generated from MrSphay/codex-agent-repository-kit
37 lines
644 B
Markdown
37 lines
644 B
Markdown
# Docker Profile
|
|
|
|
Use when the repository has `Dockerfile`, `compose.yml`, or deployment container artifacts.
|
|
|
|
## Checks
|
|
|
|
Look for:
|
|
|
|
- secrets copied into images,
|
|
- `.env` files committed,
|
|
- broad build contexts,
|
|
- unpinned base images,
|
|
- root-only runtime when avoidable,
|
|
- exposed ports documented in README.
|
|
|
|
## Commands
|
|
|
|
Common placeholders:
|
|
|
|
```text
|
|
BUILD_COMMAND = docker build -t PROJECT_NAME .
|
|
TEST_COMMAND = docker compose config
|
|
AUDIT_COMMAND = docker scout cves PROJECT_NAME
|
|
```
|
|
|
|
Use only commands that are available in the target environment.
|
|
|
|
## Ignore Additions
|
|
|
|
```text
|
|
.env
|
|
.env.*
|
|
!.env.example
|
|
docker-compose.override.yml
|
|
```
|
|
|