detect-docker-antipatterns
Detects Docker antipatterns in PHP projects. Identifies layer ordering issues, cache invalidation, bloated images, and configuration smells.
Best use case
detect-docker-antipatterns is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Detects Docker antipatterns in PHP projects. Identifies layer ordering issues, cache invalidation, bloated images, and configuration smells.
Teams using detect-docker-antipatterns should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/detect-docker-antipatterns/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How detect-docker-antipatterns Compares
| Feature / Agent | detect-docker-antipatterns | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Detects Docker antipatterns in PHP projects. Identifies layer ordering issues, cache invalidation, bloated images, and configuration smells.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Docker Antipattern Detection
Analyze Dockerfiles for antipatterns causing bloated images, poor caching, and unreliable builds.
## Antipattern Catalog
### 1. COPY Before Dependency Install
```dockerfile
# BAD: Cache busted on every code change
COPY . /var/www/html
RUN composer install --no-dev
# GOOD: Dependencies first, source second
COPY composer.json composer.lock /var/www/html/
RUN composer install --no-dev --no-scripts --no-autoloader
COPY . /var/www/html
RUN composer dump-autoload --optimize
```
### 2. apt-get update in Separate Layer
```dockerfile
# BAD: Stale package index
RUN apt-get update
RUN apt-get install -y libpng-dev
# GOOD: Combined in same layer
RUN apt-get update && apt-get install -y --no-install-recommends \
libpng-dev && rm -rf /var/lib/apt/lists/*
```
### 3. Using latest Tag
```dockerfile
# BAD: Non-deterministic builds
FROM php:latest
# GOOD: Pinned version
FROM php:8.4.3-fpm-bookworm
```
### 4. apt-get Without Cleanup
```dockerfile
# BAD: Package cache bloats image
RUN apt-get update && apt-get install -y libzip-dev
# GOOD: Cleanup in same layer
RUN apt-get update && apt-get install -y --no-install-recommends \
libzip-dev && rm -rf /var/lib/apt/lists/*
```
### 5. Multiple FROM Without Multi-Stage Purpose
```dockerfile
# BAD: Build artifacts never copied
FROM node:20
RUN npm ci && npm run build
FROM php:8.4-fpm
COPY . /var/www/html
# GOOD: Artifact copy from named stage
FROM node:20 AS frontend
RUN npm ci && npm run build
FROM php:8.4-fpm
COPY --from=frontend /app/dist /var/www/html/public
```
### 6. Unrelated Commands in Single RUN
```dockerfile
# BAD: Mixed concerns, poor cache utilization
RUN apt-get update && pecl install redis && composer install
# GOOD: Logically grouped
RUN apt-get update && apt-get install -y --no-install-recommends \
libzip-dev && rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-install zip opcache
RUN pecl install redis && docker-php-ext-enable redis
```
### 7. No .dockerignore
```
# Required .dockerignore to exclude:
.git
.env
vendor
node_modules
tests
docs
docker-compose*.yml
```
### 8. Installing Editors in Production
```dockerfile
# BAD: Dev tools in production
RUN apt-get install -y vim nano htop strace
# GOOD: Only runtime dependencies
RUN apt-get install -y --no-install-recommends libzip-dev
```
### 9. ADD Instead of COPY
```dockerfile
# BAD: ADD has implicit tar extraction and URL fetching
ADD app.tar.gz /var/www/html/
# GOOD: Explicit COPY for local files
COPY . /var/www/html/
```
### 10. CMD with Shell Form
```dockerfile
# BAD: Shell form (no signal forwarding)
CMD php-fpm -F
# GOOD: Exec form (PID 1 receives signals)
CMD ["php-fpm", "-F"]
```
### 11. ENTRYPOINT Not Handling Signals
```dockerfile
# GOOD: Entrypoint with exec for signal forwarding
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["php-fpm"]
```
## Grep Patterns
```bash
Grep: "^COPY \\." --glob "**/Dockerfile*"
Grep: "^RUN apt-get update$" --glob "**/Dockerfile*"
Grep: "^FROM.*:latest" --glob "**/Dockerfile*"
Grep: "apt-get install" --glob "**/Dockerfile*"
Grep: "^ADD " --glob "**/Dockerfile*"
Grep: "^(CMD|ENTRYPOINT) [^\\[]" --glob "**/Dockerfile*"
Grep: "install.*-y.*(vim|nano|htop|strace)" --glob "**/Dockerfile*"
Glob: "**/.dockerignore"
```
## Severity Classification
| Antipattern | Severity | Impact |
|-------------|----------|--------|
| COPY before deps install | Critical | Cache invalidation every build |
| Using latest tag | Critical | Non-reproducible builds |
| Installing editors | Major | Image bloat, attack surface |
| apt-get without cleanup | Major | +50-200MB image size |
| Shell form CMD | Major | No signal forwarding |
| ADD instead of COPY | Major | Unexpected behavior |
| Separate apt-get update | Major | Stale packages |
| No .dockerignore | Major | Large build context |
| Unrelated RUN commands | Minor | Poor cache utilization |
| Multiple FROM unused | Minor | Confusion, dead stages |
| No signal handling | Minor | Ungraceful shutdown |
## Output Format
```markdown
### Docker Antipattern: [Name]
**Severity:** Critical/Major/Minor
**File:** `Dockerfile:line`
**Category:** Cache / Size / Security / Reliability
**Issue:** [Description and why it is problematic]
**Fix:** [Corrected instruction snippet]
**Impact:** Build time / Image size / Reliability changes
```Related Skills
optimize-docker-startup
Optimizes Docker container startup time for PHP applications. Reduces initialization overhead through preloading, caching, and entrypoint optimization.
optimize-docker-php-fpm
Optimizes PHP-FPM configuration in Docker containers. Tunes process manager, request handling, and resource allocation for production workloads.
optimize-docker-opcache
Optimizes OPcache configuration for PHP Docker containers. Configures memory, file limits, JIT, and validation for production and development.
optimize-docker-layers
Analyzes and optimizes Docker layer caching for PHP projects. Identifies layer ordering issues, cache invalidation problems, and provides recommendations for faster builds.
optimize-docker-image-size
Optimizes Docker image size for PHP projects. Reduces image footprint through Alpine, multi-stage builds, layer cleanup, and dependency minimization.
optimize-docker-compose-resources
Optimizes Docker Compose resource allocation for PHP stacks. Configures memory limits, CPU constraints, and service scaling.
optimize-docker-build-time
Optimizes Docker build time for PHP projects. Analyzes layer caching, BuildKit features, parallel builds, and dependency installation.
docker-troubleshooting-knowledge
Docker troubleshooting knowledge base. Provides debugging patterns, common error solutions, and diagnostic commands for PHP containers.
docker-security-knowledge
Docker security knowledge base for PHP. Provides hardening patterns, vulnerability scanning, secrets management, and OWASP container guidelines.
docker-scanning-knowledge
Docker image scanning knowledge base. Provides vulnerability detection, compliance checking, and SBOM generation for PHP container images.
docker-production-knowledge
Docker production knowledge base for PHP. Provides deployment patterns, health checks, graceful shutdown, logging, and monitoring.
docker-php-extensions-knowledge
Docker PHP extensions knowledge base. Provides installation patterns for common extensions, build dependency management, and PECL usage.