Menu
Multi-stage pipelines, sidecar patterns, healthchecks, init containers, signal handling, and graceful shutdown.
Debug running containers with log analysis, shell access, state inspection, and network diagnostics.
Use Docker in CI/CD pipelines with GitHub Actions, multi-platform builds, registry push, and layer caching strategies.
Write, debug, and optimize docker-compose.yml files with service definitions, networking, volumes, and healthchecks.
Manage Docker contexts for multi-host and remote Docker engine workflows
Set up development environments with Docker including hot reload, dev containers, bind mounts, and database containers.
Docker Content Trust - image signing, verification, key management, and CI/CD signing pipelines
| name | docker-advanced-workflows |
| description | Multi-stage pipelines, sidecar patterns, healthchecks, init containers, signal handling, and graceful shutdown. |
| standards-version | 1.10.0 |
Use this skill when:
docker_listContainers, docker_inspectContainer, and docker_stats to understand the running environment.docker_top to verify processes, docker_stats for resource usage, docker_events to watch lifecycle events.docker_update to adjust CPU/memory limits live, or docker_wait to synchronize on container completion.User: I want to set up a proper healthcheck for my Node.js API container.
Agent: Here are three approaches depending on your setup:
Dockerfile healthcheck:
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/health', (r) => { process.exit(r.statusCode === 200 ? 0 : 1) })"
Compose healthcheck:
services:
api:
build: .
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', (r) => { process.exit(r.statusCode === 200 ? 0 : 1) })"]
interval: 30s
timeout: 5s
start_period: 10s
retries: 3
depends_on:
db:
condition: service_healthy
Using curl (if available in the image):
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
You can verify it's working with docker_inspectContainer - look at State.Health.Status and State.Health.Log.
User: My container is using too much memory. Can I change the limit without restarting it?
Agent: Yes, use docker_update:
docker_update with containerId="my-api", memory="512m", memorySwap="1g"
Then verify with docker_stats:
docker_stats with containers=["my-api"]
If the container is already exceeding the new limit, it may get OOMKilled. Check current usage with docker_stats first, then set the limit above current usage but below the problematic threshold.
User: How do I handle graceful shutdown in my container?
Agent: Docker sends SIGTERM to PID 1 when stopping a container, then SIGKILL after the grace period (default 10s).
Key rules:
CMD ["node", "server.js"] not CMD node server.js (shell form wraps in /bin/sh which may not forward signals)# Good - exec form, signals go directly to node
CMD ["node", "server.js"]
# For multi-process - use tini as init
RUN apk add --no-cache tini
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["node", "server.js"]
Node.js signal handler:
process.on('SIGTERM', () => {
console.log('SIGTERM received, closing server...');
server.close(() => {
console.log('Server closed, exiting');
process.exit(0);
});
setTimeout(() => process.exit(1), 5000);
});
You can test with docker_stop using a short timeout and watch events with docker_events.
| Tool | Purpose |
|---|---|
docker_stats | Monitor CPU, memory, network I/O for running containers |
docker_top | See running processes inside a container (verify PID 1, check for zombies) |
docker_events | Watch container lifecycle events (start, stop, die, health_status) |
docker_update | Change CPU/memory limits and restart policy without restarting |
docker_wait | Block until a container exits and get its exit code |
docker_cp | Copy files between container and host (configs, logs, debug artifacts) |
docker_inspectContainer | Check healthcheck status, restart count, resource config |
docker_exec | Run commands inside a running container for diagnostics |
Multi-stage build pipeline flow:
1. docker_build with context and Dockerfile
2. docker_run to test the image
3. docker_stats to verify resource usage
4. docker_top to check process tree
5. docker_tag for versioning
6. docker_push to registry
Live resource tuning flow:
1. docker_stats - observe current CPU/memory usage
2. docker_update - adjust limits (cpus, memory, restartPolicy)
3. docker_stats - verify the change took effect
4. docker_events - watch for OOMKill or restart events
CMD node server.js runs under /bin/sh -c, which does not forward SIGTERM to the node process. Always use exec form: CMD ["node", "server.js"].--init flag on docker run or install tini.docker_update with a memory limit lower than current RSS triggers an immediate OOMKill. Check docker_stats first.--until or use the docker_events MCP tool which defaults to a bounded window.restart: always with a crashing container creates an infinite restart loop. Use on-failure with a max retry count during development.FROM node:22-alpine AS builder and COPY --from=builder instead of numeric indices, which break when stages are reordered.