fix(wolfi): Build DX toolbox variant from wolfi-base with SDK tooling

As the Wolfi SDK is built as an appliance, it's missing a few core packages
available in wolfi-base that provide a better development experience

Additionally, an issue was ran into when building from the SDK image where
it will attempt to add a local packages repository that gets hardcoded to
`/github/workspace/packages` preventing clean upgrades

Instead of building from the SDK, build from wolfi-base and install packages
used in the Wolfi SDK image

Signed-off-by: RJ Trujillo <eyecantcu@pm.me>

Author: EyeCantCU

.github/workflows/build-wolfi-toolbox.yml

@@ -8,7 +8,6 @@ on:
 env:
     IMAGE_TAGS: latest
     IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
-    SOURCE_IMAGE_REGISTRY: cgr.dev/chainguard
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
@@ -31,18 +30,10 @@ jobs:
       - name: Checkout Push to Registry action
         uses: actions/checkout@v4
 
-      - name: Determine base image
-        run: |
-          if [[ "${{ matrix.image_name }}" == "wolfi-toolbox" ]]; then
-            echo "SOURCE_IMAGE_NAME=wolfi-base" >> $GITHUB_ENV
-          elif [[ "${{ matrix.image_name }}" == "wolfi-dx-toolbox" ]]; then
-            echo "SOURCE_IMAGE_NAME=sdk" >> $GITHUB_ENV
-          fi
-
       - name: Verify base image
         uses: EyeCantCU/cosign-action/verify@v0.2.2
         with:
-          containers: ${{ env.SOURCE_IMAGE_NAME }}
+          containers: wolfi-base
           cert-identity: https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main
           oidc-issuer: https://token.actions.githubusercontent.com
           registry: cgr.dev/chainguard
@@ -67,8 +58,7 @@ jobs:
           image: ${{ matrix.image_name }}
           tags: ${{ env.IMAGE_TAGS }}
           build-args: |
-            SOURCE_IMAGE_NAME=${{ env.SOURCE_IMAGE_NAME }}
-            SOURCE_IMAGE_REGISTRY=${{ env.SOURCE_IMAGE_REGISTRY }}
+            IMAGE_NAME=${{ matrix.image_name }}
           labels: ${{ steps.meta.outputs.labels }}
           oci: false
 

toolboxes/wolfi-toolbox/Containerfile.wolfi

@@ -1,27 +1,26 @@
-ARG SOURCE_IMAGE_NAME="${SOURCE_IMAGE_NAME:-wolfi-base}"
-ARG SOURCE_IMAGE_REGISTRY="${SOURCE_IMAGE_REGISTRY:-cgr.dev/chainguard}"
-ARG SOURCE_IMAGE="${SOURCE_IMAGE_REGISTRY}/${SOURCE_IMAGE_NAME}"
-
-FROM $SOURCE_IMAGE:latest
+FROM cgr.dev/chainguard/wolfi-base:latest
 # Thanks to Nuno do Carmo for the initial prototype
 
 LABEL com.github.containers.toolbox="true" \
       usage="This image is meant to be used with the Toolbox or Distrobox command" \
       summary="A blank Wolfi distrobox, suitable for development" \
       maintainer="jorge.castro@gmail.com"
 
-COPY ./toolboxes/wolfi-toolbox/packages.wolfi /toolbox-packages
+ARG IMAGE_NAME="${IMAGE_NAME:-wolfi-toolbox}"
+
+COPY ./toolboxes/wolfi-toolbox/packages.wolfi \
+     ./toolboxes/wolfi-toolbox/packages.wolfi-dx \
+     /tmp
 
-# Remove local repository and update image
-RUN sed -i 's/@local.*//g' /etc/apk/repositories \
-    apk update && \
+# Update image
+RUN apk update && \
     apk upgrade
 
 # Add optional packages
-RUN grep -v '^#' /toolbox-packages | xargs apk add
-
-RUN rm /toolbox-packages
-
+RUN grep -v '^#' /tmp/packages.wolfi | xargs apk add && \
+    if [[ "${IMAGE_NAME}" =~ "dx" ]]; then \
+        grep -v '^#' /tmp/packages.wolfi-dx | xargs apk add \
+    ; fi
 
 # Get Distrobox-host-exec and host-spawn
 RUN git clone https://github.com/89luca89/distrobox.git --single-branch /tmp/distrobox && \

toolboxes/wolfi-toolbox/packages.wolfi-dx

@@ -0,0 +1,34 @@
+alpine-keys
+apk-tools
+binutils
+binutils-gold
+bubblewrap
+build-base
+busybox
+ca-certificates-bundle
+expat
+gcc
+glibc
+glibc-dev
+glibc-locale-posix
+gmp
+go
+isl
+libbrotlicommon1
+libbrotlidec1
+libcrypto3
+libcurl4
+libgcc
+libnghttp2-14
+libpcre2-32-0
+libssl3
+libstdc++
+libstdc++-dev
+linux-headers
+make
+mpc
+mpfr
+ncurses-terminfo-base
+pkgconf
+wolfi-baselayout
+zlib