Aller au contenu principal

Skill: ops-docker

Fork

Docker and Docker Compose containerization. Trigger when the user wants to dockerize an application or create containers.

Configuration

PropertyValue
Contextfork
Allowed toolsRead, Write, Edit, Bash, Glob, Grep
Keywordsops, docker, node:20 with full npm, it's just a sandbox

Detailed description

Docker Containerization (pointer)

Dockerfile syntax, Compose schema and image-publish flows drift on each release and are canonical at:

Foundation discipline (keep across releases)

  • Multi-stage builds: always separate build deps from runtime image. The "node:20 with full npm" image weighs 1GB+; the runtime layer should be ~100MB. Build stage produces artifacts, runtime stage copies them in.
  • Non-root user: RUN addgroup -S app && adduser -S app -G app && USER app — never run app code as root inside the container, even if "it's just a sandbox".
  • .dockerignore mandatory: forgotten .git/ or node_modules/ in the build context bloats images by hundreds of MB and leaks secrets. The .dockerignore rules mirror your .gitignore plus build artifacts.
  • HEALTHCHECK at the Dockerfile level: not just at the orchestrator level. Lets Docker/Compose detect unhealthy containers before the orchestrator does.
  • Pin base image major+minor (node:20-alpine, not node:latest or bare node:20): floating tags break reproducibility; SHA pinning is overkill for most apps but worth it for security-critical builds.
  • Secret management: never COPY .env or hardcode credentials in ENV. Use BuildKit secrets (--mount=type=secret) or runtime-injected env vars from the orchestrator.

See also

  • /ops:ops-deploy — deployment checklist consumes the built image
  • /ops:ops-database — Compose patterns for DB services (depends_on: { condition: service_healthy })
  • qa-security — image scanning gate (Snyk/Trivy) before push
  • ops-ci — Hadolint + image scan as CI steps

Automatic triggering

This skill is automatically activated when:

  • The matching keywords are detected in the conversation
  • The task context matches the skill's domain

Triggering examples

  • "I want to ops..."
  • "I want to docker..."
  • "I want to node:20 with full npm..."

Context fork

Fork means the skill runs in an isolated context:

  • Does not pollute the main conversation
  • Results are returned cleanly
  • Ideal for autonomous tasks

See also