Run any Skill in Manus with one click

Get Started

$pwd:

dockerfile-best-practices

Name: Dockerfile Best Practices
Author: 2SSK

// Docker and container best practices. Multi-stage builds, security, optimization. Use when creating Dockerfiles.

Run Skill in Manus

$ git log --oneline --stat

stars:244

forks:9

updated:April 29, 2026 at 03:35

SKILL.md

readonly

name	dockerfile-best-practices
description	Docker and container best practices. Multi-stage builds, security, optimization. Use when creating Dockerfiles.
compatibility	opencode

Docker Best Practices

Secure, optimized Dockerfiles for production containers.

Core Principles

Small: Minimal layers, minimal size
Secure: Non-root user, read-only where possible
Fast: Multi-stage builds, layer caching
Reproducible: Deterministic builds

Multi-Stage Builds

# Build stage
FROM golang:1.23-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /binary ./cmd/app

# Runtime stage
FROM alpine:3.20
RUN adduser -D -u 1000 appuser
WORKDIR /app

COPY --from=builder /binary /app/app
USER appuser

ENTRYPOINT ["/app/app"]

Security

# Never run as root
USER appuser

# Read-only filesystem (where possible)
# HEALTHCHECK for monitoring
HEALTHCHECK --interval=30s --timeout=3s \
    CMD wget -q --spider http://localhost:8080/healthz || exit 1

Optimization

# Order: least frequently changed → most frequently changed
COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN go build

# This way, go.mod changes trigger cache rebuild, not code changes

Best Practices Checklist

Build Commands

# Build
docker build -t app:latest .

# Scan for vulnerabilities
hadolint Dockerfile
trivy image app:latest

# Build with buildkit
DOCKER_BUILDKIT=1 docker build -t app:latest .

related-skills.json

same repository

cpp-best-practices.md

from "2SSK/dot-files"

C++ development best practices. Modern C++20/23, RAII, zero-overhead abstractions, safety. Use when writing C++ code.

2026-04-29244

go-best-practices.md

from "2SSK/dot-files"

Go development best practices. Idiomatic Go, error handling, concurrency patterns, testing. Use when writing Go code.

2026-04-29244

observability.md

from "2SSK/dot-files"

Observability best practices. Logging, metrics, tracing, alerting. Essential for production services. Use for any backend service.

2026-04-29244

react-native-best-practices.md

from "2SSK/dot-files"

React Native development. Cross-platform code, native modules, performance. Use when building mobile apps.

2026-04-29244

tdd.md

from "2SSK/dot-files"

Test-Driven Development workflow. Write failing test first, implement code to pass, then refactor. Essential for all languages: Go, TypeScript, C++, Python. Use before any implementation task.

2026-04-29244

ship.md

from "2SSK/dot-files"

Use when the user wants to commit, push, and open a pull request for the current changes. Stages relevant files, writes a descriptive commit message, pushes the branch, opens a PR against main, and posts an /oc review comment so opencode automatically reviews and approves if ready.

2026-04-07244

package.json

"author": "2SSK"

"repository": "2SSK/dot-files"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Software DevelopersComputer and Mathematical Occupations15-1252L4

name	dockerfile-best-practices
description	Docker and container best practices. Multi-stage builds, security, optimization. Use when creating Dockerfiles.
compatibility	opencode

Docker Best Practices

Secure, optimized Dockerfiles for production containers.

Core Principles

Small: Minimal layers, minimal size
Secure: Non-root user, read-only where possible
Fast: Multi-stage builds, layer caching
Reproducible: Deterministic builds

Multi-Stage Builds

# Build stage
FROM golang:1.23-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /binary ./cmd/app

# Runtime stage
FROM alpine:3.20
RUN adduser -D -u 1000 appuser
WORKDIR /app

COPY --from=builder /binary /app/app
USER appuser

ENTRYPOINT ["/app/app"]

Security

# Never run as root
USER appuser

# Read-only filesystem (where possible)
# HEALTHCHECK for monitoring
HEALTHCHECK --interval=30s --timeout=3s \
    CMD wget -q --spider http://localhost:8080/healthz || exit 1

Optimization

# Order: least frequently changed → most frequently changed
COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN go build

# This way, go.mod changes trigger cache rebuild, not code changes

Best Practices Checklist

Build Commands

# Build
docker build -t app:latest .

# Scan for vulnerabilities
hadolint Dockerfile
trivy image app:latest

# Build with buildkit
DOCKER_BUILDKIT=1 docker build -t app:latest .

dockerfile-best-practices

Docker Best Practices

Core Principles

Multi-Stage Builds

Security

Optimization

Best Practices Checklist

Build Commands

More from this repository

More from this repository

Docker Best Practices

Core Principles

Multi-Stage Builds

Security

Optimization

Best Practices Checklist

Build Commands