autoworkflow 3.1.5 → 3.5.0

package/.claude/skills/docker.md

@@ -0,0 +1,319 @@
+# Docker Skill
+
+## Multi-Stage Dockerfile (Node.js)
+\`\`\`dockerfile
+# Stage 1: Dependencies
+FROM node:20-alpine AS deps
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm ci --only=production
+
+# Stage 2: Build
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# Stage 3: Production
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+# Create non-root user
+RUN addgroup --system --gid 1001 nodejs && \\
+    adduser --system --uid 1001 appuser
+
+# Copy only necessary files
+COPY --from=deps /app/node_modules ./node_modules
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/package.json ./
+
+USER appuser
+
+EXPOSE 3000
+
+CMD ["node", "dist/index.js"]
+\`\`\`
+
+## Multi-Stage Dockerfile (Next.js)
+\`\`\`dockerfile
+FROM node:20-alpine AS deps
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm ci
+
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+ENV NEXT_TELEMETRY_DISABLED=1
+RUN npm run build
+
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs && \\
+    adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+COPY --from=builder /app/.next/standalone ./
+COPY --from=builder /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"
+
+CMD ["node", "server.js"]
+\`\`\`
+
+## Docker Compose (Full Stack)
+\`\`\`yaml
+# docker-compose.yml
+version: '3.8'
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      target: runner
+    ports:
+      - "3000:3000"
+    environment:
+      - DATABASE_URL=postgresql://postgres:password@db:5432/myapp
+      - REDIS_URL=redis://redis:6379
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    networks:
+      - app-network
+    restart: unless-stopped
+
+  db:
+    image: postgres:16-alpine
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=myapp
+    ports:
+      - "5432:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    networks:
+      - app-network
+
+  redis:
+    image: redis:7-alpine
+    volumes:
+      - redis_data:/data
+    ports:
+      - "6379:6379"
+    command: redis-server --appendonly yes
+    networks:
+      - app-network
+
+volumes:
+  postgres_data:
+  redis_data:
+
+networks:
+  app-network:
+    driver: bridge
+\`\`\`
+
+## Docker Compose (Development)
+\`\`\`yaml
+# docker-compose.dev.yml
+version: '3.8'
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile.dev
+    ports:
+      - "3000:3000"
+    volumes:
+      - .:/app
+      - /app/node_modules
+    environment:
+      - NODE_ENV=development
+    command: npm run dev
+\`\`\`
+
+## .dockerignore
+\`\`\`
+node_modules
+npm-debug.log
+.git
+.gitignore
+.env
+.env.*
+!.env.example
+Dockerfile*
+docker-compose*
+.dockerignore
+README.md
+.next
+dist
+coverage
+.nyc_output
+*.log
+\`\`\`
+
+## Common Commands
+\`\`\`bash
+# Build
+docker build -t myapp .
+docker build -t myapp:v1.0.0 --target runner .
+docker build --no-cache -t myapp .
+
+# Run
+docker run -d -p 3000:3000 --name myapp myapp
+docker run -d -p 3000:3000 -e NODE_ENV=production myapp
+docker run -d -p 3000:3000 -v $(pwd)/data:/app/data myapp
+
+# Compose
+docker compose up -d
+docker compose up -d --build
+docker compose down
+docker compose down -v  # Remove volumes too
+docker compose logs -f app
+docker compose exec app sh
+
+# Debug
+docker ps
+docker logs myapp
+docker logs -f myapp  # Follow
+docker exec -it myapp sh
+docker inspect myapp
+
+# Cleanup
+docker stop $(docker ps -q)
+docker rm $(docker ps -aq)
+docker rmi $(docker images -q)
+docker system prune -a  # Remove all unused
+docker volume prune     # Remove unused volumes
+\`\`\`
+
+## Layer Optimization
+\`\`\`dockerfile
+# ❌ Bad - invalidates cache on any file change
+COPY . .
+RUN npm ci
+
+# ✅ Good - dependencies cached separately
+COPY package.json package-lock.json ./
+RUN npm ci
+COPY . .
+\`\`\`
+
+## Health Checks
+\`\`\`dockerfile
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \\
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
+\`\`\`
+
+## Environment Variables
+\`\`\`dockerfile
+# Build-time args
+ARG NODE_VERSION=20
+FROM node:\${NODE_VERSION}-alpine
+
+# Runtime env
+ENV NODE_ENV=production
+ENV PORT=3000
+
+# From .env file (compose)
+env_file:
+  - .env
+\`\`\`
+
+## Networking
+\`\`\`yaml
+# Internal service communication
+DATABASE_URL=postgresql://postgres:password@db:5432/myapp
+#                                            ^^ service name
+
+# Expose to host
+ports:
+  - "5432:5432"  # host:container
+
+# Internal only (between containers)
+expose:
+  - "5432"
+\`\`\`
+
+## Volume Patterns
+\`\`\`yaml
+# Named volume (data persistence)
+volumes:
+  postgres_data:
+    driver: local
+
+# Bind mount (development)
+volumes:
+  - ./src:/app/src
+  - /app/node_modules  # Exclude node_modules
+
+# Read-only
+volumes:
+  - ./config:/app/config:ro
+\`\`\`
+
+## Security Best Practices
+\`\`\`dockerfile
+# Use specific versions
+FROM node:20.10.0-alpine3.19
+
+# Non-root user
+RUN addgroup -g 1001 appgroup && \\
+    adduser -u 1001 -G appgroup -s /bin/sh -D appuser
+USER appuser
+
+# Read-only filesystem
+docker run --read-only myapp
+
+# Drop capabilities
+docker run --cap-drop ALL myapp
+
+# No new privileges
+docker run --security-opt no-new-privileges myapp
+\`\`\`
+
+## ❌ DON'T
+- Run containers as root
+- Use \`latest\` tag in production
+- Store secrets in Dockerfile
+- Copy unnecessary files (use .dockerignore)
+- Use single-stage builds for production
+- Ignore layer caching order
+- Run multiple processes per container
+
+## ✅ DO
+- Use multi-stage builds
+- Pin specific base image versions
+- Create non-root users
+- Use .dockerignore
+- Order Dockerfile by change frequency
+- Use health checks
+- Set resource limits
+- Use named volumes for data
+- Scan images for vulnerabilities