Skip to content


Based on the Docker guidelines


  1. A .dockerignore file SHOULD be used - This will ensure the amount of data sent to the docker daemon will be minimal.
  2. Each container SHOULD have a single concern.


  1. Multi-line arguments SHOULD be sorted.
  2. The number of layers SHOULD be kept to a minimum.
  3. A single RUN command can contain many commands:

    1. Use \ and && for multiple commands, with && on the new line:

      RUN cmd \
          && cmd2
    2. When adding build time packages, remove them in the same RUN command:

      RUN apk add --virtual .deps \
              gcc make \
          && make \
          && ./configure \
          && apl del .deps \
          && rm -rf /path/to/installer
    3. You SHOULD use set -xe to print commands and stop on any errors as the first command

      RUN set -xe \
          && do stuff \
          && tidy
  4. Multiple line LABELs should use line-continuation characters to break lines

    LABEL maintainer="" \
  5. The MAINTAINER command SHOULD NOT be used (use LABEL maintainer instead).

  6. The LICENSE command SHOULD NOT be used (use LABEL license instead).
  7. Label Schema labels SHOULD be used.

    1. If using, a org.label-schema.schema-version label MUST be defined.
    2. The vendor, name, description and vcs-url labels SHOULD be defined.

      LABEL org.label-schema.schema-version="1.0" \
          org.label-schema.vendor="graze" \
"project-name" \
          org.label-schema.description="project description" \
    3. The vcs-ref and build-date labels SHOULD be generated. Example:

      LABEL org.label-schema.vcs-ref=$VCS_REF \

      This can then be injected into the image using the --build-arg argument

      ~$ docker build --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
          --build-arg VCS_REF=$(git rev-parse --short HEAD) \
          -t graze/project-name .
  8. COPY SHOULD be used instead of ADD for simple files.

  9. CMD SHOULD be used with the array syntax: ["executable", "param1", "param2", ...].
  10. All ports SHOULD be included with EXPOSE commands.
  11. Any volumes that are mutable or user-servicable SHOULD use a VOLUME command.