> dockerfile-optimise
Dockerfile optimization guidelines from official Docker documentation. This skill should be used when writing, reviewing, or refactoring Dockerfiles to ensure optimal build time, image size, security, and robustness. Triggers on tasks involving Dockerfile creation, Docker image builds, container optimization, multi-stage builds, build cache, or Docker security hardening.
fetch
$
curl "https://skillshub.wtf/pproenca/dot-skills/dockerfile-optimise?format=md"SKILL.md•dockerfile-optimise
Dockerfile Optimization Best Practices
Comprehensive Dockerfile optimization guide sourced exclusively from official Docker documentation. Contains 48 rules across 8 categories, prioritized by impact to guide automated refactoring and code generation.
When to Apply
Reference these guidelines when:
- Writing new Dockerfiles or modifying existing ones
- Optimizing Docker build times (layer caching, cache mounts, context management)
- Reducing Docker image size (multi-stage builds, minimal base images)
- Hardening container security (secret mounts, non-root users, attestations)
- Setting up CI/CD pipelines with Docker builds
- Reviewing Dockerfiles for anti-patterns
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|---|---|---|---|
| 1 | Layer Caching & Ordering | CRITICAL | cache- |
| 2 | Multi-Stage Builds | CRITICAL | stage- |
| 3 | Base Image Selection | HIGH | base- |
| 4 | Build Context Management | HIGH | ctx- |
| 5 | Security & Secrets | HIGH | sec- |
| 6 | Dependency Management | MEDIUM-HIGH | dep- |
| 7 | Instruction Patterns | MEDIUM | inst- |
| 8 | Quality & Validation | MEDIUM | lint- |
Quick Reference
1. Layer Caching & Ordering (CRITICAL)
cache-layer-order- Order layers by change frequencycache-copy-deps-first- Copy dependency files before source codecache-copy-link- Use COPY --link for cache-efficient layer copyingcache-mount-package- Use cache mounts for package managerscache-apt-combine- Combine apt-get update with installcache-external- Use external cache for CI/CD buildscache-invalidation- Avoid unnecessary cache invalidationcache-minimize-layers- Consolidate related RUN instructions
2. Multi-Stage Builds (CRITICAL)
stage-separate-build-runtime- Separate build and runtime stagesstage-named-stages- Use named build stagesstage-parallel-branches- Exploit parallel stage executionstage-target-builds- Use target builds for dev/prodstage-copy-artifacts-only- Copy only final artifacts between stagesstage-reusable-base- Create reusable base stages
3. Base Image Selection (HIGH)
base-minimal-image- Use minimal base imagesbase-official-images- Use Docker Official Imagesbase-pin-versions- Pin base image versions with digestsbase-arg-version- Use ARG before FROM to parameterize base imagesbase-rebuild-regularly- Rebuild images regularly with --pullbase-distroless- Use distroless or scratch images for production
4. Build Context Management (HIGH)
ctx-dockerignore- Use .dockerignore to exclude unnecessary filesctx-bind-mounts- Use bind mounts instead of COPY for build-only filesctx-minimize-context- Keep build context smallctx-syntax-directive- Use syntax directive for latest BuildKit features (prerequisite for cache mounts, secret mounts, heredocs, COPY --link)
5. Security & Secrets (HIGH)
sec-secret-mounts- Use secret mounts for sensitive datasec-non-root-user- Run as non-root usersec-no-secrets-in-args- Never pass secrets via ARG or ENVsec-ssh-mounts- Use SSH mounts for private repository accesssec-attestations- Enable SBOM and provenance attestationssec-no-unnecessary-packages- Avoid installing unnecessary packagessec-ephemeral-containers- Design ephemeral, stateless containers
6. Dependency Management (MEDIUM-HIGH)
dep-cache-mount-apt- Use cache mount for apt package managerdep-cache-mount-npm- Use cache mount for npm, yarn, and pnpmdep-cache-mount-pip- Use cache mount for pipdep-version-pin- Pin package versions for reproducibilitydep-cleanup-caches- Clean package manager caches in the same layer
7. Instruction Patterns (MEDIUM)
inst-json-cmd- Use JSON form for CMD and ENTRYPOINTinst-healthcheck- Define HEALTHCHECK for container orchestrationinst-heredoc-scripts- Use heredocs for multi-line scriptsinst-entrypoint-exec- Use exec in entrypoint scriptsinst-workdir-absolute- Use absolute paths with WORKDIRinst-copy-over-add- Prefer COPY over ADD
8. Quality & Validation (MEDIUM)
lint-build-checks- Enable Docker build checkslint-pipefail- Use pipefail for piped RUN commandslint-labels- Use standard labels for image metadatalint-sort-arguments- Sort multi-line arguments alphabeticallylint-single-concern- One concern per container
How to Use
Read individual reference files for detailed explanations and code examples:
- Section definitions - Category structure and impact levels
- Rule template - Template for adding new rules
Reference Files
| File | Description |
|---|---|
| references/_sections.md | Category definitions and ordering |
| assets/templates/_template.md | Template for new rules |
| metadata.json | Version and reference information |
> related_skills --same-repo
> valid-skill
A valid test skill with proper formatting. This skill should pass all validations and serves as a reference for the expected format.
> too-long-skill
This skill has more than 500 lines which should fail validation.
> missing-references
This skill references rules that do not have corresponding files in the references directory.
> missing-description
missing-description skill from pproenca/dot-skills
┌ stats
installs/wk0
░░░░░░░░░░github stars80
██████████first seenMar 17, 2026
└────────────