Installation
npx skills add oakoss/agent-skills --skill docker 37
Installs
Docker
Overview
Docker packages applications into isolated containers that run consistently across environments. A Dockerfile defines the image build steps, Compose orchestrates multi-container services, and production patterns ensure small, secure, performant images.
When to use: Containerizing applications, creating reproducible dev environments, orchestrating multi-service stacks, deploying to container platforms (ECS, Kubernetes, Fly.io, Railway, Coolify).
When NOT to use: Simple static sites with no backend (use CDN deploy), single-binary CLI tools (distribute the binary), or when the target platform has native buildpacks (Heroku, Vercel) and you don't need container control.
Quick Reference
| Pattern | Approach | Key Points |
|---|---|---|
| Multi-stage build | Separate builder and production stages |
80%+ image size reduction, no dev deps in production |
| Layer caching | Copy lockfile first, install, then copy source | Dependency layer cached across builds |
| Non-root user | RUN adduser + USER in final stage |
Never run production containers as root |
| Health check | HEALTHCHECK CMD curl or node/python check |
Enables orchestrator restart on failure |
.dockerignore |
Exclude node_modules, .git, .env |
Smaller build context, faster builds |
| Compose services | compose.yaml with service definitions |
Dev environment in one command |
| Compose override | compose.prod.yaml with production settings |
Environment-specific config without duplication |
| Named volumes | volumes: in Compose for persistent data |
Survives container recreation |
| Build cache mount | RUN --mount=type=cache,target=/root/.npm |
Persistent cache across builds |
| Secrets in build | RUN --mount=type=secret,id=token |
Never bake secrets into image layers |
| Image pinning | Pin to major.minor or digest | Reproducible builds, avoid surprise breakage |
| Container networking | Custom bridge networks with service discovery | Containers resolve each other by service name |
| Compose watch | develop.watch with sync/rebuild actions |
Live reload without volume mounts |
| Init process | --init flag or tini entrypoint |
Proper signal handling and zombie reaping |
| Multi-platform | docker buildx build --platform |
ARM (Apple Silicon, Graviton) + x86 in one image |
| Monorepo prune | turbo prune app --docker |
Minimal build context from workspace dependencies |
| CI layer caching | cache-from/cache-to with GHA or registry |
Avoid full rebuilds in CI pipelines |
| Debug containers | docker exec, docker logs, dive |
Inspect running containers and image layers |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
| Installing dev dependencies in production image | Multi-stage build: install in builder, copy artifacts to runtime |
| Copying source before installing dependencies | Copy lockfile first, npm ci, then copy source for cache reuse |
| Running as root in production | Create non-root user, USER directive in final stage |
| Hardcoding secrets in Dockerfile or ENV | Use build secrets (--mount=type=secret) or runtime env |
Using latest tag for base images |
Pin to specific version (node:24-alpine) |
No .dockerignore file |
Exclude node_modules, .git, .env, build artifacts |
Using npm install instead of npm ci |
npm ci for deterministic, lockfile-based installs |
| HEALTHCHECK missing | Add health check for orchestrator integration |
Large base images (node:24) |
Use alpine variants (node:24-alpine) for smaller images |
Ignoring .env file precedence in Compose |
environment: in Compose overrides .env file values |
| Building entire monorepo for one service | Use turbo prune --docker for minimal build context |
| No layer caching in CI | Use cache-from/cache-to with GHA or registry backend |
| Building only for x86 when deploying to ARM | Use docker buildx with --platform linux/amd64,linux/arm64 |
Delegation
- Dockerfile review: Use
Taskagent to audit Dockerfiles for size, security, and caching - Compose exploration: Use
Exploreagent to discover existing Docker configurations - Architecture decisions: Use
Planagent for container orchestration strategy
If the
ci-cd-architectureskill is available, delegate CI/CD pipeline and deployment strategy to it.
If theapplication-securityskill is available, delegate container security scanning and hardening review to it.
References
- Dockerfile patterns: multi-stage builds, layer caching, and image optimization
- Compose: services, networking, volumes, and environment management
- Security: non-root users, secrets, scanning, and production hardening
- Buildx: multi-platform builds for ARM and x86
- CI: GitHub Actions caching, registry push, and automated builds
- Monorepo: Turborepo prune, pnpm workspaces, and selective builds
- Debugging: logs, exec, inspect, layer analysis, and network troubleshooting
Installs
Security Audit
View Source
oakoss/agent-skills
More from this source
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
How to use this skill
Install docker by running npx skills add oakoss/agent-skills --skill docker in your project directory. Run the install command above in your project directory. The skill file will be downloaded from GitHub and placed in your project.
No configuration needed. Your AI agent (Claude Code, Cursor, Windsurf, etc.) automatically detects installed skills and uses them as context when generating code.
The skill enhances your agent's understanding of docker, helping it follow established patterns, avoid common mistakes, and produce production-ready output.
What you get
Skills are plain-text instruction files — not executable code. They encode expert knowledge about frameworks, languages, or tools that your AI agent reads to improve its output. This means zero runtime overhead, no dependency conflicts, and full transparency: you can read and review every instruction before installing.
Compatibility
This skill works with any AI coding agent that supports the skills.sh format, including Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider, and other tools that read project-level context files. Skills are framework-agnostic at the transport level — the content inside determines which language or framework it applies to.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
