dockerfile

📁 chaterm/terminal-skills 📅 Jan 24, 2026

总安装量

周安装量

#33070

全站排名

安装命令

npx skills add https://github.com/chaterm/terminal-skills --skill dockerfile

Agent 安装分布

claude-code 5

opencode 4

windsurf 3

codex 3

antigravity 3

gemini-cli 3

Skill 文档

Dockerfile ç¼å

æ¦è¿°

Dockerfile æä½³å®è·µãå®å¨æ«æçæè½ã

æä»¤è¯¦è§£

FROM

# åºç¡éå
FROM ubuntu:22.04
FROM node:18-alpine
FROM python:3.11-slim

# å¤é¶æ®µæå»º
FROM node:18 AS builder
FROM nginx:alpine AS production

# ä½¿ç¨ ARG å¨ææå®
ARG BASE_IMAGE=node:18-alpine
FROM ${BASE_IMAGE}

WORKDIR

# è®¾ç½®å·¥ä½ç®å½ï¼æ¨èä½¿ç¨ç»å¯¹è·¯å¾ï¼
WORKDIR /app
WORKDIR /home/node/app

# å¤æ¬¡ä½¿ç¨ä¼åæ¢ç®å½
WORKDIR /app
WORKDIR src
# å½åç®å½: /app/src

COPY ä¸ ADD

# COPYï¼æ¨èï¼
COPY package.json ./
COPY src/ ./src/
COPY --chown=node:node . .

# å¤æä»¶å¤å¶
COPY package.json package-lock.json ./

# ADDï¼æ¯æ URL åè§£åï¼
ADD https://example.com/file.tar.gz /app/
ADD archive.tar.gz /app/           # èªå¨è§£å

# æ¨èï¼ä¼åä½¿ç¨ COPYï¼é¤ééè¦ ADD çç¹æ®åè½

RUN

# Shell å½¢å¼
RUN apt-get update && apt-get install -y curl

# Exec å½¢å¼
RUN ["apt-get", "update"]

# æä½³å®è·µï¼åå¹¶å½ä»¤åå°å±æ°
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        curl \
        wget \
        git && \
    rm -rf /var/lib/apt/lists/*

CMD ä¸ ENTRYPOINT

# CMD - é»è®¤å½ä»¤ï¼å¯è¢«è¦çï¼
CMD ["node", "app.js"]
CMD ["npm", "start"]

# ENTRYPOINT - å¥å£ç¹ï¼ä¸æè¢«è¦çï¼
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["postgres"]

# ç»åä½¿ç¨
ENTRYPOINT ["python"]
CMD ["app.py"]
# è¿è¡: python app.py
# docker run myimage other.py -> python other.py

ENV ä¸ ARG

# ENV - è¿è¡æ¶ç¯å¢åé
ENV NODE_ENV=production
ENV PORT=3000 HOST=0.0.0.0

# ARG - æå»ºæ¶åæ°
ARG VERSION=1.0
ARG BUILD_DATE

# ARG è½¬ ENV
ARG APP_VERSION
ENV APP_VERSION=${APP_VERSION}

# ä½¿ç¨æå»ºåæ°
# docker build --build-arg VERSION=2.0 .

EXPOSE

# å£°æç«¯å£ï¼ææ¡£ä½ç¨ï¼
EXPOSE 80
EXPOSE 443
EXPOSE 3000/tcp
EXPOSE 5000/udp

VOLUME

# å£°ææè½½ç¹
VOLUME /data
VOLUME ["/data", "/logs"]

USER

# åæ¢ç¨æ·
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser

# æä½¿ç¨ UID
USER 1000:1000

HEALTHCHECK

# å¥åº·æ£æ¥
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost/ || exit 1

# ç¦ç¨å¥åº·æ£æ¥
HEALTHCHECK NONE

æä½³å®è·µæ¨¡æ¿

Node.js åºç¨

FROM node:18-alpine

# åå»ºé root ç¨æ·
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

WORKDIR /app

# åå¤å¶ä¾èµæä»¶
COPY package*.json ./

# å®è£ä¾èµ
RUN npm ci --only=production && npm cache clean --force

# å¤å¶æºä»£ç 
COPY --chown=appuser:appgroup . .

# åæ¢ç¨æ·
USER appuser

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=3s \
    CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1

CMD ["node", "app.js"]

Python åºç¨

FROM python:3.11-slim

ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

WORKDIR /app

# å®è£ä¾èµ
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# åå»ºé root ç¨æ·
RUN useradd -m -r appuser && chown appuser:appuser /app
USER appuser

COPY --chown=appuser:appuser . .

EXPOSE 8000

CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]

Go åºç¨

# æå»ºé¶æ®µ
FROM golang:1.21-alpine AS builder

WORKDIR /app

COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o main .

# çäº§é¶æ®µ
FROM scratch

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /app/main /main

EXPOSE 8080

ENTRYPOINT ["/main"]

Java åºç¨

# æå»ºé¶æ®µ
FROM maven:3.9-eclipse-temurin-17 AS builder

WORKDIR /app
COPY pom.xml .
RUN mvn dependency:go-offline

COPY src ./src
RUN mvn package -DskipTests

# çäº§é¶æ®µ
FROM eclipse-temurin:17-jre-alpine

RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser

WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar

EXPOSE 8080

ENTRYPOINT ["java", "-jar", "app.jar"]

.dockerignore

# Git
.git
.gitignore

# Node
node_modules
npm-debug.log

# Python
__pycache__
*.pyc
.venv
venv

# IDE
.idea
.vscode
*.swp

# Docker
Dockerfile*
docker-compose*
.dockerignore

# ææ¡£
*.md
LICENSE

# æµè¯
test
tests
coverage

# å¶ä»
.env
.env.*
*.log
tmp

å®å¨æ£æ¥

éåæ«æ

# Docker Scout
docker scout cves myimage:tag
docker scout recommendations myimage:tag

# Trivy
trivy image myimage:tag

# Snyk
snyk container test myimage:tag

Dockerfile æ£æ¥

# Hadolint
docker run --rm -i hadolint/hadolint < Dockerfile

# Dockle
dockle myimage:tag

å¸¸è§åºæ¯

åºæ¯ 1ï¼å¥å£èæ¬

COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["app"]

#!/bin/bash
set -e

# åå§åé»è¾
if [ "$1" = 'app' ]; then
    # çå¾ä¾èµæå¡
    until nc -z db 5432; do
        echo "Waiting for database..."
        sleep 1
    done
fi

exec "$@"

åºæ¯ 2ï¼å¤æ¶ææå»º

# åå»º builder
docker buildx create --name mybuilder --use

# å¤æ¶ææå»ºå¹¶æ¨é
docker buildx build --platform linux/amd64,linux/arm64 \
    -t myrepo/myimage:tag --push .

åºæ¯ 3ï¼æå»ºç¼å

# ä½¿ç¨ BuildKit ç¼å
docker build --build-arg BUILDKIT_INLINE_CACHE=1 -t myimage:tag .

# ä½¿ç¨ç¼å
docker build --cache-from myimage:tag -t myimage:new .

æéææ¥

é®é¢	ææ¥æ¹æ³
æå»ºæ¢	ä¼å COPY é¡ºåºãä½¿ç¨ç¼å
éåå¤§	å¤é¶æ®µæå»ºãç²¾ç®åºç¡éå
æéé®é¢	æ£æ¥ USERãæä»¶æé
ä¾èµé®é¢	æ£æ¥ç½ç»ãä½¿ç¨å½åéåæº

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

dockerfile

Agent 安装分布

Skill 文档

Dockerfile ç¼å

æ¦è¿°

æä»¤è¯¦è§£

FROM

WORKDIR

COPY ä¸ ADD

RUN

CMD ä¸ ENTRYPOINT

ENV ä¸ ARG

EXPOSE

VOLUME

USER

HEALTHCHECK

æä½³å®è·µæ¨¡æ¿

Node.js åºç¨

Python åºç¨

Go åºç¨

Java åºç¨