{"id":"b76f692a-26fb-41b4-9ad8-abe0c51d58b0","shortId":"sFmCSs","kind":"skill","title":"vigilante-issue-implementation-on-docker","tagline":"Implement a GitHub issue end-to-end when Vigilante dispatches work for a Docker-focused repository with Dockerfile best practices, image hardening, and secret-safe build guidance.","description":"# Vigilante Docker Issue Implementation\n\n## Focus\n- Read the prompt for detected tech stacks, process hints, and Docker security guidance before changing code.\n- Follow current Dockerfile best practices for image minimization, build efficiency, and secret-safe builds.\n- Keep changes scoped to the issue and do not broaden into unrelated infrastructure redesign.\n\n## Dockerfile Best Practices\n- **Base images**: pin base images to specific versions or digests rather than mutable tags like `latest`. Prefer minimal base images (Alpine, distroless, scratch) to reduce attack surface. When the repository already uses digest-pinned or distroless images, preserve that convention.\n- **Build structure**: use multi-stage builds to separate build dependencies from the final runtime image. Set an explicit `WORKDIR` rather than relying on the default. Combine related `RUN` commands to minimize layers. Order instructions from least to most frequently changing to maximize build cache efficiency. Copy dependency manifests and install dependencies before copying application source.\n- **Package management**: minimize installed packages and remove package manager caches in the same `RUN` layer (e.g., `apt-get install -y --no-install-recommends ... && rm -rf /var/lib/apt/lists/*`). Do not install debug tools, editors, or shells in production images unless the repository explicitly requires them.\n- **`.dockerignore`**: ensure `.dockerignore` excludes build artifacts, test fixtures, secrets, and version-control metadata that should not enter the build context.\n\n## Secret-Safe Builds\n- Never pass secrets through `ARG` or `ENV` instructions — they persist in image history and layer metadata.\n- Use BuildKit secret mounts (`--mount=type=secret`) for build-time secrets when the build requires credentials.\n- Do not copy secret files (`.env`, credentials, tokens, private keys) into the image.\n- Ensure `.dockerignore` excludes sensitive files and directories.\n\n## Runtime Security\n- Run containers as a non-root user when practical — add a `USER` instruction after installing packages.\n- Prefer read-only root filesystems where the application supports it.\n- Expose only the ports the application requires.\n- Do not use `--privileged` or add unnecessary Linux capabilities unless the issue specifically requires it.\n\n## Validation\n- When the repository defines image scanning, Docker build checks, buildx bake, provenance, or policy workflows, respect and preserve them.\n- Run `docker build` or the repository's defined build command to verify Dockerfile changes compile successfully.\n- Do not disable or weaken existing security scanning or build-check configurations.\n\n## Mixed-Stack Repositories\n- A Docker-focused repository may also contain application code in Go, Node.js, Python, or another language.\n- Scope Docker guidance to Dockerfiles, Compose files, `.dockerignore`, and container build/deploy configuration.\n- When the repository also has a language-specific toolchain, respect its own test, lint, and build workflow for application-scoped changes. Check the prompt for detected tech stacks and process hints.\n- When an issue touches both Dockerfiles and application code, validate each side with its respective toolchain rather than validating only one side.\n\n## Workflow\n- Follow the base `vigilante-issue-implementation` workflow for issue comments, validation, push, and PR creation.\n- Use `vigilante commit` for all commit-producing operations. Do not use `git commit` or GitHub CLI commit flows directly.\n- Any commit or amend must preserve the user's existing git author, committer, and signing configuration. Commit on behalf of the user and do not overwrite `git config` with a coding-agent identity.\n- Do not add `Co-authored by:` trailers or any other agent attribution for Codex, Claude, Gemini, or similar coding-agent identities.\n- Repository-specific instructions (`AGENTS.md`, `README.md`, CI config) remain authoritative when they are more specific than the generic Docker guidance in this skill.","tags":["vigilante","issue","implementation","docker","aliengiraffe","agent","agent-skills","agentic-ai","agentic-workflow","agents","ai-orchestration","ai-orchestrator"],"capabilities":["skill","source-aliengiraffe","skill-vigilante-issue-implementation-on-docker","topic-agent","topic-agent-skills","topic-agentic-ai","topic-agentic-workflow","topic-agents","topic-ai-orchestration","topic-ai-orchestrator","topic-orchestration"],"categories":["vigilante"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/aliengiraffe/vigilante/vigilante-issue-implementation-on-docker","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add aliengiraffe/vigilante","source_repo":"https://github.com/aliengiraffe/vigilante","install_from":"skills.sh"}},"qualityScore":"0.464","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 28 github stars · SKILL.md body (4,027 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-01T07:01:23.914Z","embedding":null,"createdAt":"2026-04-18T22:23:11.041Z","updatedAt":"2026-05-01T07:01:23.914Z","lastSeenAt":"2026-05-01T07:01:23.914Z","tsv":"'/var/lib/apt/lists':214 'add':322,352,572 'agent':568,581,591 'agents.md':597 'alpin':110 'alreadi':120 'also':421,447 'amend':539 'anoth':430 'applic':185,337,345,423,464,484 'application-scop':463 'apt':204 'apt-get':203 'arg':261 'artifact':237 'attack':115 'attribut':582 'author':547,575 'authorit':602 'bake':373 'base':90,93,108,502 'behalf':554 'best':27,61,88 'broaden':82 'build':35,66,72,131,137,140,174,236,251,256,282,287,370,384,390,408,460 'build-check':407 'build-tim':281 'build/deploy':442 'buildkit':274 'buildx':372 'cach':175,196 'capabl':355 'chang':56,74,171,395,466 'check':371,409,467 'ci':599 'claud':585 'cli':532 'co':574 'co-author':573 'code':57,424,485,567,590 'codex':584 'coding-ag':566,589 'combin':157 'command':160,391 'comment':510 'commit':518,522,529,533,537,552 'commit-produc':521 'committ':548 'compil':396 'compos':437 'config':563,600 'configur':410,443,551 'contain':313,422,441 'context':252 'control':244 'convent':130 'copi':177,184,292 'creation':515 'credenti':289,296 'current':59 'debug':218 'default':156 'defin':366,389 'depend':141,178,182 'detect':46,471 'digest':99,123 'digest-pin':122 'direct':535 'directori':309 'disabl':400 'dispatch':17 'distroless':111,126 'docker':6,22,38,52,369,383,417,433,611 'docker-focus':21,416 'dockerfil':26,60,87,394,436,482 'dockerignor':232,234,304,439 'e.g':202 'editor':220 'effici':67,176 'end':12,14 'end-to-end':11 'ensur':233,303 'enter':249 'env':263,295 'exclud':235,305 'exist':403,545 'explicit':149,229 'expos':340 'file':294,307,438 'filesystem':334 'final':144 'fixtur':239 'flow':534 'focus':23,41,418 'follow':58,500 'frequent':170 'gemini':586 'generic':610 'get':205 'git':528,546,562 'github':9,531 'go':426 'guidanc':36,54,434,612 'harden':30 'hint':50,476 'histori':269 'ident':569,592 'imag':29,64,91,94,109,127,146,225,268,302,367 'implement':4,7,40,506 'infrastructur':85 'instal':181,190,206,210,217,327 'instruct':165,264,325,596 'issu':3,10,39,78,358,479,505,509 'keep':73 'key':299 'languag':431,451 'language-specif':450 'latest':105 'layer':163,201,271 'least':167 'like':104 'lint':458 'linux':354 'manag':188,195 'manifest':179 'maxim':173 'may':420 'metadata':245,272 'minim':65,107,162,189 'mix':412 'mixed-stack':411 'mount':276,277 'multi':135 'multi-stag':134 'must':540 'mutabl':102 'never':257 'no-install-recommend':208 'node.js':427 'non':317 'non-root':316 'one':497 'oper':524 'order':164 'overwrit':561 'packag':187,191,194,328 'pass':258 'persist':266 'pin':92,124 'polici':376 'port':343 'pr':514 'practic':28,62,89,321 'prefer':106,329 'preserv':128,380,541 'privat':298 'privileg':350 'process':49,475 'produc':523 'product':224 'prompt':44,469 'proven':374 'push':512 'python':428 'rather':100,151,493 'read':42,331 'read-on':330 'readme.md':598 'recommend':211 'redesign':86 'reduc':114 'relat':158 'reli':153 'remain':601 'remov':193 'repositori':24,119,228,365,387,414,419,446,594 'repository-specif':593 'requir':230,288,346,360 'respect':378,454,491 'rf':213 'rm':212 'root':318,333 'run':159,200,312,382 'runtim':145,310 'safe':34,71,255 'scan':368,405 'scope':75,432,465 'scratch':112 'secret':33,70,240,254,259,275,279,284,293 'secret-saf':32,69,253 'secur':53,311,404 'sensit':306 'separ':139 'set':147 'shell':222 'side':488,498 'sign':550 'similar':588 'skill':615 'skill-vigilante-issue-implementation-on-docker' 'sourc':186 'source-aliengiraffe' 'specif':96,359,452,595,607 'stack':48,413,473 'stage':136 'structur':132 'success':397 'support':338 'surfac':116 'tag':103 'tech':47,472 'test':238,457 'time':283 'token':297 'tool':219 'toolchain':453,492 'topic-agent' 'topic-agent-skills' 'topic-agentic-ai' 'topic-agentic-workflow' 'topic-agents' 'topic-ai-orchestration' 'topic-ai-orchestrator' 'topic-orchestration' 'touch':480 'trailer':577 'type':278 'unless':226,356 'unnecessari':353 'unrel':84 'use':121,133,273,349,516,527 'user':319,324,543,557 'valid':362,486,495,511 'verifi':393 'version':97,243 'version-control':242 'vigilant':2,16,37,504,517 'vigilante-issue-implement':503 'vigilante-issue-implementation-on-dock':1 'weaken':402 'work':18 'workdir':150 'workflow':377,461,499,507 'y':207","prices":[{"id":"a7094a8a-f80e-426d-946f-c821fc937f18","listingId":"b76f692a-26fb-41b4-9ad8-abe0c51d58b0","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"aliengiraffe","category":"vigilante","install_from":"skills.sh"},"createdAt":"2026-04-18T22:23:11.041Z"}],"sources":[{"listingId":"b76f692a-26fb-41b4-9ad8-abe0c51d58b0","source":"github","sourceId":"aliengiraffe/vigilante/vigilante-issue-implementation-on-docker","sourceUrl":"https://github.com/aliengiraffe/vigilante/tree/main/skills/vigilante-issue-implementation-on-docker","isPrimary":false,"firstSeenAt":"2026-04-18T22:23:11.041Z","lastSeenAt":"2026-05-01T07:01:23.914Z"}],"details":{"listingId":"b76f692a-26fb-41b4-9ad8-abe0c51d58b0","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"aliengiraffe","slug":"vigilante-issue-implementation-on-docker","github":{"repo":"aliengiraffe/vigilante","stars":28,"topics":["agent","agent-skills","agentic-ai","agentic-workflow","agents","ai","ai-orchestration","ai-orchestrator","orchestration"],"license":"apache-2.0","html_url":"https://github.com/aliengiraffe/vigilante","pushed_at":"2026-04-23T16:58:46Z","description":"Vigilante is a sandbox-first orchestration layer for coding agents. It isolates every task in a git worktree, enforces strict credential scoping, and gives you full audit logs — so your agents can't burn down production.","skill_md_sha":"eb19f8c28abf4079793978809173a83504fc0dde","skill_md_path":"skills/vigilante-issue-implementation-on-docker/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/aliengiraffe/vigilante/tree/main/skills/vigilante-issue-implementation-on-docker"},"layout":"multi","source":"github","category":"vigilante","frontmatter":{"name":"vigilante-issue-implementation-on-docker","description":"Implement a GitHub issue end-to-end when Vigilante dispatches work for a Docker-focused repository with Dockerfile best practices, image hardening, and secret-safe build guidance."},"skills_sh_url":"https://skills.sh/aliengiraffe/vigilante/vigilante-issue-implementation-on-docker"},"updatedAt":"2026-05-01T07:01:23.914Z"}}