docker-workflows
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDocker Workflows Skill
Docker工作流技能
When to Activate
激活场景
Activate this skill when:
- Creating Dockerfiles for applications
- Setting up docker-compose environments
- Containerizing Python/UV projects
- Configuring multi-stage builds
- Managing container secrets
以下场景可激活本技能:
- 为应用创建Dockerfile
- 搭建docker-compose环境
- 容器化Python/UV项目
- 配置多阶段构建
- 管理容器密钥
Quick Commands
快速命令
bash
undefinedbash
undefinedBuild image
Build image
docker build -t my-app:latest .
docker build -t my-app:latest .
Run container
Run container
docker run -d -p 8000:8000 --name my-app my-app:latest
docker run -d -p 8000:8000 --name my-app my-app:latest
View logs
View logs
docker logs -f my-app
docker logs -f my-app
Execute in container
Execute in container
docker exec -it my-app bash
docker exec -it my-app bash
Stop and remove
Stop and remove
docker stop my-app && docker rm my-app
docker stop my-app && docker rm my-app
Clean up
Clean up
docker system prune -a
undefineddocker system prune -a
undefinedBasic Dockerfile (Python/UV)
基础Dockerfile(Python/UV)
dockerfile
FROM python:3.11-slim
WORKDIR /appdockerfile
FROM python:3.11-slim
WORKDIR /appInstall UV
Install UV
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
Copy dependency files (layer caching)
Copy dependency files (layer caching)
COPY pyproject.toml uv.lock ./
COPY pyproject.toml uv.lock ./
Install dependencies
Install dependencies
RUN uv sync --frozen --no-dev
RUN uv sync --frozen --no-dev
Copy application
Copy application
COPY . .
EXPOSE 8000
CMD ["uv", "run", "python", "main.py"]
undefinedCOPY . .
EXPOSE 8000
CMD ["uv", "run", "python", "main.py"]
undefinedMulti-Stage Build (Production)
多阶段构建(生产环境)
dockerfile
undefineddockerfile
undefinedStage 1: Builder
Stage 1: Builder
FROM python:3.11-slim AS builder
WORKDIR /app
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-dev
COPY . .
FROM python:3.11-slim AS builder
WORKDIR /app
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-dev
COPY . .
Stage 2: Runtime
Stage 2: Runtime
FROM python:3.11-slim
WORKDIR /app
FROM python:3.11-slim
WORKDIR /app
Create non-root user
Create non-root user
RUN useradd -m -u 1000 appuser && chown appuser:appuser /app
RUN useradd -m -u 1000 appuser && chown appuser:appuser /app
Copy from builder
Copy from builder
COPY --from=builder /app/.venv /app/.venv
COPY --from=builder /app /app
USER appuser
ENV PATH="/app/.venv/bin:$PATH"
EXPOSE 8000
CMD ["python", "main.py"]
undefinedCOPY --from=builder /app/.venv /app/.venv
COPY --from=builder /app /app
USER appuser
ENV PATH="/app/.venv/bin:$PATH"
EXPOSE 8000
CMD ["python", "main.py"]
undefined.dockerignore
.dockerignore
__pycache__/
*.pyc
.git/
.env
.venv/
venv/
*.log
.DS_Store
.pytest_cache/
tests/
docs/
*.md__pycache__/
*.pyc
.git/
.env
.venv/
venv/
*.log
.DS_Store
.pytest_cache/
tests/
docs/
*.mdDocker Compose (App + Database)
Docker Compose(应用+数据库)
yaml
version: '3.8'
services:
app:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://user:password@db:5432/myapp
depends_on:
- db
volumes:
- ./app:/app # Development: live reload
db:
image: postgres:15-alpine
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=password
- POSTGRES_DB=myapp
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
volumes:
postgres_data:yaml
version: '3.8'
services:
app:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://user:password@db:5432/myapp
depends_on:
- db
volumes:
- ./app:/app # Development: live reload
db:
image: postgres:15-alpine
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=password
- POSTGRES_DB=myapp
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
volumes:
postgres_data:Compose Commands
Compose命令
bash
undefinedbash
undefinedStart all services
Start all services
docker-compose up -d
docker-compose up -d
View logs
View logs
docker-compose logs -f app
docker-compose logs -f app
Stop services
Stop services
docker-compose down
docker-compose down
Rebuild and restart
Rebuild and restart
docker-compose up -d --build
docker-compose up -d --build
Run command in service
Run command in service
docker-compose exec app bash
docker-compose exec app bash
Remove volumes (deletes data!)
Remove volumes (deletes data!)
docker-compose down -v
undefineddocker-compose down -v
undefinedLayer Caching Best Practice
分层缓存最佳实践
dockerfile
undefineddockerfile
undefinedGood: Dependencies cached separately
Good: Dependencies cached separately
COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-dev
COPY . .
COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-dev
COPY . .
Bad: Cache invalidated on every code change
Bad: Cache invalidated on every code change
COPY . .
RUN uv sync --frozen --no-dev
undefinedCOPY . .
RUN uv sync --frozen --no-dev
undefinedSecurity Essentials
安全要点
dockerfile
undefineddockerfile
undefinedUse official slim images
Use official slim images
FROM python:3.11-slim
FROM python:3.11-slim
Run as non-root
Run as non-root
RUN useradd -m -u 1000 appuser
USER appuser
RUN useradd -m -u 1000 appuser
USER appuser
Don't include secrets in images
Don't include secrets in images
Use runtime environment variables instead
Use runtime environment variables instead
undefinedundefinedRuntime Secrets
运行时密钥
bash
undefinedbash
undefinedPass via environment
Pass via environment
docker run -e API_KEY=secret my-app
docker run -e API_KEY=secret my-app
Use env file
Use env file
docker run --env-file .env.production my-app
docker run --env-file .env.production my-app
With compose
With compose
services:
app:
env_file:
- .env.production
undefinedservices:
app:
env_file:
- .env.production
undefinedVolume Types
卷类型
bash
undefinedbash
undefinedNamed volume (data persistence)
Named volume (data persistence)
docker run -v postgres_data:/var/lib/postgresql/data postgres
docker run -v postgres_data:/var/lib/postgresql/data postgres
Bind mount (development)
Bind mount (development)
docker run -v $(pwd)/app:/app my-app
undefineddocker run -v $(pwd)/app:/app my-app
undefinedDebugging
调试
bash
undefinedbash
undefinedInteractive shell
Interactive shell
docker exec -it container_name bash
docker exec -it container_name bash
Real-time logs
Real-time logs
docker logs -f --tail 100 container_name
docker logs -f --tail 100 container_name
Inspect configuration
Inspect configuration
docker inspect container_name
docker inspect container_name
Resource usage
Resource usage
docker stats container_name
docker stats container_name
Copy files
Copy files
docker cp container_name:/app/logs ./logs
undefineddocker cp container_name:/app/logs ./logs
undefinedCommon Issues
常见问题
Container exits immediately
容器立即退出
bash
docker logs container_name # Check for errors
docker run -it app:v1 bash # Debug interactivelybash
docker logs container_name # Check for errors
docker run -it app:v1 bash # Debug interactivelyCan't connect to container
无法连接到容器
bash
docker ps # Check port mapping
docker inspect container_name # Check network configbash
docker ps # Check port mapping
docker inspect container_name # Check network configOut of disk space
磁盘空间不足
bash
docker system df # Check usage
docker system prune -a # Clean everythingbash
docker system df # Check usage
docker system prune -a # Clean everythingRelated Resources
相关资源
See for complete documentation including:
AgentUsage/docker_guide.md- Advanced multi-stage patterns
- Docker Compose variations
- Production optimization
- CI/CD integration
查看获取完整文档,包括:
AgentUsage/docker_guide.md- 高级多阶段构建模式
- Docker Compose变体配置
- 生产环境优化
- CI/CD集成