docker

Multi-Stage Builds (REQUIRED)

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "docker" with this command: npx skills add poletron/custom-rules/poletron-custom-rules-docker

Critical Patterns

Multi-Stage Builds (REQUIRED)

✅ ALWAYS: Use multi-stage to reduce final image size

FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production

FROM node:18-alpine WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY . . CMD ["node", "server.js"]

Non-Root User (REQUIRED)

✅ ALWAYS: Run as non-root for security

RUN addgroup -g 1001 -S appgroup && adduser -S appuser -u 1001 USER appuser

Specific Tags (REQUIRED)

✅ ALWAYS: Use specific version tags

FROM node:18.19-alpine

❌ NEVER: Use 'latest' tag

FROM node:latest

Decision Tree

Need smaller image? → Use multi-stage build Need security? → Run as non-root user Need caching? → Order from least to most changing Need reproducibility? → Pin exact versions

Code Examples

Layer Optimization

✅ Good: Combine commands, clean in same layer

RUN apt-get update &&
apt-get install -y --no-install-recommends curl &&
rm -rf /var/lib/apt/lists/*

❌ Bad: Separate layers, cache not cleaned

RUN apt-get update RUN apt-get install curl

Health Checks

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3
CMD curl -f http://localhost:3000/health || exit 1

Commands

docker build -t myapp:1.0 . # Build image docker run -d -p 3000:3000 myapp:1.0 # Run container docker scan myapp:1.0 # Scan for vulnerabilities docker history myapp:1.0 # View layer history

Resources

  • Additional docs: infrastructure.md

⭐️ Advanced Expert Patterns

  1. Dockerfile Optimization & Multi-Stage Builds

Key techniques:

Optimized multi-stage pattern

FROM node:18-alpine AS deps WORKDIR /app COPY package*.json ./ RUN npm ci --only=production && npm cache clean --force

FROM node:18-alpine AS build WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build && npm prune --production

FROM node:18-alpine AS runtime RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001 WORKDIR /app COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules COPY --from=build --chown=nextjs:nodejs /app/dist ./dist COPY --from=build --chown=nextjs:nodejs /app/package*.json ./ USER nextjs EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3
CMD curl -f http://localhost:3000/health || exit 1 CMD ["node", "dist/index.js"]

  1. Container Security Hardening

Security patterns:

Security-hardened container

FROM node:18-alpine RUN addgroup -g 1001 -S appgroup &&
adduser -S appuser -u 1001 -G appgroup WORKDIR /app COPY --chown=appuser:appgroup package*.json ./ RUN npm ci --only=production COPY --chown=appuser:appgroup . . USER 1001

Drop capabilities, set read-only root filesystem

  1. Docker Compose Orchestration

Production-ready compose pattern:

version: '3.8' services: app: build: context: . target: production depends_on: db: condition: service_healthy networks: - frontend - backend healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/health"] interval: 30s timeout: 10s retries: 3 deploy: resources: limits: cpus: '0.5' memory: 512M reservations: cpus: '0.25' memory: 256M

db: image: postgres:15-alpine environment: POSTGRES_DB_FILE: /run/secrets/db_name POSTGRES_USER_FILE: /run/secrets/db_user POSTGRES_PASSWORD_FILE: /run/secrets/db_password secrets: - db_name - db_user - db_password volumes: - postgres_data:/var/lib/postgresql/data networks: - backend healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] interval: 10s timeout: 5s retries: 5

networks: frontend: driver: bridge backend: driver: bridge internal: true

volumes: postgres_data:

secrets: db_name: external: true db_user: external: true
db_password: external: true

  1. Image Size Optimization

Optimization techniques:

Minimal production image

FROM gcr.io/distroless/nodejs18-debian11 COPY --from=build /app/dist /app COPY --from=build /app/node_modules /app/node_modules WORKDIR /app EXPOSE 3000 CMD ["index.js"]

  1. Development Workflow Integration

Development workflow:

Development override

services: app: build: context: . target: development volumes: - .:/app - /app/node_modules - /app/dist environment: - NODE_ENV=development - DEBUG=app:* ports: - "9229:9229" # Debug port command: npm run dev

  1. Performance & Resource Management

Resource management:

services: app: deploy: resources: limits: cpus: '1.0' memory: 1G reservations: cpus: '0.5' memory: 512M restart_policy: condition: on-failure delay: 5s max_attempts: 3 window: 120s

Advanced Problem-Solving Patterns

Cross-Platform Builds

Multi-architecture builds

docker buildx create --name multiarch-builder --use docker buildx build --platform linux/amd64,linux/arm64
-t myapp:latest --push .

Build Cache Optimization

Mount build cache for package managers

FROM node:18-alpine AS deps WORKDIR /app COPY package*.json ./ RUN --mount=type=cache,target=/root/.npm
npm ci --only=production

Secrets Management

Build-time secrets (BuildKit)

FROM alpine RUN --mount=type=secret,id=api_key
API_KEY=$(cat /run/secrets/api_key) &&
# Use API_KEY for build process

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

lancedb

No summary provided by upstream source.

Repository SourceNeeds Review
-15
poletron
General

git-flow

No summary provided by upstream source.

Repository SourceNeeds Review
-6
poletron
General

trpc

No summary provided by upstream source.

Repository SourceNeeds Review
-6
poletron