detect-docker-antipatterns
Docker Antipattern Detection
Analyze Dockerfiles for antipatterns causing bloated images, poor caching, and unreliable builds.
Antipattern Catalog
1. COPY Before Dependency Install
# BAD: Cache busted on every code change
COPY . /var/www/html
RUN composer install --no-dev
# GOOD: Dependencies first, source second
COPY composer.json composer.lock /var/www/html/
RUN composer install --no-dev --no-scripts --no-autoloader
COPY . /var/www/html
RUN composer dump-autoload --optimize
2. apt-get update in Separate Layer
# BAD: Stale package index
RUN apt-get update
RUN apt-get install -y libpng-dev
# GOOD: Combined in same layer
RUN apt-get update && apt-get install -y --no-install-recommends \
libpng-dev && rm -rf /var/lib/apt/lists/*
3. Using latest Tag
# BAD: Non-deterministic builds
FROM php:latest
# GOOD: Pinned version
FROM php:8.4.3-fpm-bookworm
4. apt-get Without Cleanup
# BAD: Package cache bloats image
RUN apt-get update && apt-get install -y libzip-dev
# GOOD: Cleanup in same layer
RUN apt-get update && apt-get install -y --no-install-recommends \
libzip-dev && rm -rf /var/lib/apt/lists/*
5. Multiple FROM Without Multi-Stage Purpose
# BAD: Build artifacts never copied
FROM node:20
RUN npm ci && npm run build
FROM php:8.4-fpm
COPY . /var/www/html
# GOOD: Artifact copy from named stage
FROM node:20 AS frontend
RUN npm ci && npm run build
FROM php:8.4-fpm
COPY /app/dist /var/www/html/public
6. Unrelated Commands in Single RUN
# BAD: Mixed concerns, poor cache utilization
RUN apt-get update && pecl install redis && composer install
# GOOD: Logically grouped
RUN apt-get update && apt-get install -y --no-install-recommends \
libzip-dev && rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-install zip opcache
RUN pecl install redis && docker-php-ext-enable redis
7. No .dockerignore
# Required .dockerignore to exclude:
.git
.env
vendor
node_modules
tests
docs
docker-compose*.yml
8. Installing Editors in Production
# BAD: Dev tools in production
RUN apt-get install -y vim nano htop strace
# GOOD: Only runtime dependencies
RUN apt-get install -y --no-install-recommends libzip-dev
9. ADD Instead of COPY
# BAD: ADD has implicit tar extraction and URL fetching
ADD app.tar.gz /var/www/html/
# GOOD: Explicit COPY for local files
COPY . /var/www/html/
10. CMD with Shell Form
# BAD: Shell form (no signal forwarding)
CMD php-fpm -F
# GOOD: Exec form (PID 1 receives signals)
CMD ["php-fpm", "-F"]
11. ENTRYPOINT Not Handling Signals
# GOOD: Entrypoint with exec for signal forwarding
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["php-fpm"]
Grep Patterns
Grep: "^COPY \\." --glob "**/Dockerfile*"
Grep: "^RUN apt-get update$" --glob "**/Dockerfile*"
Grep: "^FROM.*:latest" --glob "**/Dockerfile*"
Grep: "apt-get install" --glob "**/Dockerfile*"
Grep: "^ADD " --glob "**/Dockerfile*"
Grep: "^(CMD|ENTRYPOINT) [^\\[]" --glob "**/Dockerfile*"
Grep: "install.*-y.*(vim|nano|htop|strace)" --glob "**/Dockerfile*"
Glob: "**/.dockerignore"
Severity Classification
| Antipattern | Severity | Impact |
|---|---|---|
| COPY before deps install | Critical | Cache invalidation every build |
| Using latest tag | Critical | Non-reproducible builds |
| Installing editors | Major | Image bloat, attack surface |
| apt-get without cleanup | Major | +50-200MB image size |
| Shell form CMD | Major | No signal forwarding |
| ADD instead of COPY | Major | Unexpected behavior |
| Separate apt-get update | Major | Stale packages |
| No .dockerignore | Major | Large build context |
| Unrelated RUN commands | Minor | Poor cache utilization |
| Multiple FROM unused | Minor | Confusion, dead stages |
| No signal handling | Minor | Ungraceful shutdown |
Output Format
### Docker Antipattern: [Name]
**Severity:** Critical/Major/Minor
**File:** `Dockerfile:line`
**Category:** Cache / Size / Security / Reliability
**Issue:** [Description and why it is problematic]
**Fix:** [Corrected instruction snippet]
**Impact:** Build time / Image size / Reliability changes
More from dykyi-roman/awesome-claude-code
psr-overview-knowledge
PHP Standards Recommendations (PSR) overview knowledge base. Provides comprehensive reference for all accepted PSRs including PSR-1,3,4,6,7,11,12,13,14,15,16,17,18,20. Use for PSR selection decisions and compliance audits.
22detect-code-smells
Detects code smells in PHP codebases. Identifies God Class, Feature Envy, Data Clumps, Long Parameter List, Long Method, Primitive Obsession, Message Chains, Inappropriate Intimacy. Generates actionable reports with refactoring recommendations.
15clean-arch-knowledge
Clean Architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Clean Architecture and Hexagonal Architecture audits.
15ddd-knowledge
DDD architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Domain-Driven Design audits.
14testing-knowledge
Testing knowledge base for PHP 8.4 projects. Provides testing pyramid, AAA pattern, naming conventions, isolation principles, DDD testing guidelines, and PHPUnit patterns.
12bug-root-cause-finder
Root cause analysis methods for PHP bugs. Provides 5 Whys technique, fault tree analysis, git bisect guidance, and stack trace parsing.
12