DevOps engineering mastery. Docker containerization, Docker Compose, CI/CD with GitHub Actions, Kubernetes basics, infrastructure as code (Terraform), monitoring/alerting, deployment strategies (blue/green, canary, rolling), secrets management, and production readiness checklists. Use when building CI/CD pipelines, containerizing apps, or managing infrastructure.
# ✅ Multi-stage build — minimal final image
FROM node:22-alpine AS builder
WORKDIR /app
# Install deps first (cache layer)
COPY package.json package-lock.json ./
RUN npm ci --ignore-scripts
# Build
COPY . .
RUN npm run build
# ──── Production stage ────
FROM node:22-alpine AS runner
WORKDIR /app
# Security: non-root user
RUN addgroup --system --gid 1001 appgroup && \
adduser --system --uid 1001 appuser
# Copy only production artifacts
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./
USER appuser
EXPOSE 3000
ENV NODE_ENV=production
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
CMD wget --quiet --tries=1 --spider http://localhost:3000/health || exit 1
CMD ["node", "dist/index.js"]
# ❌ HALLUCINATION TRAP: Common Dockerfile mistakes
# ❌ FROM node:22 ← 1GB+ image (use alpine: ~150MB)
# ❌ RUN npm install ← installs devDependencies, no lockfile
# ✅ RUN npm ci ← deterministic, production-only
# ❌ COPY . . ← copies node_modules, .git, secrets
# ✅ Use .dockerignore ← exclude node_modules, .env, .git
# ❌ Running as root ← security vulnerability
# ✅ USER appuser ← non-root user
node_modules
.git
.env
.env.*
*.md
.github
coverage
dist
# docker-compose.yml