Complete dockerfile toolkit with generation and validation capabilities
74
92%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
A backend team maintains a Node.js Express API (order-service) that is deployed via Docker. During a recent sprint retrospective, engineers complained that Docker builds take 3-4 minutes on every small code change — even when no dependencies have changed. The tech lead suspects the build cache is not being used effectively, since each rebuild reinstalls all npm packages from scratch.
The team needs the Dockerfile restructured so that npm ci (the dependency install step) is only re-executed when package.json or package-lock.json actually changes. Code-only changes should reuse the cached dependency layer and complete in under 30 seconds.
Produce a new Dockerfile for the order-service Node.js application. The application listens on port 3000, the start command is node src/index.js, and Node.js 20 should be used.
Also produce an appropriate .dockerignore for a Node.js project.
Both files should be placed in the current directory.
COPY of package.json and/or package-lock.json must appear BEFORE the npm ci (or install) RUN instructionCOPY . . (or broad source code copy) must appear AFTER the npm install instruction:latestUSER instruction before CMD/ENTRYPOINTCOPY (not ADD) for all file copy operationsnode_modules/ in .dockerignore.env and/or .env.* in .dockerignore to prevent secret leaksWORKDIR to an absolute pathCMDpackage.json/package-lock.json are not copied before npm ci runs (cache busting on every code change)COPY . .) is copied before npm install runsFROM uses :latest or no tagUSER instruction is absent or placed after CMDADD is used instead of COPY for file copying.dockerignore is missing node_modules/ entry.dockerignore is missing .env or .env.* entriesWORKDIR is relative or absentCMD uses shell string form instead of JSON array syntax