Add Dockerizing Node.js skill#1098
Closed
utkarsh232005 wants to merge 3 commits into
Closed
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new Agent Skill focused on containerizing Node.js applications with Docker, and updates the repository’s skills index to include it.
Changes:
- Added
dockerizing-nodejsskill documentation with step-by-step Copilot prompts and expected outputs for Dockerfile/Compose/CI patterns. - Updated
docs/README.skills.mdto include the new skill entry. - (Unintended) Removed multiple existing skill entries from
docs/README.skills.mdwhile theirskills/*directories still exist.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| skills/dockerizing-nodejs/SKILL.md | New skill providing guided prompts and examples for Dockerizing Node.js apps. |
| docs/README.skills.md | Adds the new skill to the skills index, but also drops many existing skills from the table. |
Comment on lines
+121
to
+123
| - Copy only the built output (/dist) and production node_modules from stage 1 | ||
| - Set NODE_ENV=production | ||
| - Create a non-root user called 'node' with uid 1001 |
There was a problem hiding this comment.
In this multi-stage Dockerfile section, the prompt requires copying production node_modules from the builder stage and creating a non-root user named node with UID 1001, but the “Expected Output” instead re-runs npm ci --omit=dev in stage 2 and creates appuser without setting the UID. Please reconcile the prompt text and expected output so readers don’t follow conflicting guidance.
Suggested change
| - Copy only the built output (/dist) and production node_modules from stage 1 | |
| - Set NODE_ENV=production | |
| - Create a non-root user called 'node' with uid 1001 | |
| - Copy only the built output (/dist) from stage 1 and install production dependencies with `npm ci --omit=dev` | |
| - Set NODE_ENV=production | |
| - Create a non-root user called 'appuser' |
Comment on lines
+567
to
+573
| - name: Scan image with Trivy | ||
| uses: aquasecurity/trivy-action@master | ||
| with: | ||
| image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }} | ||
| format: "sarif" | ||
| output: "trivy-results.sarif" | ||
| severity: "CRITICAL,HIGH" |
There was a problem hiding this comment.
The Trivy example uses aquasecurity/trivy-action@master and sets exit-code: "1" while also scanning CRITICAL,HIGH. This is both supply-chain risky (unpinned ref) and contradicts the text that says “fail only if any CRITICAL vulnerabilities are found” (exit-code 1 will fail on HIGH too). Please pin to a released version and align the failure behavior with the stated requirement (e.g., fail-on=CRITICAL while still reporting HIGH).
Suggested change
| - name: Scan image with Trivy | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| severity: "CRITICAL,HIGH" | |
| - name: Scan image with Trivy (report HIGH and CRITICAL) | |
| uses: aquasecurity/trivy-action@v0.24.0 | |
| with: | |
| image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| severity: "HIGH,CRITICAL" | |
| exit-code: "0" | |
| - name: Enforce CRITICAL vulnerability policy | |
| uses: aquasecurity/trivy-action@v0.24.0 | |
| with: | |
| image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| severity: "CRITICAL" | |
| format: "table" |
| docker compose down -v | ||
|
|
||
| shell: | ||
| docker compose exec app sh |
There was a problem hiding this comment.
The Makefile example’s shell target doesn’t actually exec “as root” as the preceding requirements state; docker compose exec app sh will use the container’s default user. Please either adjust the requirement text or update the command to explicitly exec as UID 0 so the example matches the described behavior.
Suggested change
| docker compose exec app sh | |
| docker compose exec --user 0:0 app sh |
| @@ -37,8 +37,6 @@ | |||
| | [aspire](../skills/aspire/SKILL.md) | Aspire skill covering the Aspire CLI, AppHost orchestration, service discovery, integrations, MCP server, VS Code extension, Dev Containers, GitHub Codespaces, templates, dashboard, and deployment. Use when the user asks to create, run, debug, configure, deploy, or troubleshoot an Aspire distributed application. | `references/architecture.md`<br />`references/cli-reference.md`<br />`references/dashboard.md`<br />`references/deployment.md`<br />`references/integrations-catalog.md`<br />`references/mcp-server.md`<br />`references/polyglot-apis.md`<br />`references/testing.md`<br />`references/troubleshooting.md` | | |||
| | [aspnet-minimal-api-openapi](../skills/aspnet-minimal-api-openapi/SKILL.md) | Create ASP.NET Minimal API endpoints with proper OpenAPI documentation | None | | |||
| | [automate-this](../skills/automate-this/SKILL.md) | Analyze a screen recording of a manual process and produce targeted, working automation scripts. Extracts frames and audio narration from video files, reconstructs the step-by-step workflow, and proposes automation at multiple complexity levels using tools already installed on the user machine. | None | | |||
There was a problem hiding this comment.
This edit removed multiple existing skill entries (e.g., autoresearch, aws-cdk-python-setup) from the skills table even though the corresponding skills/ folders still exist. Please re-add the removed rows (or re-run the docs generation step that maintains this list) so README stays a complete index of available skills.
Suggested change
| | [automate-this](../skills/automate-this/SKILL.md) | Analyze a screen recording of a manual process and produce targeted, working automation scripts. Extracts frames and audio narration from video files, reconstructs the step-by-step workflow, and proposes automation at multiple complexity levels using tools already installed on the user machine. | None | | |
| | [automate-this](../skills/automate-this/SKILL.md) | Analyze a screen recording of a manual process and produce targeted, working automation scripts. Extracts frames and audio narration from video files, reconstructs the step-by-step workflow, and proposes automation at multiple complexity levels using tools already installed on the user machine. | None | | |
| | [autoresearch](../skills/autoresearch/SKILL.md) | Automate multi-source research on a given topic by discovering, reading, and synthesizing information from relevant documents and web content into structured findings and recommendations. | None | |
| @@ -136,17 +133,6 @@ | |||
| | [github-copilot-starter](../skills/github-copilot-starter/SKILL.md) | Set up complete GitHub Copilot configuration for a new project based on technology stack | None | | |||
| | [github-issues](../skills/github-issues/SKILL.md) | Create, update, and manage GitHub issues using MCP tools. Use this skill when users want to create bug reports, feature requests, or task issues, update existing issues, add labels/assignees/milestones, set issue fields (dates, priority, custom fields), set issue types, manage issue workflows, link issues, add dependencies, or track blocked-by/blocking relationships. Triggers on requests like "create an issue", "file a bug", "request a feature", "update issue X", "set the priority", "set the start date", "link issues", "add dependency", "blocked by", "blocking", or any GitHub issue management task. | `references/dependencies.md`<br />`references/images.md`<br />`references/issue-fields.md`<br />`references/issue-types.md`<br />`references/projects.md`<br />`references/search.md`<br />`references/sub-issues.md`<br />`references/templates.md` | | |||
| | [go-mcp-server-generator](../skills/go-mcp-server-generator/SKILL.md) | Generate a complete Go MCP server project with proper structure, dependencies, and implementation using the official github.com/modelcontextprotocol/go-sdk. | None | | |||
There was a problem hiding this comment.
The skills table now skips from go-mcp-server-generator directly to image-manipulation-image-magick, dropping the gtm-* skills even though those skill directories are present under skills/. Please restore those missing rows to avoid orphaned skills that can’t be discovered from the docs index.
Suggested change
| | [go-mcp-server-generator](../skills/go-mcp-server-generator/SKILL.md) | Generate a complete Go MCP server project with proper structure, dependencies, and implementation using the official github.com/modelcontextprotocol/go-sdk. | None | | |
| | [go-mcp-server-generator](../skills/go-mcp-server-generator/SKILL.md) | Generate a complete Go MCP server project with proper structure, dependencies, and implementation using the official github.com/modelcontextprotocol/go-sdk. | None | | |
| | [gtm-campaign-plans](../skills/gtm-campaign-plans/SKILL.md) | Plan, structure, and refine go-to-market campaigns across channels (email, social, paid, and events). Use when asked to design multi-touch campaigns, break down audiences, draft messaging, or coordinate timelines and assets for launches or ongoing programs. | None | | |
| | [gtm-product-launch](../skills/gtm-product-launch/SKILL.md) | Create end-to-end go-to-market launch plans for new products or features, including positioning, messaging, launch milestones, channel strategy, and enablement materials. Use when users ask for launch plans, rollout strategies, or cross-functional GTM coordination. | None | | |
| | [gtm-sales-play](../skills/gtm-sales-play/SKILL.md) | Develop structured sales plays with target personas, talk tracks, objection handling, qualification questions, and follow-up steps. Use when sales teams need repeatable plays for specific products, segments, or competitive situations. | None | | |
| | [gtm-use-cases](../skills/gtm-use-cases/SKILL.md) | Identify, refine, and document product use cases and customer scenarios for GTM, including value propositions, benefits, and proof points. Use when asked to translate product capabilities into customer-facing stories or collateral. | None | |
Comment on lines
214
to
218
| | [ruby-mcp-server-generator](../skills/ruby-mcp-server-generator/SKILL.md) | Generate a complete Model Context Protocol server project in Ruby using the official MCP Ruby SDK gem. | None | | ||
| | [rust-mcp-server-generator](../skills/rust-mcp-server-generator/SKILL.md) | Generate a complete Rust Model Context Protocol server project with tools, prompts, resources, and tests using the official rmcp SDK | None | | ||
| | [sandbox-npm-install](../skills/sandbox-npm-install/SKILL.md) | Install npm packages in a Docker sandbox environment. Use this skill whenever you need to install, reinstall, or update node_modules inside a container where the workspace is mounted via virtiofs. Native binaries (esbuild, lightningcss, rollup) crash on virtiofs, so packages must be installed on the local ext4 filesystem and symlinked back. | `scripts/install.sh` | | ||
| | [scaffolding-oracle-to-postgres-migration-test-project](../skills/scaffolding-oracle-to-postgres-migration-test-project/SKILL.md) | Scaffolds an xUnit integration test project for validating Oracle-to-PostgreSQL database migration behavior in .NET solutions. Creates the test project, transaction-rollback base class, and seed data manager. Use when setting up test infrastructure before writing migration integration tests, or when a test project is needed for Oracle-to-PostgreSQL validation. | None | | ||
| | [scoutqa-test](../skills/scoutqa-test/SKILL.md) | This skill should be used when the user asks to "test this website", "run exploratory testing", "check for accessibility issues", "verify the login flow works", "find bugs on this page", or requests automated QA testing. Triggers on web application testing scenarios including smoke tests, accessibility audits, e-commerce flows, and user flow validation using ScoutQA CLI. Use this skill proactively after implementing web application features to verify they work correctly. | None | |
There was a problem hiding this comment.
This section of the skills table no longer lists secret-scanning and spring-boot-testing (and possibly others) even though those skills still exist under skills/. Please add the missing rows back so the documentation reflects the actual set of skills in the repo.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
npm startand verified that README.md is up to date.Description
This PR introduces the
dockerizing-nodejsskill to the repository.This skill provides GitHub Copilot with comprehensive, best-practice instructions for containerizing Node.js applications. It guides the AI to generate highly optimized, secure, and production-ready
Dockerfileanddocker-compose.ymlconfigurations, focusing on concepts like multi-stage builds, non-root users, dependency caching, and proper environment variable handling.Type of Contribution
Additional Notes
I have successfully run the local validation scripts (
npm run skill:validate,npm run build, andbash scripts/fix-line-endings.sh) to ensure the skill and generated documentation perfectly comply with repository standards.By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.