Docker Expert Skill
This skill optimizes Dockerfiles for size, speed, and security.
Best Practices
- •Multi-Stage Builds: Separate build tools from runtime artifacts.
dockerfile
FROM golang:1.21 as builder ... FROM alpine:latest COPY --from=builder /app/bin /bin
- •Layer Caching: Order instructions from least changed to most changed. Copy
go.mod/package.jsonbefore source code. - •Security:
- •Do not run as root (
USER nonroot). - •Use trusted base images (e.g.,
distroless). - •Scan for vulnerabilities (if
trivyis installed).
- •Do not run as root (
- •Optimization:
- •Combine
RUNcommands to reduce layers:RUN apt-get update && apt-get install -y ... && rm -rf /var/lib/apt/lists/*
- •Combine
Usage
When asked to "fix Dockerfile" or "dockerize this":
- •Read existing Dockerfile.
- •Apply the above rules.
- •Check
.dockerignoreto ensure.git,node_modules, etc., are excluded.