dockerfile-optimise
SKILL.md
Dockerfile Optimization Best Practices
Comprehensive Dockerfile optimization guide sourced exclusively from official Docker documentation. Contains 48 rules across 8 categories, prioritized by impact to guide automated refactoring and code generation.
When to Apply
Reference these guidelines when:
- Writing new Dockerfiles or modifying existing ones
- Optimizing Docker build times (layer caching, cache mounts, context management)
- Reducing Docker image size (multi-stage builds, minimal base images)
- Hardening container security (secret mounts, non-root users, attestations)
- Setting up CI/CD pipelines with Docker builds
- Reviewing Dockerfiles for anti-patterns
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|---|---|---|---|
| 1 | Layer Caching & Ordering | CRITICAL | cache- |
| 2 | Multi-Stage Builds | CRITICAL | stage- |
| 3 | Base Image Selection | HIGH | base- |
| 4 | Build Context Management | HIGH | ctx- |
| 5 | Security & Secrets | HIGH | sec- |
| 6 | Dependency Management | MEDIUM-HIGH | dep- |
| 7 | Instruction Patterns | MEDIUM | inst- |
| 8 | Quality & Validation | MEDIUM | lint- |
Quick Reference
1. Layer Caching & Ordering (CRITICAL)
cache-layer-order- Order layers by change frequencycache-copy-deps-first- Copy dependency files before source codecache-copy-link- Use COPY --link for cache-efficient layer copyingcache-mount-package- Use cache mounts for package managerscache-apt-combine- Combine apt-get update with installcache-external- Use external cache for CI/CD buildscache-invalidation- Avoid unnecessary cache invalidationcache-minimize-layers- Consolidate related RUN instructions
2. Multi-Stage Builds (CRITICAL)
stage-separate-build-runtime- Separate build and runtime stagesstage-named-stages- Use named build stagesstage-parallel-branches- Exploit parallel stage executionstage-target-builds- Use target builds for dev/prodstage-copy-artifacts-only- Copy only final artifacts between stagesstage-reusable-base- Create reusable base stages
3. Base Image Selection (HIGH)
base-minimal-image- Use minimal base imagesbase-official-images- Use Docker Official Imagesbase-pin-versions- Pin base image versions with digestsbase-arg-version- Use ARG before FROM to parameterize base imagesbase-rebuild-regularly- Rebuild images regularly with --pullbase-distroless- Use distroless or scratch images for production
4. Build Context Management (HIGH)
ctx-dockerignore- Use .dockerignore to exclude unnecessary filesctx-bind-mounts- Use bind mounts instead of COPY for build-only filesctx-minimize-context- Keep build context smallctx-syntax-directive- Use syntax directive for latest BuildKit features (prerequisite for cache mounts, secret mounts, heredocs, COPY --link)
5. Security & Secrets (HIGH)
sec-secret-mounts- Use secret mounts for sensitive datasec-non-root-user- Run as non-root usersec-no-secrets-in-args- Never pass secrets via ARG or ENVsec-ssh-mounts- Use SSH mounts for private repository accesssec-attestations- Enable SBOM and provenance attestationssec-no-unnecessary-packages- Avoid installing unnecessary packagessec-ephemeral-containers- Design ephemeral, stateless containers
6. Dependency Management (MEDIUM-HIGH)
dep-cache-mount-apt- Use cache mount for apt package managerdep-cache-mount-npm- Use cache mount for npm, yarn, and pnpmdep-cache-mount-pip- Use cache mount for pipdep-version-pin- Pin package versions for reproducibilitydep-cleanup-caches- Clean package manager caches in the same layer
7. Instruction Patterns (MEDIUM)
inst-json-cmd- Use JSON form for CMD and ENTRYPOINTinst-healthcheck- Define HEALTHCHECK for container orchestrationinst-heredoc-scripts- Use heredocs for multi-line scriptsinst-entrypoint-exec- Use exec in entrypoint scriptsinst-workdir-absolute- Use absolute paths with WORKDIRinst-copy-over-add- Prefer COPY over ADD
8. Quality & Validation (MEDIUM)
lint-build-checks- Enable Docker build checkslint-pipefail- Use pipefail for piped RUN commandslint-labels- Use standard labels for image metadatalint-sort-arguments- Sort multi-line arguments alphabeticallylint-single-concern- One concern per container
How to Use
Read individual reference files for detailed explanations and code examples:
- Section definitions - Category structure and impact levels
- Rule template - Template for adding new rules
Reference Files
| File | Description |
|---|---|
| references/_sections.md | Category definitions and ordering |
| assets/templates/_template.md | Template for new rules |
| metadata.json | Version and reference information |
Weekly Installs
46
Repository
pproenca/dot-skillsGitHub Stars
71
First Seen
Feb 15, 2026
Security Audits
Installed on
codex43
github-copilot42
gemini-cli42
opencode41
cursor41
kimi-cli40