From idea-to-code
Provides guidelines for ordering Dockerfile instructions from most stable (FROM, system deps) to least stable (code copy, build) to optimize layer caching. Use when creating or modifying Dockerfiles.
npx claudepluginhub humansintheloop-dev/humansintheloop-dev-workflow-and-tools --plugin idea-to-codeThis skill uses the workspace's default tool permissions.
When creating or modifying Dockerfiles for this project, follow these guidelines:
Optimizes Dockerfiles using 48 official rules on layer caching, multi-stage builds, base images, security, and more for faster builds, smaller images, and robustness. Use when writing, reviewing, or refactoring.
Generate production-ready Dockerfiles or validate existing ones against security and performance best practices including multi-stage builds, non-root users, health checks, layer caching, and .dockerignore.
Generates optimized multi-stage Dockerfiles, .dockerignore, for Node.js, Python, Go, Java apps with security hardening, layer caching, validation, and error fixes.
Share bugs, ideas, or general feedback.
When creating or modifying Dockerfiles for this project, follow these guidelines:
Dockerfile instructions should be ordered from most stable (least likely to change) to least stable (most likely to change). This maximizes Docker layer caching efficiency, resulting in faster builds.
FROM) - Changes rarelyRUN apt-get, RUN apk add) - Changes infrequentlyENV) - Changes occasionallyWORKDIR) - Changes rarelyCOPY package.json, COPY requirements.txt) - Changes when dependencies changeRUN npm install, RUN pip install) - Changes when dependencies changeCOPY . .) - Changes frequently during developmentRUN npm run build) - Changes when code changesEXPOSE, CMD, ENTRYPOINT) - Changes occasionally# 1. Base image (most stable)
FROM node:20-alpine
# 2. System dependencies
RUN apk add --no-cache tini
# 3. Environment variables
ENV NODE_ENV=production
# 4. Working directory
WORKDIR /app
# 5. Copy dependency manifests first
COPY package.json package-lock.json ./
# 6. Install dependencies (cached unless manifests change)
RUN npm ci --only=production
# 7. Copy application code (least stable - changes often)
COPY . .
# 8. Build step
RUN npm run build
# 9. Runtime configuration
EXPOSE 3000
CMD ["/sbin/tini", "--", "node", "dist/index.js"]
# Base image (most stable)
FROM eclipse-temurin:17-jre
WORKDIR /app
# Install system tools (stable - rarely changes)
RUN apt-get update && apt-get install -y curl ca-certificates wget && \
wget -O step-cli.tar.gz https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.27.4/step_linux_0.27.4_$(dpkg --print-architecture).tar.gz && \
tar -xzf step-cli.tar.gz && \
mv step_0.27.4/bin/step /usr/local/bin/step && \
rm -rf step-cli.tar.gz step_0.27.4 && \
apt-get clean && rm -rf /var/lib/apt/lists/*
EXPOSE 8443
# Copy entrypoint script (changes occasionally)
COPY entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh
# Copy application JAR (changes frequently)
COPY build/libs/app.jar /app/app.jar
ENTRYPOINT ["/app/entrypoint.sh"]
Docker builds images in layers. When a layer changes, all subsequent layers must be rebuilt. By placing stable instructions first: