# docker

Dockerfile authoring rules distilled from Docker's official best practices.

```bash
npx rulepack add docker
```

## What it covers

- Multi-stage builds — separate build env from a lean runtime image
- Minimal, pinned (version + digest) official base images
- Cache-friendly instruction ordering (least → most frequently changing)
- Layer hygiene: combine `RUN` commands, clean up in the same layer, sort args
- `apt-get` done right (update + install in one `RUN`, prune lists)
- `COPY` over `ADD`; exec-form `CMD`/`ENTRYPOINT`; absolute `WORKDIR`
- Security: run as non-root `USER`, never bake secrets (`RUN --mount=type=secret`)
- `.dockerignore`, one concern per container, ephemeral/stateless design

## Source

Distilled from Docker's official documentation:
<https://docs.docker.com/build/building/best-practices/>

## License

MIT