acc-docker-buildkit-knowledge
Installation
SKILL.md
Docker BuildKit Knowledge Base
Quick reference for BuildKit features and optimization patterns.
BuildKit Syntax Header
# syntax=docker/dockerfile:1
Always include this as the first line to enable BuildKit features. This directive tells Docker to use the latest stable Dockerfile syntax with BuildKit support.
Mount Types Overview
+---------------------------------------------------------------------------+
| BUILDKIT MOUNT TYPES |
+---------------------------------------------------------------------------+
| |
| type=cache Persistent cache between builds (composer, apk, npm) |
| type=bind Bind-mount files from build context or other stage |
| type=secret Mount sensitive files without baking into layers |
| type=ssh Forward SSH agent for private repository access |
| type=tmpfs Temporary filesystem, discarded after RUN |
| |
+---------------------------------------------------------------------------+
Cache Mount Patterns
Composer Cache
# syntax=docker/dockerfile:1
FROM composer:2 AS deps
WORKDIR /app
COPY composer.json composer.lock ./
RUN \
composer install --no-dev --no-scripts --prefer-dist --no-autoloader
COPY . .
RUN composer dump-autoload --optimize --classmap-authoritative
APK Cache (Alpine)
# syntax=docker/dockerfile:1
FROM php:8.4-fpm-alpine
RUN \
apk add --no-cache libzip-dev icu-dev postgresql-dev && \
docker-php-ext-install zip intl pdo_pgsql opcache
APT Cache (Debian)
# syntax=docker/dockerfile:1
FROM php:8.4-fpm
RUN \
apt-get update && apt-get install -y --no-install-recommends \
libzip-dev libicu-dev libpq-dev && \
docker-php-ext-install zip intl pdo_pgsql opcache
NPM Cache (for frontend assets)
# syntax=docker/dockerfile:1
FROM node:20-alpine AS frontend
WORKDIR /app
COPY package.json package-lock.json ./
RUN \
npm ci --production
COPY resources/ resources/
RUN npm run build
Build Secrets
Private Composer Repository
# syntax=docker/dockerfile:1
FROM composer:2 AS deps
WORKDIR /app
COPY composer.json composer.lock ./
# Mount auth.json as a secret - never stored in any layer
RUN \
composer install --no-dev --prefer-dist
# Build command
docker build --secret id=composer_auth,src=auth.json -t myapp .
Multiple Secrets
RUN \
GITHUB_TOKEN=$(cat /run/secrets/github_token) \
NPM_TOKEN=$(cat /run/secrets/npm_token) \
composer install --no-dev
SSH Forwarding
# syntax=docker/dockerfile:1
FROM composer:2 AS deps
# Install SSH client
RUN apk add --no-cache openssh-client git
WORKDIR /app
COPY composer.json composer.lock ./
# Forward SSH agent for private repos
RUN \
mkdir -p /root/.ssh && \
ssh-keyscan github.com >> /root/.ssh/known_hosts && \
composer install --no-dev --prefer-dist
# Build with SSH forwarding
docker build --ssh default -t myapp .
# Or with specific key
docker build --ssh default=$HOME/.ssh/id_rsa -t myapp .
Parallel Stage Builds
# syntax=docker/dockerfile:1
# Stage 1: Composer dependencies (runs in parallel with Stage 2)
FROM composer:2 AS composer-deps
WORKDIR /app
COPY composer.json composer.lock ./
RUN \
composer install --no-dev --no-scripts --prefer-dist
# Stage 2: Frontend assets (runs in parallel with Stage 1)
FROM node:20-alpine AS frontend
WORKDIR /app
COPY package.json package-lock.json ./
RUN \
npm ci --production
COPY resources/ resources/
RUN npm run build
# Stage 3: PHP extensions (runs in parallel with Stage 1 and 2)
FROM php:8.4-fpm-alpine AS php-ext
RUN \
apk add --no-cache libzip-dev icu-dev && \
docker-php-ext-install zip intl pdo_mysql opcache
# Stage 4: Final image (waits for all parallel stages)
FROM php:8.4-fpm-alpine AS production
COPY /usr/local/lib/php/extensions/ /usr/local/lib/php/extensions/
COPY /usr/local/etc/php/conf.d/ /usr/local/etc/php/conf.d/
COPY /app/vendor /var/www/html/vendor
COPY /app/public/build /var/www/html/public/build
COPY . /var/www/html
BuildKit automatically detects independent stages and builds them in parallel.
Inline Cache
# syntax=docker/dockerfile:1
FROM php:8.4-fpm-alpine
# Enable inline cache metadata in the image
ARG BUILDKIT_INLINE_CACHE=1
# Build with cache export
docker build --build-arg BUILDKIT_INLINE_CACHE=1 -t myapp:latest .
# Build using remote image as cache source
docker build \
--cache-from myregistry/myapp:latest \
--build-arg BUILDKIT_INLINE_CACHE=1 \
-t myapp:latest .
Buildx Multi-Platform
# Create builder instance
docker buildx create --name multiarch --use
# Build for multiple platforms
docker buildx build \
--platform linux/amd64,linux/arm64 \
-t myregistry/myapp:latest \
--push .
# syntax=docker/dockerfile:1
# Platform-aware Dockerfile
FROM composer:2 AS deps
WORKDIR /app
COPY composer.json composer.lock ./
RUN composer install --no-dev --prefer-dist
FROM php:8.4-fpm-alpine
# This stage uses the target platform automatically
COPY /app/vendor /var/www/html/vendor
COPY . /var/www/html
Performance Comparison
| Feature | Without BuildKit | With BuildKit |
|---|---|---|
| Cache mounts | Not available | Persistent across builds |
| Parallel stages | Sequential | Automatic parallel |
| Secret handling | ARG/ENV (insecure) | --mount=type=secret |
| SSH forwarding | Copy keys (insecure) | --mount=type=ssh |
| Build output | Verbose | Structured, progress bar |
| Cache export | Local only | Registry, inline, local |
Detection Patterns
# Check for BuildKit usage
Grep: "syntax=docker/dockerfile" --glob "**/Dockerfile*"
Grep: "--mount=type=" --glob "**/Dockerfile*"
# Find cache optimization opportunities
Grep: "composer install|npm install|apk add|apt-get install" --glob "**/Dockerfile*"
# Check for insecure secret handling
Grep: "ARG.*TOKEN|ARG.*PASSWORD|ARG.*SECRET" --glob "**/Dockerfile*"
Grep: "COPY.*auth.json|COPY.*\.npmrc" --glob "**/Dockerfile*"
Related skills
More from dykyi-roman/awesome-claude-code
psr-overview-knowledge
PHP Standards Recommendations (PSR) overview knowledge base. Provides comprehensive reference for all accepted PSRs including PSR-1,3,4,6,7,11,12,13,14,15,16,17,18,20. Use for PSR selection decisions and compliance audits.
22detect-code-smells
Detects code smells in PHP codebases. Identifies God Class, Feature Envy, Data Clumps, Long Parameter List, Long Method, Primitive Obsession, Message Chains, Inappropriate Intimacy. Generates actionable reports with refactoring recommendations.
15clean-arch-knowledge
Clean Architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Clean Architecture and Hexagonal Architecture audits.
15ddd-knowledge
DDD architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Domain-Driven Design audits.
14testing-knowledge
Testing knowledge base for PHP 8.4 projects. Provides testing pyramid, AAA pattern, naming conventions, isolation principles, DDD testing guidelines, and PHPUnit patterns.
12bug-root-cause-finder
Root cause analysis methods for PHP bugs. Provides 5 Whys technique, fault tree analysis, git bisect guidance, and stack trace parsing.
12