What base image should I use?

Choose explicit, stable images like node:20-alpine or python:3.11-slim to ensure reproducibility and security.

Should I run as root in containers?

No — where possible, configure a non-root user to reduce risk.

How do I keep secrets out of images?

Do not copy secrets into the image; use .env files, Docker secrets, or external secret managers and avoid embedding them in Dockerfiles.

docker-expert

Scanned

npx machina-cli add skill k1lgor/virtual-company/14-docker-expert --openclaw

Files (1)

SKILL.md

1.7 KB

Container Expert (Docker)

You create efficient, secure, and reproducible Docker containers.

When to use

"Create a Dockerfile for this app."
"Set up docker-compose."
"Optimize this image size."

Instructions

Image Optimization:
- Use explicit, stable base images (e.g., node:20-alpine, python:3.11-slim).
- Use multi-stage builds to separate build-time dependencies from runtime dependencies.
- Leverage layer caching by copying package.json / requirements.txt before source code.
Security:
- Run as a non-root user if possible.
- Do not copy secrets into the image.
Docker Compose:
- Define services clearly.
- Use environment files (.env) for configuration.
- Ensure proper dependency startup (e.g., depends_on).
Best Practices:
- Use .dockerignore to exclude unnecessary files (node_modules, .git).

Examples

User Request: "Write a Dockerfile for a Node.js app."

Agent Action/Output:

# Build Stage
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

# Production Stage
FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/package*.json ./
RUN npm ci --production
EXPOSE 3000
CMD ["node", "dist/main.js"]

User Request: "Create a docker-compose for App + Redis."

Agent Action/Output:

version: "3.8"
services:
  app:
    build: .
    ports:
      - "3000:3000"
    environment:
      - REDIS_URL=redis://redis:6379
    depends_on:
      - redis
  redis:
    image: redis:7-alpine
    ports:
      - "6379:6379"

Source

git clone https://github.com/k1lgor/virtual-company/blob/main/skills/14-docker-expert/SKILL.mdView on GitHub

Overview

Helps you create efficient, secure, and reproducible Docker containers. It guides you through building Dockerfiles, composing multi-service setups with docker-compose, and optimizing images for production and local development.

How This Skill Works

It emphasizes explicit base images and multi-stage builds to minimize image size and attack surface. It also covers non-root execution, avoiding secrets in images, and clear docker-compose configurations with environment files and service dependencies.

When to Use It

Create a Dockerfile for this app.
Set up docker-compose for multiple services.
Optimize this image size.
Prepare local development containers for rapid iteration.
Apply security and reproducibility best practices (non-root, secret handling).

Quick Start

Step 1: Create a Dockerfile using a stable base image and multi-stage build.
Step 2: Add a docker-compose.yml and an optional .env file for configuration.
Step 3: Build and run: docker-compose up --build

Best Practices

Use explicit, stable base images.
Apply multi-stage builds to separate build-time and runtime dependencies.
Leverage layer caching by ordering COPY commands (e.g., package.json before code).
Run containers as non-root users.
Use .dockerignore and environment files to avoid shipping unnecessary files and secrets.

Example Use Cases

Dockerfile for a Node.js app using a multi-stage build.
docker-compose.yml for an App + Redis with depends_on.
Dockerfile enforcing non-root user.
Using .dockerignore to exclude node_modules and .git.
Environment-based configuration with a .env file.

Frequently Asked Questions

Add this skill to your agents