Claude Code Plugins

Community-maintained marketplace

Feedback

dockerfile-builder

@ehtbanton/ClaudeSkillsRepo
0
0

Generate optimized, production-ready Dockerfiles with multi-stage builds, security best practices, and proper layer caching for various application types. Triggers on "create Dockerfile", "generate Dockerfile for", "docker image for", "containerize my app".

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name dockerfile-builder
description Generate optimized, production-ready Dockerfiles with multi-stage builds, security best practices, and proper layer caching for various application types. Triggers on "create Dockerfile", "generate Dockerfile for", "docker image for", "containerize my app".

Dockerfile Builder

Generate optimized, secure, production-ready Dockerfiles with multi-stage builds and best practices.

Output Requirements

File Output: Dockerfile (no extension) Format: Valid Dockerfile syntax Standards: OCI compliant, BuildKit compatible

When Invoked

Immediately generate a complete, production-ready Dockerfile. Default to multi-stage builds for compiled languages.

Dockerfile Best Practices

Layer Optimization

  • Order instructions from least to most frequently changing
  • Combine related RUN commands with &&
  • Use .dockerignore to exclude unnecessary files
  • Leverage BuildKit cache mounts where appropriate

Security

  • Use specific version tags, never latest
  • Run as non-root user
  • Use minimal base images (alpine, distroless, slim)
  • Don't include secrets in image layers
  • Scan for vulnerabilities

Structure

# Build stage(s)
FROM base AS builder
# ... build steps

# Production stage
FROM minimal-base AS production
# ... copy artifacts and run

Application Templates

Node.js Application

# Build stage
FROM node:20-alpine AS builder

WORKDIR /app

# Install dependencies first (better caching)
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force

# Copy source and build
COPY . .
RUN npm run build

# Production stage
FROM node:20-alpine AS production

# Security: run as non-root
RUN addgroup -g 1001 -S nodejs && \
    adduser -S nextjs -u 1001

WORKDIR /app

# Copy built assets
COPY --from=builder --chown=nextjs:nodejs /app/dist ./dist
COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=nextjs:nodejs /app/package.json ./

USER nextjs

EXPOSE 3000

ENV NODE_ENV=production

CMD ["node", "dist/index.js"]

Python Application

# Build stage
FROM python:3.12-slim AS builder

WORKDIR /app

# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

# Create virtual environment
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

# Install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Production stage
FROM python:3.12-slim AS production

# Security: create non-root user
RUN groupadd -r appgroup && useradd -r -g appgroup appuser

WORKDIR /app

# Copy virtual environment
COPY --from=builder /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

# Copy application
COPY --chown=appuser:appgroup . .

USER appuser

EXPOSE 8000

CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]

Go Application

# Build stage
FROM golang:1.22-alpine AS builder

WORKDIR /app

# Install dependencies
COPY go.mod go.sum ./
RUN go mod download

# Copy source
COPY . .

# Build binary
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o /app/server ./cmd/server

# Production stage - distroless for minimal attack surface
FROM gcr.io/distroless/static-debian12 AS production

COPY --from=builder /app/server /server

EXPOSE 8080

USER nonroot:nonroot

ENTRYPOINT ["/server"]

React/Frontend Application

# Build stage
FROM node:20-alpine AS builder

WORKDIR /app

COPY package*.json ./
RUN npm ci

COPY . .
RUN npm run build

# Production stage - nginx
FROM nginx:alpine AS production

# Remove default config
RUN rm /etc/nginx/conf.d/default.conf

# Copy custom nginx config
COPY nginx.conf /etc/nginx/conf.d/

# Copy built assets
COPY --from=builder /app/dist /usr/share/nginx/html

# Security headers and non-root
RUN chown -R nginx:nginx /usr/share/nginx/html && \
    chmod -R 755 /usr/share/nginx/html

EXPOSE 80

CMD ["nginx", "-g", "daemon off;"]

Java/Spring Boot Application

# Build stage
FROM eclipse-temurin:21-jdk-alpine AS builder

WORKDIR /app

# Copy gradle files
COPY gradle gradle
COPY gradlew build.gradle.kts settings.gradle.kts ./
RUN chmod +x gradlew

# Download dependencies
RUN ./gradlew dependencies --no-daemon

# Copy source and build
COPY src src
RUN ./gradlew bootJar --no-daemon

# Production stage
FROM eclipse-temurin:21-jre-alpine AS production

# Security
RUN addgroup -S spring && adduser -S spring -G spring

WORKDIR /app

# Copy JAR
COPY --from=builder /app/build/libs/*.jar app.jar

RUN chown -R spring:spring /app

USER spring

EXPOSE 8080

ENTRYPOINT ["java", "-jar", "app.jar"]

Rust Application

# Build stage
FROM rust:1.75-alpine AS builder

RUN apk add --no-cache musl-dev

WORKDIR /app

# Cache dependencies
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo "fn main() {}" > src/main.rs
RUN cargo build --release && rm -rf src

# Build actual application
COPY src src
RUN touch src/main.rs && cargo build --release

# Production stage
FROM alpine:3.19 AS production

RUN apk add --no-cache ca-certificates

RUN addgroup -S appgroup && adduser -S appuser -G appgroup

COPY --from=builder /app/target/release/myapp /usr/local/bin/

USER appuser

EXPOSE 8080

CMD ["myapp"]

Common Patterns

Health Check

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1

Build Arguments

ARG NODE_VERSION=20
ARG APP_VERSION=1.0.0

FROM node:${NODE_VERSION}-alpine AS builder

LABEL version="${APP_VERSION}"

Cache Mounts (BuildKit)

# syntax=docker/dockerfile:1.4

RUN --mount=type=cache,target=/root/.npm \
    npm ci --only=production

Secrets (BuildKit)

# syntax=docker/dockerfile:1.4

RUN --mount=type=secret,id=npm_token \
    NPM_TOKEN=$(cat /run/secrets/npm_token) npm ci

.dockerignore Template

Always create alongside Dockerfile:

# Dependencies
node_modules
vendor
__pycache__
*.pyc
target

# Build outputs
dist
build
*.egg-info

# Git
.git
.gitignore

# IDE
.idea
.vscode
*.swp

# Docker
Dockerfile*
docker-compose*
.docker

# Environment
.env
.env.*
*.local

# Tests
coverage
.coverage
htmlcov
.pytest_cache
.nyc_output

# Misc
*.log
*.md
LICENSE
README*

Validation Checklist

Before outputting, verify:

  • Uses specific base image tags (not latest)
  • Multi-stage build for compiled languages
  • Non-root user for production
  • Dependencies cached properly (COPY package files before source)
  • No secrets in image layers
  • EXPOSE matches application port
  • Appropriate CMD/ENTRYPOINT format

Example Invocations

Prompt: "Create Dockerfile for a Node.js Express API" Output: Complete multi-stage Dockerfile with npm caching, non-root user, health check.

Prompt: "Dockerfile for Python FastAPI with poetry" Output: Complete Dockerfile using poetry for dependencies, gunicorn/uvicorn, security hardened.

Prompt: "Generate Dockerfile for Go microservice" Output: Complete Dockerfile with static binary build, distroless production image.