packwise-skills 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cursorrules +23 -23
- package/CLAUDE.md +25 -25
- package/LICENSE +21 -0
- package/README.md +404 -295
- package/audit.md +224 -224
- package/bin/packwise.js +322 -155
- package/install.sh +123 -0
- package/package.json +32 -31
- package/skill.md +944 -719
- package/sub-skills/ai/local-llm.md +183 -183
- package/sub-skills/ai/python-ml.md +164 -164
- package/sub-skills/backend/go-server.md +184 -184
- package/sub-skills/backend/java-spring.md +241 -241
- package/sub-skills/backend/node-server.md +164 -164
- package/sub-skills/backend/php-laravel.md +175 -175
- package/sub-skills/backend/python-server.md +164 -164
- package/sub-skills/backend/rust-backend.md +118 -118
- package/sub-skills/cli/python-cli.md +236 -236
- package/sub-skills/cli/sdk-library.md +497 -497
- package/sub-skills/cloud/ci-cd-pipelines.md +350 -350
- package/sub-skills/cloud/docker.md +191 -191
- package/sub-skills/cloud/kubernetes.md +277 -277
- package/sub-skills/cloud/payment-integration.md +307 -307
- package/sub-skills/cross-platform/multiplatform.md +252 -252
- package/sub-skills/desktop/electron.md +783 -783
- package/sub-skills/desktop/game-dev.md +443 -443
- package/sub-skills/desktop/native-app.md +123 -123
- package/sub-skills/desktop/scenarios.md +443 -443
- package/sub-skills/desktop/smart-platforms.md +324 -324
- package/sub-skills/desktop/tauri.md +428 -428
- package/sub-skills/desktop/vr-ar.md +252 -252
- package/sub-skills/desktop/web-to-desktop.md +153 -153
- package/sub-skills/embedded/car-infotainment.md +129 -129
- package/sub-skills/embedded/esp32.md +184 -184
- package/sub-skills/embedded/ros.md +150 -150
- package/sub-skills/embedded/stm32.md +160 -160
- package/sub-skills/mobile/android.md +322 -322
- package/sub-skills/mobile/capacitor.md +232 -232
- package/sub-skills/mobile/flutter-mobile.md +138 -138
- package/sub-skills/mobile/harmonyos.md +150 -150
- package/sub-skills/mobile/ios.md +245 -245
- package/sub-skills/mobile/react-native.md +443 -443
- package/sub-skills/mobile/wearables.md +230 -230
- package/sub-skills/plugins/browser-extension.md +308 -308
- package/sub-skills/plugins/jetbrains-plugin.md +226 -226
- package/sub-skills/plugins/vscode-extension.md +204 -204
- package/sub-skills/security/security-tools.md +174 -174
- package/sub-skills/web/monorepo.md +274 -274
- package/sub-skills/web/pwa.md +220 -220
- package/sub-skills/web/serverless-edge.md +295 -295
- package/sub-skills/web/spa.md +266 -266
- package/sub-skills/web/ssr.md +228 -228
- package/sub-skills/web/wasm.md +243 -243
|
@@ -1,191 +1,191 @@
|
|
|
1
|
-
# Docker Containerization Sub-Skill
|
|
2
|
-
|
|
3
|
-
Containerize any project for deployment using Docker.
|
|
4
|
-
|
|
5
|
-
## When to Use
|
|
6
|
-
|
|
7
|
-
- Backend service containerization
|
|
8
|
-
- Frontend static resource containerization
|
|
9
|
-
- Full-stack application containerization
|
|
10
|
-
- Microservice architecture
|
|
11
|
-
- Development environment standardization
|
|
12
|
-
|
|
13
|
-
## Dockerfile Templates
|
|
14
|
-
|
|
15
|
-
### Node.js Application
|
|
16
|
-
|
|
17
|
-
```dockerfile
|
|
18
|
-
FROM node:22-alpine AS builder
|
|
19
|
-
WORKDIR /app
|
|
20
|
-
COPY package*.json ./
|
|
21
|
-
RUN npm ci
|
|
22
|
-
COPY . .
|
|
23
|
-
RUN npm run build
|
|
24
|
-
|
|
25
|
-
FROM node:22-alpine
|
|
26
|
-
WORKDIR /app
|
|
27
|
-
COPY --from=builder /app/dist ./dist
|
|
28
|
-
COPY --from=builder /app/node_modules ./node_modules
|
|
29
|
-
COPY --from=builder /app/package.json ./
|
|
30
|
-
RUN apk add --no-cache tini && \
|
|
31
|
-
addgroup -S appgroup && adduser -S appuser -G appgroup && \
|
|
32
|
-
chown -R appuser:appgroup /app
|
|
33
|
-
USER appuser
|
|
34
|
-
EXPOSE 3000
|
|
35
|
-
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/health || exit 1
|
|
36
|
-
ENTRYPOINT ["/sbin/tini", "--"]
|
|
37
|
-
CMD ["node", "dist/server.js"]
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
### Python Application
|
|
41
|
-
|
|
42
|
-
```dockerfile
|
|
43
|
-
FROM python:3.13-slim AS builder
|
|
44
|
-
WORKDIR /app
|
|
45
|
-
COPY requirements.txt .
|
|
46
|
-
RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
|
|
47
|
-
|
|
48
|
-
FROM python:3.13-slim
|
|
49
|
-
WORKDIR /app
|
|
50
|
-
COPY --from=builder /install /usr/local
|
|
51
|
-
COPY . .
|
|
52
|
-
RUN groupadd -r appuser && useradd -r -g appuser appuser && \
|
|
53
|
-
chown -R appuser:appuser /app
|
|
54
|
-
USER appuser
|
|
55
|
-
EXPOSE 8000
|
|
56
|
-
HEALTHCHECK --interval=30s --timeout=3s CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')" || exit 1
|
|
57
|
-
CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "app:app"]
|
|
58
|
-
```
|
|
59
|
-
|
|
60
|
-
### Go Application
|
|
61
|
-
|
|
62
|
-
```dockerfile
|
|
63
|
-
FROM golang:1.23-alpine AS builder
|
|
64
|
-
WORKDIR /app
|
|
65
|
-
COPY go.* ./
|
|
66
|
-
RUN go mod download
|
|
67
|
-
COPY . .
|
|
68
|
-
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o myapp .
|
|
69
|
-
|
|
70
|
-
FROM alpine:latest
|
|
71
|
-
RUN apk add --no-cache ca-certificates tzdata && \
|
|
72
|
-
addgroup -S appgroup && adduser -S appuser -G appgroup
|
|
73
|
-
COPY --from=builder /app/myapp /myapp
|
|
74
|
-
USER appuser
|
|
75
|
-
EXPOSE 8080
|
|
76
|
-
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:8080/health || exit 1
|
|
77
|
-
CMD ["/myapp"]
|
|
78
|
-
```
|
|
79
|
-
|
|
80
|
-
### Static Frontend
|
|
81
|
-
|
|
82
|
-
```dockerfile
|
|
83
|
-
FROM nginx:alpine
|
|
84
|
-
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
|
85
|
-
COPY dist/ /usr/share/nginx/html
|
|
86
|
-
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
|
87
|
-
RUN chown -R appuser:appgroup /usr/share/nginx/html
|
|
88
|
-
USER appuser
|
|
89
|
-
EXPOSE 80
|
|
90
|
-
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:80/ || exit 1
|
|
91
|
-
```
|
|
92
|
-
|
|
93
|
-
## Docker Compose
|
|
94
|
-
|
|
95
|
-
```yaml
|
|
96
|
-
services:
|
|
97
|
-
app:
|
|
98
|
-
build: .
|
|
99
|
-
ports: ["3000:3000"]
|
|
100
|
-
environment:
|
|
101
|
-
- DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
|
102
|
-
depends_on:
|
|
103
|
-
db:
|
|
104
|
-
condition: service_healthy
|
|
105
|
-
restart: unless-stopped
|
|
106
|
-
db:
|
|
107
|
-
image: postgres:16
|
|
108
|
-
environment:
|
|
109
|
-
POSTGRES_USER: ${POSTGRES_USER}
|
|
110
|
-
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
111
|
-
POSTGRES_DB: ${POSTGRES_DB}
|
|
112
|
-
volumes: ["pgdata:/var/lib/postgresql/data"]
|
|
113
|
-
healthcheck:
|
|
114
|
-
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
|
|
115
|
-
interval: 10s
|
|
116
|
-
timeout: 5s
|
|
117
|
-
retries: 5
|
|
118
|
-
restart: unless-stopped
|
|
119
|
-
volumes:
|
|
120
|
-
pgdata:
|
|
121
|
-
```
|
|
122
|
-
|
|
123
|
-
> **Security**: Never hardcode passwords in docker-compose.yml. Use `.env` file (add to `.gitignore`) or Docker secrets.
|
|
124
|
-
|
|
125
|
-
> **Best practice**: Commit a `.env.example` file (without real values) to version control so other developers know which environment variables are required. The actual `.env` file must remain in `.gitignore`.
|
|
126
|
-
>
|
|
127
|
-
> ```text
|
|
128
|
-
> # .env.example (commit this — no real values)
|
|
129
|
-
> POSTGRES_USER=your_user
|
|
130
|
-
> POSTGRES_PASSWORD=
|
|
131
|
-
> POSTGRES_DB=your_db
|
|
132
|
-
> ```
|
|
133
|
-
|
|
134
|
-
## .dockerignore (Required)
|
|
135
|
-
|
|
136
|
-
```text
|
|
137
|
-
# .dockerignore — must be in the same directory as Dockerfile
|
|
138
|
-
node_modules
|
|
139
|
-
.git
|
|
140
|
-
.gitignore
|
|
141
|
-
.env
|
|
142
|
-
.env.*
|
|
143
|
-
*.md
|
|
144
|
-
.dockerignore
|
|
145
|
-
Dockerfile
|
|
146
|
-
docker-compose*.yml
|
|
147
|
-
.vscode
|
|
148
|
-
.idea
|
|
149
|
-
coverage
|
|
150
|
-
test
|
|
151
|
-
tests
|
|
152
|
-
*.log
|
|
153
|
-
dist
|
|
154
|
-
build
|
|
155
|
-
```
|
|
156
|
-
|
|
157
|
-
## Image Security Scanning
|
|
158
|
-
|
|
159
|
-
```bash
|
|
160
|
-
# Scan for vulnerabilities before pushing
|
|
161
|
-
docker scout cves myapp:latest # Docker Scout (built-in)
|
|
162
|
-
trivy image myapp:latest # Trivy (open-source)
|
|
163
|
-
grype myapp:latest # Anchore Grype
|
|
164
|
-
|
|
165
|
-
# Scan in CI
|
|
166
|
-
docker scout cves --only-severity critical,high myapp:latest
|
|
167
|
-
```
|
|
168
|
-
|
|
169
|
-
## Best Practices
|
|
170
|
-
|
|
171
|
-
| Practice | Description |
|
|
172
|
-
|----------|-------------|
|
|
173
|
-
| Multi-stage build | Reduce image size by separating build and runtime |
|
|
174
|
-
| Alpine base image | Smaller images (5MB vs 100MB+ for Debian) |
|
|
175
|
-
| .dockerignore | Exclude node_modules, .git, .env, tests |
|
|
176
|
-
| Non-root user | Run as non-root in production (`USER appuser`) |
|
|
177
|
-
| Health check | `HEALTHCHECK` instruction for container orchestration |
|
|
178
|
-
| Pinned versions | Avoid `latest` tag; use specific versions (`node:22.3.1-alpine`) |
|
|
179
|
-
| No secrets in image | Use env vars, Docker secrets, or mounted volumes |
|
|
180
|
-
| Image scanning | Scan for CVEs before pushing (`docker scout cves`) |
|
|
181
|
-
| Read-only filesystem | `--read-only` flag prevents runtime file modifications |
|
|
182
|
-
| No `ADD` when `COPY` suffices | `ADD` can fetch URLs and extract archives (security risk) |
|
|
183
|
-
|
|
184
|
-
## Common Pitfalls
|
|
185
|
-
|
|
186
|
-
| Issue | Fix |
|
|
187
|
-
|-------|-----|
|
|
188
|
-
| Large image | Multi-stage build + Alpine |
|
|
189
|
-
| Slow build | Leverage Docker layer caching |
|
|
190
|
-
| Permission issues | Use non-root user |
|
|
191
|
-
| Timezone | Set `TZ` environment variable |
|
|
1
|
+
# Docker Containerization Sub-Skill
|
|
2
|
+
|
|
3
|
+
Containerize any project for deployment using Docker.
|
|
4
|
+
|
|
5
|
+
## When to Use
|
|
6
|
+
|
|
7
|
+
- Backend service containerization
|
|
8
|
+
- Frontend static resource containerization
|
|
9
|
+
- Full-stack application containerization
|
|
10
|
+
- Microservice architecture
|
|
11
|
+
- Development environment standardization
|
|
12
|
+
|
|
13
|
+
## Dockerfile Templates
|
|
14
|
+
|
|
15
|
+
### Node.js Application
|
|
16
|
+
|
|
17
|
+
```dockerfile
|
|
18
|
+
FROM node:22-alpine AS builder
|
|
19
|
+
WORKDIR /app
|
|
20
|
+
COPY package*.json ./
|
|
21
|
+
RUN npm ci
|
|
22
|
+
COPY . .
|
|
23
|
+
RUN npm run build
|
|
24
|
+
|
|
25
|
+
FROM node:22-alpine
|
|
26
|
+
WORKDIR /app
|
|
27
|
+
COPY --from=builder /app/dist ./dist
|
|
28
|
+
COPY --from=builder /app/node_modules ./node_modules
|
|
29
|
+
COPY --from=builder /app/package.json ./
|
|
30
|
+
RUN apk add --no-cache tini && \
|
|
31
|
+
addgroup -S appgroup && adduser -S appuser -G appgroup && \
|
|
32
|
+
chown -R appuser:appgroup /app
|
|
33
|
+
USER appuser
|
|
34
|
+
EXPOSE 3000
|
|
35
|
+
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:3000/health || exit 1
|
|
36
|
+
ENTRYPOINT ["/sbin/tini", "--"]
|
|
37
|
+
CMD ["node", "dist/server.js"]
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
### Python Application
|
|
41
|
+
|
|
42
|
+
```dockerfile
|
|
43
|
+
FROM python:3.13-slim AS builder
|
|
44
|
+
WORKDIR /app
|
|
45
|
+
COPY requirements.txt .
|
|
46
|
+
RUN pip install --no-cache-dir --prefix=/install -r requirements.txt
|
|
47
|
+
|
|
48
|
+
FROM python:3.13-slim
|
|
49
|
+
WORKDIR /app
|
|
50
|
+
COPY --from=builder /install /usr/local
|
|
51
|
+
COPY . .
|
|
52
|
+
RUN groupadd -r appuser && useradd -r -g appuser appuser && \
|
|
53
|
+
chown -R appuser:appuser /app
|
|
54
|
+
USER appuser
|
|
55
|
+
EXPOSE 8000
|
|
56
|
+
HEALTHCHECK --interval=30s --timeout=3s CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')" || exit 1
|
|
57
|
+
CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "app:app"]
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
### Go Application
|
|
61
|
+
|
|
62
|
+
```dockerfile
|
|
63
|
+
FROM golang:1.23-alpine AS builder
|
|
64
|
+
WORKDIR /app
|
|
65
|
+
COPY go.* ./
|
|
66
|
+
RUN go mod download
|
|
67
|
+
COPY . .
|
|
68
|
+
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o myapp .
|
|
69
|
+
|
|
70
|
+
FROM alpine:latest
|
|
71
|
+
RUN apk add --no-cache ca-certificates tzdata && \
|
|
72
|
+
addgroup -S appgroup && adduser -S appuser -G appgroup
|
|
73
|
+
COPY --from=builder /app/myapp /myapp
|
|
74
|
+
USER appuser
|
|
75
|
+
EXPOSE 8080
|
|
76
|
+
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:8080/health || exit 1
|
|
77
|
+
CMD ["/myapp"]
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
### Static Frontend
|
|
81
|
+
|
|
82
|
+
```dockerfile
|
|
83
|
+
FROM nginx:alpine
|
|
84
|
+
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
|
85
|
+
COPY dist/ /usr/share/nginx/html
|
|
86
|
+
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
|
87
|
+
RUN chown -R appuser:appgroup /usr/share/nginx/html
|
|
88
|
+
USER appuser
|
|
89
|
+
EXPOSE 80
|
|
90
|
+
HEALTHCHECK --interval=30s --timeout=3s CMD wget -qO- http://localhost:80/ || exit 1
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
## Docker Compose
|
|
94
|
+
|
|
95
|
+
```yaml
|
|
96
|
+
services:
|
|
97
|
+
app:
|
|
98
|
+
build: .
|
|
99
|
+
ports: ["3000:3000"]
|
|
100
|
+
environment:
|
|
101
|
+
- DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
|
102
|
+
depends_on:
|
|
103
|
+
db:
|
|
104
|
+
condition: service_healthy
|
|
105
|
+
restart: unless-stopped
|
|
106
|
+
db:
|
|
107
|
+
image: postgres:16
|
|
108
|
+
environment:
|
|
109
|
+
POSTGRES_USER: ${POSTGRES_USER}
|
|
110
|
+
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
111
|
+
POSTGRES_DB: ${POSTGRES_DB}
|
|
112
|
+
volumes: ["pgdata:/var/lib/postgresql/data"]
|
|
113
|
+
healthcheck:
|
|
114
|
+
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
|
|
115
|
+
interval: 10s
|
|
116
|
+
timeout: 5s
|
|
117
|
+
retries: 5
|
|
118
|
+
restart: unless-stopped
|
|
119
|
+
volumes:
|
|
120
|
+
pgdata:
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
> **Security**: Never hardcode passwords in docker-compose.yml. Use `.env` file (add to `.gitignore`) or Docker secrets.
|
|
124
|
+
|
|
125
|
+
> **Best practice**: Commit a `.env.example` file (without real values) to version control so other developers know which environment variables are required. The actual `.env` file must remain in `.gitignore`.
|
|
126
|
+
>
|
|
127
|
+
> ```text
|
|
128
|
+
> # .env.example (commit this — no real values)
|
|
129
|
+
> POSTGRES_USER=your_user
|
|
130
|
+
> POSTGRES_PASSWORD=
|
|
131
|
+
> POSTGRES_DB=your_db
|
|
132
|
+
> ```
|
|
133
|
+
|
|
134
|
+
## .dockerignore (Required)
|
|
135
|
+
|
|
136
|
+
```text
|
|
137
|
+
# .dockerignore — must be in the same directory as Dockerfile
|
|
138
|
+
node_modules
|
|
139
|
+
.git
|
|
140
|
+
.gitignore
|
|
141
|
+
.env
|
|
142
|
+
.env.*
|
|
143
|
+
*.md
|
|
144
|
+
.dockerignore
|
|
145
|
+
Dockerfile
|
|
146
|
+
docker-compose*.yml
|
|
147
|
+
.vscode
|
|
148
|
+
.idea
|
|
149
|
+
coverage
|
|
150
|
+
test
|
|
151
|
+
tests
|
|
152
|
+
*.log
|
|
153
|
+
dist
|
|
154
|
+
build
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
## Image Security Scanning
|
|
158
|
+
|
|
159
|
+
```bash
|
|
160
|
+
# Scan for vulnerabilities before pushing
|
|
161
|
+
docker scout cves myapp:latest # Docker Scout (built-in)
|
|
162
|
+
trivy image myapp:latest # Trivy (open-source)
|
|
163
|
+
grype myapp:latest # Anchore Grype
|
|
164
|
+
|
|
165
|
+
# Scan in CI
|
|
166
|
+
docker scout cves --only-severity critical,high myapp:latest
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
## Best Practices
|
|
170
|
+
|
|
171
|
+
| Practice | Description |
|
|
172
|
+
|----------|-------------|
|
|
173
|
+
| Multi-stage build | Reduce image size by separating build and runtime |
|
|
174
|
+
| Alpine base image | Smaller images (5MB vs 100MB+ for Debian) |
|
|
175
|
+
| .dockerignore | Exclude node_modules, .git, .env, tests |
|
|
176
|
+
| Non-root user | Run as non-root in production (`USER appuser`) |
|
|
177
|
+
| Health check | `HEALTHCHECK` instruction for container orchestration |
|
|
178
|
+
| Pinned versions | Avoid `latest` tag; use specific versions (`node:22.3.1-alpine`) |
|
|
179
|
+
| No secrets in image | Use env vars, Docker secrets, or mounted volumes |
|
|
180
|
+
| Image scanning | Scan for CVEs before pushing (`docker scout cves`) |
|
|
181
|
+
| Read-only filesystem | `--read-only` flag prevents runtime file modifications |
|
|
182
|
+
| No `ADD` when `COPY` suffices | `ADD` can fetch URLs and extract archives (security risk) |
|
|
183
|
+
|
|
184
|
+
## Common Pitfalls
|
|
185
|
+
|
|
186
|
+
| Issue | Fix |
|
|
187
|
+
|-------|-----|
|
|
188
|
+
| Large image | Multi-stage build + Alpine |
|
|
189
|
+
| Slow build | Leverage Docker layer caching |
|
|
190
|
+
| Permission issues | Use non-root user |
|
|
191
|
+
| Timezone | Set `TZ` environment variable |
|