dockerfile-optimise
Dockerfile Optimization Best Practices
Comprehensive Dockerfile optimization guide sourced exclusively from official Docker documentation. Contains 48 rules across 8 categories, prioritized by impact to guide automated refactoring and code generation.
When to Apply
Reference these guidelines when:
- Writing new Dockerfiles or modifying existing ones
- Optimizing Docker build times (layer caching, cache mounts, context management)
- Reducing Docker image size (multi-stage builds, minimal base images)
- Hardening container security (secret mounts, non-root users, attestations)
- Setting up CI/CD pipelines with Docker builds
- Reviewing Dockerfiles for anti-patterns
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|---|---|---|---|
| 1 | Layer Caching & Ordering | CRITICAL | cache- |
| 2 | Multi-Stage Builds | CRITICAL | stage- |
| 3 | Base Image Selection | HIGH | base- |
| 4 | Build Context Management | HIGH | ctx- |
| 5 | Security & Secrets | HIGH | sec- |
| 6 | Dependency Management | MEDIUM-HIGH | dep- |
| 7 | Instruction Patterns | MEDIUM | inst- |
| 8 | Quality & Validation | MEDIUM | lint- |
Quick Reference
1. Layer Caching & Ordering (CRITICAL)
cache-layer-order- Order layers by change frequencycache-copy-deps-first- Copy dependency files before source codecache-copy-link- Use COPY --link for cache-efficient layer copyingcache-mount-package- Use cache mounts for package managerscache-apt-combine- Combine apt-get update with installcache-external- Use external cache for CI/CD buildscache-invalidation- Avoid unnecessary cache invalidationcache-minimize-layers- Consolidate related RUN instructions
2. Multi-Stage Builds (CRITICAL)
stage-separate-build-runtime- Separate build and runtime stagesstage-named-stages- Use named build stagesstage-parallel-branches- Exploit parallel stage executionstage-target-builds- Use target builds for dev/prodstage-copy-artifacts-only- Copy only final artifacts between stagesstage-reusable-base- Create reusable base stages
3. Base Image Selection (HIGH)
base-minimal-image- Use minimal base imagesbase-official-images- Use Docker Official Imagesbase-pin-versions- Pin base image versions with digestsbase-arg-version- Use ARG before FROM to parameterize base imagesbase-rebuild-regularly- Rebuild images regularly with --pullbase-distroless- Use distroless or scratch images for production
4. Build Context Management (HIGH)
ctx-dockerignore- Use .dockerignore to exclude unnecessary filesctx-bind-mounts- Use bind mounts instead of COPY for build-only filesctx-minimize-context- Keep build context smallctx-syntax-directive- Use syntax directive for latest BuildKit features (prerequisite for cache mounts, secret mounts, heredocs, COPY --link)
5. Security & Secrets (HIGH)
sec-secret-mounts- Use secret mounts for sensitive datasec-non-root-user- Run as non-root usersec-no-secrets-in-args- Never pass secrets via ARG or ENVsec-ssh-mounts- Use SSH mounts for private repository accesssec-attestations- Enable SBOM and provenance attestationssec-no-unnecessary-packages- Avoid installing unnecessary packagessec-ephemeral-containers- Design ephemeral, stateless containers
6. Dependency Management (MEDIUM-HIGH)
dep-cache-mount-apt- Use cache mount for apt package managerdep-cache-mount-npm- Use cache mount for npm, yarn, and pnpmdep-cache-mount-pip- Use cache mount for pipdep-version-pin- Pin package versions for reproducibilitydep-cleanup-caches- Clean package manager caches in the same layer
7. Instruction Patterns (MEDIUM)
inst-json-cmd- Use JSON form for CMD and ENTRYPOINTinst-healthcheck- Define HEALTHCHECK for container orchestrationinst-heredoc-scripts- Use heredocs for multi-line scriptsinst-entrypoint-exec- Use exec in entrypoint scriptsinst-workdir-absolute- Use absolute paths with WORKDIRinst-copy-over-add- Prefer COPY over ADD
8. Quality & Validation (MEDIUM)
lint-build-checks- Enable Docker build checkslint-pipefail- Use pipefail for piped RUN commandslint-labels- Use standard labels for image metadatalint-sort-arguments- Sort multi-line arguments alphabeticallylint-single-concern- One concern per container
How to Use
Read individual reference files for detailed explanations and code examples:
- Section definitions - Category structure and impact levels
- Rule template - Template for adding new rules
Reference Files
| File | Description |
|---|---|
| references/_sections.md | Category definitions and ordering |
| assets/templates/_template.md | Template for new rules |
| metadata.json | Version and reference information |
More from pproenca/dot-skills
zod
Zod schema validation best practices for type safety, parsing, and error handling. This skill should be used when defining z.object schemas, using z.string validations, safeParse, or z.infer. This skill does NOT cover React Hook Form integration patterns (use react-hook-form skill) or OpenAPI client generation (use orval skill).
2.0Kclean-architecture
Clean Architecture principles and best practices from Robert C. Martin's book. This skill should be used when designing software systems, reviewing code structure, or refactoring applications to achieve better separation of concerns. Triggers on tasks involving layers, boundaries, dependency direction, entities, use cases, or system architecture.
1.4Kemilkowal-animations
Emil Kowalski's animation best practices for web interfaces. Use when writing, reviewing, or implementing animations in React, CSS, or Framer Motion. Triggers on tasks involving transitions, easing, gestures, toasts, drawers, or motion.
918vitest
Vitest testing framework patterns for test setup, async testing, mocking with vi.*, snapshots, and test performance (formerly test-vitest). This skill should be used when writing or debugging Vitest tests. This skill does NOT cover TDD methodology (use test-tdd skill), API mocking with MSW (use test-msw skill), or Jest-specific APIs.
907typescript
This skill should be used when the user asks to "optimize TypeScript performance", "speed up tsc compilation", "configure tsconfig.json", "fix type errors", "improve async patterns", or encounters TS errors (TS2322, TS2339, "is not assignable to"). Also triggers on .ts, .tsx, .d.ts file work involving type definitions, module organization, or memory management. Does NOT cover TypeScript basics, framework-specific patterns, or testing.
821nuqs
nuqs (type-safe URL query state) best practices for Next.js applications. This skill should be used when writing, reviewing, or refactoring code that uses nuqs for URL state management. Triggers on tasks involving useQueryState, useQueryStates, search params, URL state, query parameters, nuqs parsers, or Next.js routing with state.
735