Use when working with ANY Docker task: writing Dockerfiles, configuring docker-compose/compose.yml, multi-stage builds, docker-bake.hcl, container security audits, .dockerignore optimization, or CI/CD container testing. Triggers on: Dockerfile, docker-compose, container, image build, multi-stage, docker bake, compose.
From docker-developmentnpx claudepluginhub netresearch/claude-code-marketplace --plugin docker-developmentThis skill is limited to using the following tools:
checkpoints.yamlreferences/ci-testing.mdreferences/dind-testing-patterns.mdSearches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Patterns for building, testing, and deploying Docker containers.
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
FROM node:20-alpine
RUN addgroup -g 1001 app && adduser -u 1001 -G app -D app
USER app
COPY --from=builder /app .
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget -qO- http://localhost:3000/health || exit 1
CMD ["node", "server.js"]
FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.* ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -o /app/server .
FROM gcr.io/distroless/static:nonroot
COPY --from=builder /app/server /server
CMD ["/server"]
RUN apt-get update && \
apt-get install -y --no-install-recommends curl && \
rm -rf /var/lib/apt/lists/*
COPY package*.json ./
RUN npm ci
COPY . .
Dependency manifests before source so install layers stay cached on source-only changes.
RUN --mount=type=secret,id=ssh_key,dst=/root/.ssh/id_rsa git clone git@github.com:org/repo.git
Secrets in ENV/ARG/COPY persist in layer history (docker history). Use --mount=type=secret.
target "app" {
platforms = ["linux/amd64", "linux/arm64"]
cache-from = ["type=gha"]
cache-to = ["type=gha,mode=max"]
}
| Anti-pattern | Fix |
|---|---|
FROM image:latest | Pin version: image:1.2.3-alpine |
No USER directive | adduser + USER appuser |
chmod 777 | Use specific permissions: chmod 550 |
privileged: true in compose | Remove or use specific cap_add |
volumes: [/:/host] | Mount only needed paths |
ports: ["0.0.0.0:3000:3000"] | Bind to 127.0.0.1:3000:3000 |
ENV DB_PASSWORD=secret | Use --mount=type=secret or compose secrets |
docker run --rm --entrypoint php myimage -vdocker run --rm --add-host backend:127.0.0.1 nginx-image nginx -tcp .env.example .env before docker compose config.env.example, README, docs from scannersExclude: .git, node_modules/vendor, .env*, *.pem, *.key
depends_on with condition: service_healthy + healthcheck with start_period for startup orderingnetworks with internal: true for database isolation from external accessprofiles: [debug] for optional services that only start with --profile debugreferences/ci-testing.md -- Comprehensive CI testing patterns for Docker images