---

# 🛠️ 4. Dockerfile & Image Building (Ultra-Short)

## A) Minimal Dockerfile

```dockerfile
FROM python:3.10-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python","app.py"]
```

Build:

```bash
docker build -t myapp .
```

## B) Core Instructions (what they do)

* `FROM` → base image
* `WORKDIR` → set/create working dir
* `COPY src dest` → copy files to image
* `RUN` → run at **build time** (creates a layer)
* `CMD ["..."]` → default **container** command (overridable)
* `ENTRYPOINT ["..."]` → fixed entry; use with `CMD` for args
* `ENV K=V` → set env vars
* `EXPOSE 8080` → document port (no publish)

## C) Multi-Stage (smaller images)

```dockerfile
FROM node:18 AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=build /app/dist /usr/share/nginx/html
```

## D) Best Practices (only the essentials)

* Use **slim/alpine** bases; **pin versions**
* Add **`.dockerignore`**
* **Order for cache**: deps → install → app files
  (`COPY requirements.txt` → `RUN pip install` → `COPY . .`)
* Prefer **`COPY`** over `ADD` (unless URL/tar needed)
* Use **exec form** `CMD ["prog","arg"]`
* Run as **non-root**:

```dockerfile
RUN useradd -m app && chown -R app:app /app
USER app
```

## E) Handy Build Flags

```bash
docker build -t myapp:1.0 .
docker build --no-cache -t myapp:clean .
docker build --target build -t myapp:build-only .   # stop at a stage
# cross-platform (buildx/Desktop):
docker buildx build --platform linux/amd64 -t myapp:amd64 .
```

## F) Tiny `.dockerignore`

```
.git
__pycache__/
node_modules/
*.log
.env
```
