docker

📁 poletron/custom-rules 📅 Jan 26, 2026

总安装量

周安装量

#50749

全站排名

安装命令

npx skills add https://github.com/poletron/custom-rules --skill docker

Agent 安装分布

github-copilot 2

mcpjam 1

claude-code 1

zencoder 1

crush 1

cline 1

Skill 文档

Critical Patterns

Multi-Stage Builds (REQUIRED)

# â ALWAYS: Use multi-stage to reduce final image size
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
CMD ["node", "server.js"]

Non-Root User (REQUIRED)

# â ALWAYS: Run as non-root for security
RUN addgroup -g 1001 -S appgroup && adduser -S appuser -u 1001
USER appuser

Specific Tags (REQUIRED)

# â ALWAYS: Use specific version tags
FROM node:18.19-alpine

# â NEVER: Use 'latest' tag
FROM node:latest

Decision Tree

Need smaller image?     â Use multi-stage build
Need security?          â Run as non-root user
Need caching?           â Order from least to most changing
Need reproducibility?   â Pin exact versions

Code Examples

Layer Optimization

# â Good: Combine commands, clean in same layer
RUN apt-get update && \
    apt-get install -y --no-install-recommends curl && \
    rm -rf /var/lib/apt/lists/*

# â Bad: Separate layers, cache not cleaned
RUN apt-get update
RUN apt-get install curl

Health Checks

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1

Commands

docker build -t myapp:1.0 .           # Build image
docker run -d -p 3000:3000 myapp:1.0  # Run container
docker scan myapp:1.0                  # Scan for vulnerabilities
docker history myapp:1.0               # View layer history

Resources

Additional docs: infrastructure.md

âï¸ Advanced Expert Patterns

1. Dockerfile Optimization & Multi-Stage Builds

Key techniques:

# Optimized multi-stage pattern
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force

FROM node:18-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build && npm prune --production

FROM node:18-alpine AS runtime
RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001
WORKDIR /app
COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules
COPY --from=build --chown=nextjs:nodejs /app/dist ./dist
COPY --from=build --chown=nextjs:nodejs /app/package*.json ./
USER nextjs
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1
CMD ["node", "dist/index.js"]

2. Container Security Hardening

Security patterns:

# Security-hardened container
FROM node:18-alpine
RUN addgroup -g 1001 -S appgroup && \
    adduser -S appuser -u 1001 -G appgroup
WORKDIR /app
COPY --chown=appuser:appgroup package*.json ./
RUN npm ci --only=production
COPY --chown=appuser:appgroup . .
USER 1001
# Drop capabilities, set read-only root filesystem

3. Docker Compose Orchestration

Production-ready compose pattern:

version: '3.8'
services:
  app:
    build:
      context: .
      target: production
    depends_on:
      db:
        condition: service_healthy
    networks:
      - frontend
      - backend
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 256M

  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB_FILE: /run/secrets/db_name
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_name
      - db_user
      - db_password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - backend
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge
    internal: true

volumes:
  postgres_data:

secrets:
  db_name:
    external: true
  db_user:
    external: true  
  db_password:
    external: true

4. Image Size Optimization

Optimization techniques:

# Minimal production image
FROM gcr.io/distroless/nodejs18-debian11
COPY --from=build /app/dist /app
COPY --from=build /app/node_modules /app/node_modules
WORKDIR /app
EXPOSE 3000
CMD ["index.js"]

5. Development Workflow Integration

Development workflow:

# Development override
services:
  app:
    build:
      context: .
      target: development
    volumes:
      - .:/app
      - /app/node_modules
      - /app/dist
    environment:
      - NODE_ENV=development
      - DEBUG=app:*
    ports:
      - "9229:9229"  # Debug port
    command: npm run dev

6. Performance & Resource Management

Resource management:

services:
  app:
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s

Advanced Problem-Solving Patterns

Cross-Platform Builds

# Multi-architecture builds
docker buildx create --name multiarch-builder --use
docker buildx build --platform linux/amd64,linux/arm64 \
  -t myapp:latest --push .

Build Cache Optimization

# Mount build cache for package managers
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN --mount=type=cache,target=/root/.npm \
    npm ci --only=production

Secrets Management

# Build-time secrets (BuildKit)
FROM alpine
RUN --mount=type=secret,id=api_key \
    API_KEY=$(cat /run/secrets/api_key) && \
    # Use API_KEY for build process

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台