Generate or review Dockerfiles with multi-stage builds, security hardening, and optimized layer caching
App type: $0
Mode: $1 (default: create)
Analyze the project — Read package.json, requirements.txt, go.mod, or Cargo.toml to understand dependencies and build steps.
Generate a multi-stage Dockerfile:
# Stage 1: Dependencies
FROM node:20-alpine AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci --production=false
# Stage 2: Build
FROM node:20-alpine AS build
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build
# Stage 3: Production
FROM node:20-alpine AS production
WORKDIR /app
ENV NODE_ENV=production
# Non-root user
RUN addgroup -g 1001 -S appgroup && \
adduser -S appuser -u 1001 -G appgroup
USER appuser
COPY --from=build --chown=appuser:appgroup /app/dist ./dist
COPY --from=build --chown=appuser:appgroup /app/node_modules ./node_modules
COPY --from=build --chown=appuser:appgroup /app/package.json ./
EXPOSE 3000
CMD ["node", "dist/server.js"]
.dockerignore:node_modules
.git
.env*
*.md
.next
dist
coverage
Check for:
latest)?npm ci not npm install? Lock files copied?HEALTHCHECK instruction present?Produce:
Dockerfile — production-ready, multi-stage.dockerignore — exclude build artifacts, secrets, dev filesnode:20.11-alpine, not node:latest).env files or secrets into the imageHEALTHCHECK for production images