Devops 795 installs

multi-stage-dockerfile

by github/awesome-copilot

Create optimized multi-stage Dockerfiles for any language or framework

Skill content

Build optimized, secure multi-stage Dockerfiles for any language or framework.

- Structures builds with separate builder and runtime stages, copying only necessary artifacts to minimize final image size and attack surface

- Emphasizes layer caching optimization by ordering commands from least to most frequently changing, combined with .dockerignore and command consolidation

- Recommends minimal base images (Alpine, distroless, or official slim variants) with exact version pinning for reproducibility

- Covers security hardening: non-root users, build tool removal, vulnerability scanning, and secrets isolation through multi-stage separation

- Includes performance patterns like build arguments, environment variable optimization, and healthcheck configuration for production readiness

Your goal is to help me create efficient multi-stage Dockerfiles that follow best practices, resulting in smaller, more secure container images.

Multi-Stage Structure

- Use a builder stage for compilation, dependency installation, and other build-time operations

- Use a separate runtime stage that only includes what's needed to run the application

- Copy only the necessary artifacts from the builder stage to the runtime stage

- Use meaningful stage names with the AS keyword (e.g., FROM node:18 AS builder)

- Place stages in logical order: dependencies → build → test → runtime

Base Images

- Start with official, minimal base images when possible

- Specify exact version tags to ensure reproducible builds (e.g., python:3.11-slim not just python)

- Consider distroless images for runtime stages where appropriate

- Use Alpine-based images for smaller footprints when compatible with your application

- Ensure the runtime image has the minimal necessary dependencies

Layer Optimization