuntu3
➖	python3	3.13.7-1
➖	python3-defaults	3.13.7-1
➖	python3-minimal	3.13.7-1
➖	python3.13	3.13.7-1ubuntu0.1
➖	python3.13-minimal	3.13.7-1ubuntu0.1
➖	rdma-core	56.1-1ubuntu1
➖	readline	8.3-3
➖	readline-common	8.3-3
➖	rust-coreutils	0.2.2-0ubuntu2.1
➖	sed	4.9-2build2
➖	sensible-utils	0.0.25
➖	shadow	1:4.17.4-2ubuntu2
➖	sqlite3	3.46.1-8
➖	systemd	257.9-0ubuntu2
➖	sysvinit	3.14-4ubuntu1
➖	sysvinit-utils	3.14-4ubuntu1
➖	tar	1.35+dfsg-3.1build1
➖	tzdata	2025b-3ubuntu1
➖	ubuntu-keyring	2023.11.28.1
➖	util-linux	2.41-4ubuntu4.1
➖	xxhash	0.8.3-2
➖	xz-utils	5.8.1-1build2
➖	zlib	1:1.3.dfsg+really1.3.1-1ubuntu2
➖	zlib1g	1:1.3.dfsg+really1.3.1-1ubuntu2

Changes for packages of type generic (1 changes)

	Package	Version ghcr.io/e7db/diskmark:latest	Version ghcr.io/e7db/diskmark:pr-17
➕	bash		5.3.3

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.