Run any Skill in Manus with one click

docker-expert

Advanced Docker containerization expert for multi-stage builds, image optimization, security hardening, and Compose orchestration. Use when the task involves `working with Dockerfile`, `docker-compose.yml`, `containerization`, `multi-stage builds`, or `optimizing Docker images`.

Run Skill in Manus

Stars2

Forks0

UpdatedApril 4, 2026 at 12:10

Source

dallay

dallay/agents-skills

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Network and Computer Systems AdministratorsComputer and Mathematical Occupations15-1244L4

File Explorer

2 files

SKILL.md

readonly

name	docker-expert
description	Advanced Docker containerization expert for multi-stage builds, image optimization, security hardening, and Compose orchestration. Use when the task involves `working with Dockerfile`, `docker-compose.yml`, `containerization`, `multi-stage builds`, or `optimizing Docker images`.
license	MIT
metadata	{"version":"1.0.0"}

When to Use

Creating or optimizing a Dockerfile for any project.
Setting up or reviewing docker-compose.yml for local development or production.
Troubleshooting container security, large image sizes, or slow build times.
Implementing multi-stage builds to separate dependencies from runtime.

Critical Patterns

Security First (Non-Root): NEVER run containers as root. Always create and switch to a non-root user via the USER instruction.
Secrets over Env Vars: Use Docker Secrets (secrets:) for sensitive data in docker-compose.yml rather than plain environment variables.
Multi-Stage Builds: Always separate the builder (compilation, dependency fetching) from the final runtime image. Do not ship build tools to production.
Minimal Attack Surface: Prefer alpine, slim, or distroless base images.
Supply Chain Integrity: Pin base image versions down to the digest (e.g., alpine:3.21@sha256:xyz...).
Layer Caching: Order instructions by frequency of change. Copy and install dependencies before copying the rest of the source code.
One Layer Operations: Chain apt-get update with apt-get install using && and clear the cache (rm -rf /var/lib/apt/lists/*) in the exact same RUN command.

Code Examples

Optimized Multi-Stage Dockerfile

# Stage 1: Build & Dependencies
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN --mount=type=cache,target=/root/.npm \
    npm ci --only=production

# Stage 2: Build source
FROM node:18-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build && npm prune --production

# Stage 3: Runtime
FROM node:18-alpine AS runtime
# Create non-root user explicitly
RUN addgroup -g 1001 -S nodejs && adduser -S appuser -u 1001 -G nodejs
WORKDIR /app

# Copy only what is strictly necessary
COPY --from=deps --chown=appuser:nodejs /app/node_modules ./node_modules
COPY --from=build --chown=appuser:nodejs /app/dist ./dist

# Drop privileges
USER appuser

EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1

CMD ["node", "dist/index.js"]

Production-Ready Compose Pattern

version: '3.8'
services:
  app:
    build:
      context: .
      target: runtime
    depends_on:
      db:
        condition: service_healthy
    networks:
      - frontend
      - backend
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 512M

  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB_FILE: /run/secrets/db_name
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_name
      - db_user
      - db_password
    networks:
      - backend
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5

networks:
  frontend:
  backend:
    internal: true

secrets:
  db_name:
    external: true
  db_user:
    external: true
  db_password:
    external: true

Commands

# Clean builds with no cache
docker build --pull --no-cache -t my-app:latest .

# Validate Compose configuration
docker-compose config

# Check local image sizes and tags
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"

Resources

Templates: See assets/.dockerignore for a production-ready .dockerignore template to optimize build context.

More from this repository

same repository

jest-testing

dallay/agents-skills

Jest testing framework patterns for JavaScript and TypeScript projects, covering test structure, mocking strategies, async testing, snapshot testing, React component testing with Testing Library, and practical test organization. Use when the task involves `Jest`, `JavaScript testing`, `React testing`, `jest.config`, or `unit testing JS`.

2026-04-042

accessibility

dallay/agents-skills

Audit and improve web accessibility following WCAG 2.1 guidelines. Use when the task involves `improve accessibility`, `a11y audit`, `WCAG compliance`, `screen reader support`, `keyboard navigation`, or `make accessible`.

2026-04-042

best-practices

dallay/agents-skills

Apply modern web development best practices for security, compatibility, and code quality. Use when the task involves `apply best practices`, `security audit`, `modernize code`, `code quality review`, or `check for vulnerabilities`.

2026-04-042

brainstorming

dallay/agents-skills

You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation. Use when the task involves `brainstorming`, `brainstorm ideas`, `explore design`, `before creative work`, or `turn ideas into designs`.

2026-04-042

core-web-vitals

dallay/agents-skills

Optimize Core Web Vitals (LCP, INP, CLS) for better page experience and search ranking. Use when the task involves `improve Core Web Vitals`, `fix LCP`, `reduce CLS`, `optimize INP`, `page experience optimization`, or `fix layout shifts`.

2026-04-042

cypress-e2e

dallay/agents-skills

Cypress end-to-end testing patterns for reliable browser-based testing, covering selectors, custom commands, API mocking with cy.intercept, CI configuration, and best practices for deterministic, maintainable E2E test suites. Use when the task involves `Cypress`, `E2E testing`, `cypress.config`, `end-to-end testing`, or `browser testing`.

2026-04-042

name	docker-expert
description	Advanced Docker containerization expert for multi-stage builds, image optimization, security hardening, and Compose orchestration. Use when the task involves `working with Dockerfile`, `docker-compose.yml`, `containerization`, `multi-stage builds`, or `optimizing Docker images`.
license	MIT
metadata	{"version":"1.0.0"}

When to Use

Creating or optimizing a Dockerfile for any project.
Setting up or reviewing docker-compose.yml for local development or production.
Troubleshooting container security, large image sizes, or slow build times.
Implementing multi-stage builds to separate dependencies from runtime.

Critical Patterns

Security First (Non-Root): NEVER run containers as root. Always create and switch to a non-root user via the USER instruction.
Secrets over Env Vars: Use Docker Secrets (secrets:) for sensitive data in docker-compose.yml rather than plain environment variables.
Multi-Stage Builds: Always separate the builder (compilation, dependency fetching) from the final runtime image. Do not ship build tools to production.
Minimal Attack Surface: Prefer alpine, slim, or distroless base images.
Supply Chain Integrity: Pin base image versions down to the digest (e.g., alpine:3.21@sha256:xyz...).
Layer Caching: Order instructions by frequency of change. Copy and install dependencies before copying the rest of the source code.
One Layer Operations: Chain apt-get update with apt-get install using && and clear the cache (rm -rf /var/lib/apt/lists/*) in the exact same RUN command.

Code Examples

Optimized Multi-Stage Dockerfile

# Stage 1: Build & Dependencies
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN --mount=type=cache,target=/root/.npm \
    npm ci --only=production

# Stage 2: Build source
FROM node:18-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build && npm prune --production

# Stage 3: Runtime
FROM node:18-alpine AS runtime
# Create non-root user explicitly
RUN addgroup -g 1001 -S nodejs && adduser -S appuser -u 1001 -G nodejs
WORKDIR /app

# Copy only what is strictly necessary
COPY --from=deps --chown=appuser:nodejs /app/node_modules ./node_modules
COPY --from=build --chown=appuser:nodejs /app/dist ./dist

# Drop privileges
USER appuser

EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1

CMD ["node", "dist/index.js"]

Production-Ready Compose Pattern

version: '3.8'
services:
  app:
    build:
      context: .
      target: runtime
    depends_on:
      db:
        condition: service_healthy
    networks:
      - frontend
      - backend
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 512M

  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB_FILE: /run/secrets/db_name
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_name
      - db_user
      - db_password
    networks:
      - backend
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5

networks:
  frontend:
  backend:
    internal: true

secrets:
  db_name:
    external: true
  db_user:
    external: true
  db_password:
    external: true

Commands

# Clean builds with no cache
docker build --pull --no-cache -t my-app:latest .

# Validate Compose configuration
docker-compose config

# Check local image sizes and tags
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}"

Resources

Templates: See assets/.dockerignore for a production-ready .dockerignore template to optimize build context.