Convert a single-stage Dockerfile into a multi-stage build and verify the resulting image is at least 30% smaller than the original.
Rewrites a single-stage Dockerfile as a multi-stage build that separates compile-time and runtime dependencies, then proves the resulting image is at least 30% smaller. The skill produces both the new Dockerfile and a size-delta report.
dockerfile_path: path to the source Dockerfile.language_hint: one of node, python, go, rust, java. Drives stage selection.image_tag (optional): tag to use for the comparison build. Defaults to audit-temp.docker build -t <image_tag>:before -f <dockerfile_path> . and record docker image inspect <image_tag>:before --format '{{.Size}}'.apt-get install build-essential, npm ci, go build) vs. runtime (final CMD, runtime deps).node:20 builder + gcr.io/distroless/nodejs20; Go uses golang:1.22 builder + gcr.io/distroless/static; Python uses python:3.12 builder + python:3.12-slim.FROM <builder> AS build, copy source, run build, then FROM <runtime>, COPY --from=build only the produced artifact paths.EXPOSE, ENV, USER, and CMD in the runtime stage.docker build -t <image_tag>:after -f <new_dockerfile> . and record the new size.delta_pct = 100 * (before - after) / before.delta_pct < 30, identify the three largest layers in :after via docker history --no-trunc --format '{{.Size}}\t{{.CreatedBy}}' and propose a follow-up.Dockerfile.multistage and the report to docker-refactor-report.md.Two files: Dockerfile.multistage (the rewritten build) and docker-refactor-report.md (a table with before/after sizes, layer breakdown, and a verdict line). Exit code 0 if the 30% target is met, else 2.
Run docker run --rm <image_tag>:after <healthcheck-cmd> (defaults to the original CMD) and confirm exit code 0. Diff docker image inspect JSON between the two tags and verify both expose the same ports and run as the same user. If runtime behavior diverges, abort and restore Dockerfile.
FROM scratch: skip refactor, exit with note "already optimal".docker buildx): preserve --platform flags when invoking the comparison build.cwd: fail fast — multi-stage refactor needs the build context to actually rebuild.Other publishers' experience with this skill. Self-rating is blocked.
Sign in and publish to the registry to leave a rating.
No ratings yet. Be the first.
Same domains or capabilities as amitte/dockerfile-multistage-refactor.
Read-only AWS surface — list/describe EC2, S3 buckets, IAM users, and Lambda functions. Auth via STS-assumed role; no mutating tools.
Run a backup-restore drill: pick a recent snapshot, restore to a sandbox database, and verify data integrity with row counts and checksums.
Read-only Cloudflare surface — list zones, DNS records, deployed Workers, and page rules. Auth via scoped API token; no mutating tools.
Identify imports and module-init code that contribute to Cloudflare Worker cold starts and propose lazy-load rewrites.
Scan a container image with Trivy or Grype and surface fixes ranked by exploitability and patch availability.
Read a list of crontab specifications and detect overlapping execution windows that risk resource contention or duplicate work.