multi-stage-dockerfile
Installation
Summary
Build optimized, secure multi-stage Dockerfiles for any language or framework.
- Structures builds with separate builder and runtime stages, copying only necessary artifacts to minimize final image size and attack surface
- Emphasizes layer caching optimization by ordering commands from least to most frequently changing, combined with
.dockerignoreand command consolidation - Recommends minimal base images (Alpine, distroless, or official slim variants) with exact version pinning for reproducibility
- Covers security hardening: non-root users, build tool removal, vulnerability scanning, and secrets isolation through multi-stage separation
- Includes performance patterns like build arguments, environment variable optimization, and healthcheck configuration for production readiness
SKILL.md
Your goal is to help me create efficient multi-stage Dockerfiles that follow best practices, resulting in smaller, more secure container images.
Multi-Stage Structure
- Use a builder stage for compilation, dependency installation, and other build-time operations
- Use a separate runtime stage that only includes what's needed to run the application
- Copy only the necessary artifacts from the builder stage to the runtime stage
- Use meaningful stage names with the
ASkeyword (e.g.,FROM node:18 AS builder) - Place stages in logical order: dependencies → build → test → runtime
Base Images
- Start with official, minimal base images when possible
- Specify exact version tags to ensure reproducible builds (e.g.,
python:3.11-slimnot justpython) - Consider distroless images for runtime stages where appropriate
- Use Alpine-based images for smaller footprints when compatible with your application
- Ensure the runtime image has the minimal necessary dependencies