# Docker
# Dockerfile guidelines
- Always specify major and minor versions for
FROM
. Example,FROM php:8.2-fpm-alpine3.15
. - Use COPY --link (opens new window) to use Docker's cache.
- Use --target (opens new window) to extend Dockerfile for development. For example, to add xdebug.
- If you have to inject any secret to the image, use (RUN --mount=type=secret)[https://render.com/docs/docker-secrets]. Example:
RUN --mount=type=secret,id=auth.json,dst=$COMPOSER_HOME/auth.json,required composer install --no-dev --no-scripts --no-autoloader --no-progress --no-interaction
- Use --mount=type=cache (opens new window) when installs dependencies. Example:
RUN \
--mount=type=cache,target=/var/cache/apt \
apt-get update && apt-get install -y git
- (CI) Build images for ARM and x64 CPU architectures.
# Helpful tools
- Dive (opens new window) - A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
- docker-php-extension-installer (opens new window) - a script that can be used to easily install a PHP extension inside the official PHP Docker images.
- hadolint (opens new window) - A smarter Dockerfile linter that helps you build best practice Docker images.
- dockle (opens new window) - Dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image
- Lazydocker (opens new window) - A simple terminal UI for both docker and docker-compose.
- Trivy (opens new window) - Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
See more security recommendations.