Merge pull request #24614 from mikesir87/add-new-labs

Create new guides for several new labspaces

Author: mikesir87

.agents/skills/create-lab-guide/SKILL.md

@@ -0,0 +1,126 @@
+---
+name: create-lab-guide
+description: >
+  Create a guide page for a Labspace. This includes writing the markdown content for the guide, 
+  structuring it according to Docker docs conventions, and ensuring it provides clear instructions 
+  and information about the Labspace. Includes learning about the lab itself, extracting out its
+  learning objectives, and combining all of that into a well-structured guide markdown file.
+---
+
+# Create Lab Guide
+
+You are creating a new guide page for a labspace. The guide should be structured according to Docker docs conventions, 
+with clear sections, learning objectives, and instructions for users to get the most out of the lab.
+
+## Inputs
+
+The user provides one or more guides to migrate. Resolve these from the inventory below:
+
+- **REPO_NAME**: GitHub repo in the `dockersamples` org (e.g. `labspace-ai-fundamentals`)
+
+## Step 1: Clone the labspace repo
+
+Clone the guide repo to a temporary directory. This gives you all source files locally — no HTTP calls needed.
+
+```bash
+git clone --depth 1 https://github.com/dockersamples/{REPO_NAME}.git <tmpdir>/{REPO_NAME}
+```
+
+Where `<tmpdir>` is a temporary directory on your system (e.g. the output of `mktemp -d`).
+
+## Step 2: Learn and extract key information about the lab
+
+The repo structure is:
+
+- `<tmpdir>/{REPO_NAME}/README.md` — the main README for the lab
+- `<tmpdir>/{REPO_NAME}/labspace/labspace.yaml` — a YAML document outlining details of the lab, including the sections/modules and the path to their content
+- `<tmpdir>/{REPO_NAME}/labspace/*.md` — the content for each section/module (only reference the files specified in `labspace.yaml`)
+- `<tmpdir>/{REPO_NAME}/.github/workflows/` — the GHA workflow that publishes the labspace. It includes the repo URL for the published Compose file, which will be useful for the "launch" command
+- `<tmpdir>/{REPO_NAME}/compose.override.yaml` - lab-specific Compose customizations
+
+1. Read `README.md` to understand the purpose of the lab.
+2. Read the `labspace/labspace.yaml` to understand the structure of the lab and its sections/modules.
+3. Read the `labspace/*.md` files to extract the learning objectives, instructions, and any code snippets.
+4. Extract a short description that can be used for the `description` and `summary` fields in the guide markdown.
+5. Determine if a model will be pulled when starting the lab by looking at the `compose.override.yaml` file and looking for the any top-level `model` specifications.
+
+
+## Step 2: Write the guide markdown
+
+The markdown file must be located in the `guides/` directory and have a filename of `lab-{GUIDE_ID}.md`.
+
+Sample markdown structure, including frontmatter and content:
+
+```markdown
+---
+title: "Lab: { Short title }"
+linkTitle: "Lab: { Short title }"
+description: |
+  A short description of the lab for SEO and social sharing.
+summary: |
+  A short summary of the lab for the guides listing page. 2-3 lines.
+keywords: AI, Docker, Model Runner, agentic apps, lab, labspace
+aliases: # Include if the lab is an AI-related lab
+  - /labs/docker-for-ai/{REPO_NAME_WITHOUT_LABSPACE_PREFIX}/
+params:
+  tags: [ai, labs]
+  time: 20 minutes
+  resource_links:
+    - title: A resource link pointing to relevant documentation or code
+      url: /ai/model-runner/
+    - title: Labspace repository
+      url: https://github.com/dockersamples/{REPO_NAME}
+---
+
+Short explanation of the lab and what it covers.
+
+## Launch the lab
+
+{{< labspace-launch image="dockersamples/{REPO_NAME}" >}}
+
+## What you'll learn
+
+By the end of this Labspace, you will have completed the following:
+
+- Objective #1
+- Objective #2
+- Objective #3
+- Objective #4
+
+## Modules
+
+| # | Module | Description |
+|---|--------|-------------|
+| 1 | Module #1 | Description of module #1 |
+| 2 | Module #2 | Description of module #2 |
+| 3 | Module #3 | Description of module #3 |
+| 4 | Module #4 | Description of module #4 |
+| 5 | Module #5 | Description of module #5 |
+| 6 | Module #6 | Description of module #6 |
+```
+
+Important notes:
+
+- The learning objectives should be based on the content of the labspace as a whole.
+- The modules should be based on the sections/modules outlined in `labspace.yaml`.
+- All lab guides _must_ have a tag of `labs`
+- If the lab is AI-related, it should also have a tag of `ai` and aliases for `/labs/docker-for-ai/{REPO_NAME}/`
+- If the lab pulls a model, add a `model-download: true` parameter to the `labspace-launch` shortcode to show a warning about model downloads.
+
+
+## Step 3: Apply Docker docs style rules
+
+These are mandatory (from STYLE.md and AGENTS.md):
+
+- **No "we"**: "We are going to create" → "Create" or "Start by creating"
+- **No "let us" / "let's"**: → imperative voice or "You can..."
+- **No hedge words**: remove "simply", "easily", "just", "seamlessly"
+- **No meta-commentary**: remove "it's worth noting", "it's important to understand"
+- **No "allows you to" / "enables you to"**: → "lets you" or rephrase
+- **No "click"**: → "select"
+- **No bold for emphasis or product names**: only bold UI elements
+- **No time-relative language**: remove "currently", "new", "recently", "now"
+- **No exclamations**: remove "Voila!!!" etc.
+- Use `console` language hint for interactive shell blocks with `$` prompts
+- Use contractions: "it's", "you're", "don't"
+

_vale/config/vocabularies/Docker/accept.txt

@@ -96,6 +96,7 @@ g?libc
 GeoNetwork
 GGUF
 Git
+Gitea
 GitHub
 GitHub Actions
 Google

content/guides/lab-agentic-apps.md

@@ -26,6 +26,10 @@ Get up and running with building agentic applications using Compose, Docker
 Model Runner, and the Docker MCP Gateway. This hands-on lab takes you from
 understanding AI models to building complete agentic applications.
 
+## Launch the lab
+
+{{< labspace-launch image="dockersamples/labspace-agentic-apps-with-docker" model-download="true" >}}
+
 ## What you'll learn
 
 This lab covers three core areas of agentic application development:
@@ -51,27 +55,3 @@ file, and configuring your app to use those models and tools
 | 5 | The Docker MCP Gateway | Set up and configure the MCP Gateway |
 | 6 | Putting It All Together | Build a complete agentic application |
 | 7 | Conclusion | Summary and next steps |
-
-## Prerequisites
-
-- Install the latest version of Docker Desktop
-- Enable **Docker Model Runner** by going into Settings in Docker Desktop, choosing AI, then selecting Docker Model Runner
-- Pull the Gemma 3 model before launching by running this command:
-
-```console
-$ docker model pull ai/gemma3
-```
-
-## Launch the lab
-
-Start the labspace:
-
-```console
-$ docker compose -f oci://dockersamples/labspace-agentic-apps-with-docker up -d
-```
-
-Then open your browser to [http://localhost:3030](http://localhost:3030).
-
-> [!NOTE]
->
-> It may take a little while to start due to the AI model download.

content/guides/lab-ai-fundamentals.md

@@ -0,0 +1,50 @@
+---
+title: "Lab: AI Fundamentals for Developers"
+linkTitle: "Lab: AI Fundamentals"
+description: |
+  Learn the core concepts of AI development — models, prompt engineering, tool
+  calling, and RAG — through hands-on exercises in a live environment.
+summary: |
+  Hands-on lab: Learn the four core pillars of AI application development.
+  Work with the Chat Completions API, prompt engineering, tool calling, and RAG
+  through interactive exercises.
+keywords: AI, Docker, Model Runner, prompt engineering, RAG, tool calling, lab, labspace
+aliases:
+  - /labs/docker-for-ai/ai-fundamentals/
+params:
+  tags: [ai, labs]
+  time: 45 minutes
+  resource_links:
+    - title: Docker Model Runner docs
+      url: /ai/model-runner/
+    - title: Labspace repository
+      url: https://github.com/dockersamples/labspace-ai-fundamentals
+---
+
+Get hands-on with the four core pillars of AI application development: models,
+prompt engineering, tool calling, and RAG. This lab runs entirely on your
+machine using Docker Model Runner — no API key or cloud account required.
+
+## Launch the lab
+
+{{< labspace-launch image="dockersamples/labspace-ai-fundamentals" model-download="true" >}}
+
+## What you'll learn
+
+By the end of this Labspace, you will have completed the following:
+
+- Understand the Chat Completions API and how to structure messages for a model
+- Use prompt engineering techniques including system prompts, few-shot examples, and structured output
+- Implement tool calling and the agentic loop in code
+- Build a RAG pipeline that grounds model responses in your own data
+
+## Modules
+
+| #   | Module                               | Description                                                       |
+| --- | ------------------------------------ | ----------------------------------------------------------------- |
+| 1   | Welcome & Setup                      | Introduction to the lab and verifying your environment            |
+| 2   | Talking to Models                    | Chat Completions API, message roles, and stateless model behavior |
+| 3   | Prompt Engineering                   | System prompts, few-shot examples, and structured output          |
+| 4   | Tool Calling                         | Tool definitions, the agentic loop, and executing tools in code   |
+| 5   | Retrieval Augmented Generation (RAG) | Retrieve, augment, and generate with your own knowledge base      |
+| 6   | Wrap-up                              | Summary of concepts and next steps                                |

content/guides/lab-attestation-basics.md

@@ -0,0 +1,56 @@
+---
+title: "Lab: Container Image Attestations"
+linkTitle: "Lab: Container Image Attestations"
+description: |
+  Learn to attach SBOMs, build provenance, image signatures, and VEX
+  statements to container images for a verifiable software supply chain.
+summary: |
+  Hands-on lab: Add supply chain metadata to a container image. Generate
+  SBOMs and SLSA provenance with BuildKit, sign images with Cosign, and
+  attach OpenVEX statements to declare vulnerability exploitability status.
+keywords: Docker, supply chain, SBOM, provenance, SLSA, Cosign, VEX, attestations, security, lab, labspace
+params:
+  tags: [labs]
+  time: 45 minutes
+  resource_links:
+    - title: Build attestations
+      url: /build/metadata/attestations/
+    - title: SBOM attestations
+      url: /build/metadata/attestations/sbom/
+    - title: Provenance attestations
+      url: /build/metadata/attestations/slsa-provenance/
+    - title: Labspace repository
+      url: https://github.com/dockersamples/labspace-attestation-basics
+---
+
+Prove where your container images came from and that they haven't been
+tampered with. This lab walks through generating SBOMs and SLSA build
+provenance with BuildKit, signing images with Cosign, and writing VEX
+statements to declare which CVEs affect your image — the techniques used
+to meet supply chain security requirements like NIST SSDF and EO 14028.
+
+## Launch the lab
+
+{{< labspace-launch image="dockersamples/labspace-attestation-basics" >}}
+
+## What you'll learn
+
+By the end of this Labspace, you will have completed the following:
+
+- Generate and inspect an SPDX SBOM attached to a container image with `--sbom=true`
+- Generate SLSA build provenance with `--provenance=mode=max` and understand how multi-stage builds are fully recorded
+- Install Cosign and use key-based signing to sign and verify a container image
+- Write an OpenVEX statement to declare CVE exploitability status and attach it as a signed attestation
+- Understand how SBOMs, provenance, signatures, and VEX complement each other in a complete supply chain story
+
+## Modules
+
+| #   | Module                            | Description                                                                          |
+| --- | --------------------------------- | ------------------------------------------------------------------------------------ |
+| 1   | Introduction                      | Overview of supply chain attestations and the sample Go app                          |
+| 2   | Software Bill of Materials (SBOM) | Build with `--sbom=true`, inspect SPDX contents, and understand scanner integration  |
+| 3   | Build Provenance                  | Generate SLSA provenance and explore how multi-stage builds are recorded             |
+| 4   | Signing Images with Cosign        | Generate a key pair, sign the image, verify the signature, and learn keyless signing |
+| 5   | VEX Statements                    | Scan for CVEs, write an OpenVEX document, and attach it as a signed attestation      |
+| 6   | Bringing It All Together          | Run the complete build-sign-attest workflow and see the full supply chain picture    |
+| 7   | Recap                             | Summary of skills and next steps for policy enforcement and higher SLSA levels       |

content/guides/lab-building-images.md

@@ -0,0 +1,56 @@
+---
+title: "Lab: Building Container Images"
+linkTitle: "Lab: Building Container Images"
+description: |
+  Learn to build production-grade container images using Dockerfile best
+  practices — layer caching, multi-stage builds, non-root users, base image
+  selection, and secure build-time secret handling.
+summary: |
+  Hands-on lab: Transform a basic Dockerfile into a production-ready image.
+  Master layer caching, multi-stage builds, .dockerignore, non-root users,
+  base image selection, and build secrets.
+keywords: Docker, Dockerfile, images, multi-stage builds, layer caching, build secrets, lab, labspace
+params:
+  tags: [labs]
+  time: 45 minutes
+  resource_links:
+    - title: Dockerfile reference
+      url: /reference/dockerfile/
+    - title: Multi-stage builds
+      url: /build/building/multi-stage/
+    - title: Build secrets
+      url: /build/building/secrets/
+    - title: Labspace repository
+      url: https://github.com/dockersamples/labspace-building-images
+---
+
+Take a working but naïve Dockerfile and progressively improve it into a
+production-grade image. Each section introduces one technique, applied to
+a real Python Flask app, so you can see the impact directly.
+
+## Launch the lab
+
+{{< labspace-launch image="dockersamples/labspace-building-images" >}}
+
+## What you'll learn
+
+By the end of this Labspace, you will have completed the following:
+
+- Read an image's layer history and understand the layer cleanup pitfall
+- Restructure a Dockerfile for fast, cache-efficient incremental builds
+- Write a `.dockerignore` file and run containers as a non-root user
+- Use multi-stage builds to run tests as a build gate and dramatically reduce image size
+- Choose the right base image for production, including Docker Hardened Images
+- Inject secrets safely at build time using `--mount=type=secret`
+
+## Modules
+
+| #   | Module                     | Description                                                            |
+| --- | -------------------------- | ---------------------------------------------------------------------- |
+| 1   | Welcome & Your First Build | Explore the sample app and build the initial image                     |
+| 2   | Understanding Image Layers | Inspect layers with `docker history` and see the layer cleanup pitfall |
+| 3   | Dockerfile Best Practices  | Fix cache ordering, add `.dockerignore`, and switch to a non-root user |
+| 4   | Multi-Stage Builds         | Run tests as a build gate and use a slim base for the production stage |
+| 5   | Choosing a Base Image      | Compare slim, Alpine, and Docker Hardened Images                       |
+| 6   | Build Secrets              | Show why `ARG` leaks secrets and use `--mount=type=secret` safely      |
+| 7   | Wrap-up                    | Review the complete best-practices checklist and next steps            |

content/guides/lab-compose-quickstart.md

@@ -0,0 +1,55 @@
+---
+title: "Lab: Docker Compose Quickstart"
+linkTitle: "Lab: Docker Compose Quickstart"
+description: |
+  Build a multi-container Flask and Redis application from scratch using Docker
+  Compose. Learn health checks, watch mode, named volumes, and multi-file
+  configurations.
+summary: |
+  Hands-on lab: Define and run a multi-container app with Docker Compose.
+  Progress from a bare compose.yaml through health checks, live development
+  with watch mode, data persistence, and modular Compose file composition.
+keywords: Docker, Compose, multi-container, Flask, Redis, watch mode, volumes, lab, labspace
+params:
+  tags: [labs]
+  time: 45 minutes
+  resource_links:
+    - title: Docker Compose docs
+      url: /compose/
+    - title: Compose watch mode
+      url: /compose/how-tos/file-watch/
+    - title: Labspace repository
+      url: https://github.com/dockersamples/labspace-compose-quickstart
+---
+
+Build a Python Flask and Redis hit-counter app using Docker Compose, starting
+from a bare `compose.yaml` and progressively adding production-quality
+features at each step.
+
+## Launch the lab
+
+{{< labspace-launch image="dockersamples/labspace-compose-quickstart" >}}
+
+## What you'll learn
+
+By the end of this Labspace, you will have completed the following:
+
+- Define a multi-service application in a `compose.yaml` file and manage it with Compose commands
+- Control service startup order using health checks and `depends_on` conditions
+- Iterate on code without manual rebuilds using Compose watch mode
+- Persist data across container restarts with named volumes
+- Modularize a stack across multiple files using the `include` directive
+- Use `config`, `logs`, and `exec` to inspect and debug a running stack
+
+## Modules
+
+| #   | Module                           | Description                                                           |
+| --- | -------------------------------- | --------------------------------------------------------------------- |
+| 1   | Introduction                     | Tour the starter app and verify the environment                       |
+| 2   | Defining Services                | Write the first `compose.yaml` and bring up the Flask and Redis stack |
+| 3   | Health Checks & Startup Order    | Add a Redis healthcheck and `depends_on` to eliminate race conditions |
+| 4   | Live Development with Watch Mode | Configure watch mode to sync code changes without manual rebuilds     |
+| 5   | Persistence & Debugging          | Add a named volume so Redis data survives `docker compose down`       |
+| 6   | Using Multiple Compose Files     | Extract Redis into `infra.yaml` and compose files with `include`      |
+| 7   | Additional Commands              | Use `config`, `logs -f`, and `exec` to inspect the running stack      |
+| 8   | Recap                            | Review what was built and explore next steps                          |