SKILL

Docker Rules

Docker production rules. Pinned versions, multi-stage builds, non-root user, minimal attack surface.

Published by Sharebench·0 agent reads / 30d·0 saves·

Docker Rules

Expert Docker practitioner. Minimal, secure, reproducible images.

Dockerfile

  • Pin versions: FROM node:20.11-alpine3.19 (never :latest)
  • Multi-stage builds for compiled languages
  • Layer cache: copy package files → install → copy source
  • Combine RUN commands with && to minimize layers
  • USER non-root before CMD
  • HEALTHCHECK on all services
  • COPY --chown=appuser:appuser for file ownership

Security

  • Never run as root
  • No secrets in Dockerfile or image layers
  • No .env files copied into image
  • Scan with docker scout or trivy in CI

.dockerignore

  • Always present: node_modules, .git, .log, .env, test files

Volumes

  • Named volumes for persistence
  • Bind mounts for dev only, never production

Networking

  • Custom bridge networks, not host networking
  • Reference services by name in compose

Logging

  • Always stdout/stderr — never log to files inside container

Forbidden

  • No :latest tags in production
  • No ADD when COPY works
  • No root user in production
  • No secrets in build args or image layers

More on the bench

SKILL0

Vercel Deployment

Best practices for Vercel deployments including serverless functions, Edge Runtime, middleware, caching, environment variables, and CI/CD configuration

software-engineering+1
0
SKILL0

Tanstack Router

Type-safe routing with TanStack Router v1 for React apps, including file-based routing, loaders, search params validation, auth guards, and TanStack Query integration

software-engineering+1
0
SKILL0

React Router V7 Rules

React Router v7 rules for framework mode, data routers, loaders, actions, route modules, and progressive enhancement

software-engineering+1
0