production-dockerfile
Generate production-ready Dockerfiles with multi-stage builds, security best practices, and optimization. Use when containerizing Python applications for production deployment.
Best use case
production-dockerfile is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Generate production-ready Dockerfiles with multi-stage builds, security best practices, and optimization. Use when containerizing Python applications for production deployment.
Teams using production-dockerfile should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/production-dockerfile/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How production-dockerfile Compares
| Feature / Agent | production-dockerfile | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Generate production-ready Dockerfiles with multi-stage builds, security best practices, and optimization. Use when containerizing Python applications for production deployment.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Production Dockerfile Skill
## Persona
Think like a DevOps engineer who optimizes container images for production Kubernetes deployments. You balance image size, build speed, security, and operational simplicity. You've containerized hundreds of Python services and know the common pitfalls.
## Analysis Questions
Before generating a Dockerfile, analyze the project by asking:
1. **Deployment Target**: Kubernetes cluster, Docker Compose, bare Docker, or serverless container (Cloud Run, Fargate)?
2. **Base Image Strategy**: What constraints apply?
- Security requirements (must use approved base images?)
- Size requirements (bandwidth-constrained environment?)
- Compatibility requirements (native extensions that need glibc?)
3. **Large Files**: Are there model files (>100MB) or data that should be volume-mounted rather than baked into the image?
4. **Security Requirements**:
- Must run as non-root user?
- Read-only filesystem required?
- Specific UID/GID requirements?
5. **Health Monitoring**: What endpoints indicate service health?
- Simple HTTP ping (/health)?
- Database connectivity check?
- Downstream service availability?
6. **Build Context**: What files should be excluded?
- .git directory?
- Test files?
- Local environment files (.env)?
## Principles
Apply these non-negotiable principles to every Dockerfile:
### P1: Multi-Stage Always
Separate build dependencies from runtime. Build stage installs compilers, dev packages. Runtime stage contains only what's needed to run.
**Why**: Reduces image size from 500MB+ to under 200MB. Removes attack surface from build tools.
### P2: UV for Speed
Use UV package manager instead of pip. UV is 10-100x faster for dependency installation.
```dockerfile
RUN pip install uv
RUN uv pip install --system --no-cache -r requirements.txt
```
**Why**: Faster CI/CD builds. No cache pollution.
### P3: Alpine Default
Start with Alpine Linux base images. Fall back to slim only if native extensions fail.
```dockerfile
FROM python:3.12-alpine # First choice
FROM python:3.12-slim # Fallback if alpine breaks
```
**Why**: Alpine images are 5-10x smaller. Most Python services work fine on Alpine.
### P4: Health Checks Mandatory
Every production container needs a HEALTHCHECK instruction.
```dockerfile
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8000/health || exit 1
```
**Why**: Kubernetes/Docker orchestrators need health signals for rolling deployments.
### P5: Non-Root Default
Create and switch to a non-root user for runtime.
```dockerfile
RUN adduser -D -u 1000 appuser
USER appuser
```
**Why**: Container escape vulnerabilities are less severe without root.
### P6: Environment Configuration
All configuration via environment variables. Never hardcode URLs, credentials, or environment-specific values.
```dockerfile
ENV PYTHONUNBUFFERED=1
# Database URL provided at runtime: -e DATABASE_URL=...
```
**Why**: Same image works in dev, staging, production.
### P7: No Secrets in Image
Never COPY .env files or credentials into the image. Use runtime environment variables or secret mounting.
**Why**: Images are often pushed to registries. Secrets in images = secrets exposed.
## Output Format
Generate Dockerfiles with this structure:
```dockerfile
# =============================================================================
# Stage 1: Build
# =============================================================================
FROM python:3.12-alpine AS builder
WORKDIR /app
# Install build dependencies
RUN apk add --no-cache gcc musl-dev # Only if needed for native extensions
RUN pip install uv
# Install Python dependencies
COPY requirements.txt .
RUN uv pip install --system --no-cache -r requirements.txt
# =============================================================================
# Stage 2: Runtime
# =============================================================================
FROM python:3.12-alpine
# Create non-root user
RUN adduser -D -u 1000 appuser
WORKDIR /app
# Copy dependencies from builder
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin
# Copy application code
COPY --chown=appuser:appuser . .
# Environment configuration
ENV PYTHONUNBUFFERED=1
# Switch to non-root user
USER appuser
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8000/health || exit 1
# Expose port
EXPOSE 8000
# Start command
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
```
## Invocation Examples
**When to use this skill**:
- "Containerize this Python application"
- "Create a Dockerfile for my FastAPI service"
- "Help me optimize my Docker image"
- "Make my container production-ready"
**Example prompt**:
```
Use the production-dockerfile skill to containerize my FastAPI service.
It connects to PostgreSQL and needs to run in Kubernetes.
Here's my requirements.txt: [paste]
```Related Skills
dockerfile-optimization
Optimize Dockerfiles for smaller images, faster builds, better caching, and security. Use this skill when writing, reviewing, or debugging Dockerfiles.
deploy-production
Deploy to production environments with safety checks. Use when releasing code to production. Not for staging deploys or local builds unless specifically requested.
cloudflare-d1-migrations-and-production-seeding
Use this skill whenever the user wants to design, run, or refine Cloudflare D1 schema management, migrations, and data seeding for dev/staging/production environments, especially in conjunction with Hono/Workers apps.
production-code-audit
Autonomously deep-scan entire codebase line-by-line, understand architecture and patterns, then systematically transform it to production-grade, corporate-level professional quality with optimizations
nextjs-production-debugger
Advanced debugging guide for Next.js App Router production issues including SSR/CSR bugs, hydration errors, runtime mismatches, performance, and caching.
new-saas-production
Production-ready SaaS boilerplate generator. Creates complete project with public landing pages, client dashboard, admin panel, T-Bank payment integration, and v12-style design system. FastAPI + Jinja2 + PostgreSQL stack.
chatgpt-apps-production-checklist
Turn ChatGPT Apps implementation work into a production-ready checklist with concrete tasks, tests, widget changes, and tool-result patterns mapped by priority (P0/P1/P2). Use when designing or hardening Apps SDK products for shipping; do not use for generic web-only apps, static code review, or non-ChatGPT integration planning.
prototype-to-production
Convert design prototypes (HTML, CSS, Figma exports) into production-ready components. Analyzes prototype structure, extracts design tokens, identifies reusable patterns, and generates typed React components. Adapts to existing project tech stack with React + TypeScript as default.
ai-video-production-master
Expert in script-to-video production pipelines for Apple Silicon Macs. Specializes in hybrid local/cloud workflows, LoRA training for character consistency, motion graphics generation, and artist commissioning. Activate on 'AI video production', 'script to video', 'video generation pipeline', 'character consistency', 'LoRA training', 'cloud GPU', 'motion graphics', 'Wan I2V', 'InVideo alternative'. NOT for real-time video editing, video compositing (use DaVinci/Premiere), audio production, or 3D modeling (use Blender/Maya).
production-readiness-checklist
Comprehensive production readiness verification, code quality gates, deployment checks, and production standards compliance for platform-go
bgo
Automates the complete Blender build-go workflow, from building and packaging your extension/add-on to removing old versions, installing, enabling, and launching Blender for quick testing and iteration.
terraform-engineer
Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development, state management, provider configuration, multi-environment workflows, infrastructure testing.