AgentSkillsCN

docker

生成适用于生产的 Dockerfile 和 docker-compose.yml 文件。在容器化应用、搭建本地开发环境,或创建多服务部署时,可使用此技能。遵循安全最佳实践(非 root 用户、多阶段构建、镜像中不存储敏感信息)。

SKILL.md
--- frontmatter
name: docker
description: Generate production-ready Dockerfile and docker-compose.yml. Use when containerizing applications, setting up local development environments, or creating multi-service deployments. Applies security best practices (non-root, multi-stage, no secrets in images).

Docker Configuration

Generate Dockerfile and docker-compose.yml.

Requirements

AspectRule
Base imageSpecific version, never latest. Prefer slim/alpine/distroless
UserNon-root (USER appuser)
BuildMulti-stage to minimize final image
LayersDependencies before code for caching
SecretsVia environment variables, never in image
HealthHEALTHCHECK instruction required

Dockerfile Template

dockerfile
# Build
FROM python:3.12-slim-bookworm AS builder
WORKDIR /build
COPY requirements.txt .
RUN pip wheel --no-cache-dir -r requirements.txt -w /wheels

# Production
FROM python:3.12-slim-bookworm
WORKDIR /app
RUN useradd -r -s /bin/false appuser
COPY --from=builder /wheels /wheels
RUN pip install --no-cache-dir /wheels/* && rm -rf /wheels
COPY --chown=appuser:appuser . .
USER appuser
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:8000/health || exit 1
CMD ["python", "-m", "app"]

docker-compose.yml Template

yaml
services:
  app:
    build: .
    ports:
      - "8000:8000"
    environment:
      DATABASE_URL: postgresql://user:pass@db:5432/app
    depends_on:
      db:
        condition: service_healthy

  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: pass
      POSTGRES_DB: app
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user -d app"]
      interval: 5s
      timeout: 5s
      retries: 5

volumes:
  pgdata:

Output

Both files with comments explaining non-obvious choices.