一键导入
docker-patterns
Containerization rules for this repo — pinned base image, non-root user, read-only FS, explicit volumes for config and data.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Containerization rules for this repo — pinned base image, non-root user, read-only FS, explicit volumes for config and data.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | docker-patterns |
| description | Containerization rules for this repo — pinned base image, non-root user, read-only FS, explicit volumes for config and data. |
| origin | adapted from ZMB-UZH/omero-docker-extended docker-patterns |
Use this skill whenever you touch Dockerfile, docker-compose.yml, .dockerignore, or any runtime-container entrypoint script.
python:3.12-slim-bookworm). Never use :latest or a floating tag.10001. No apt or pip operations at runtime.ENTRYPOINT ["simple-ai-trading"] so docker run image <cmd> works exactly like the local binary.security_opt: no-new-privileges:true.healthcheck when it has a reachable endpoint or a meaningful readiness probe.ARG or in .env.example, not inline in docker-compose.yml. Compose references ${VAR} with a default via ${VAR:-fallback} only when the fallback is safe for every environment.ro / rw flags. Never mount / or $HOME.CMD is shell (interactive) or menu, not live.BINANCE_LIVE=1 style env that flips testnet=false. Live real-money mode must remain an explicit CLI flag combination with testnet=true, not a container-level setting.~/.config/simple_ai_trading/runtime.json (mode 0600) or from env vars at runtime.docker build -t simple-ai-trading:dev .
docker run --rm simple-ai-trading:dev status
docker run --rm --entrypoint python simple-ai-trading:dev -m pytest -q
Any change to the runtime contract (entrypoint, user, volumes, healthcheck) is a change to operator expectations. Update the README and the .env.example in the same commit.
Use the pinned external CocoIndex Code MCP workflow for broad repository routing, then prove exact candidates with rg and direct file reads.
Bound repository context reads and semantic-search output without weakening source, test, or evidence verification.
Choose staged contract tests that catch partial AI-generated fixes across models, data, risk, execution ownership, and CLI/Windows parity.
Keep concise user docs and machine-readable model evidence synchronized with real behavior without losing provenance or caveats.
Apply four anti-error coding principles plus this repository's stricter financial-evidence, safety, and single-session rules.
Research the existing implementation, tests, primary technical sources, and financial rationale before adding trading code or dependencies.