Devops on Commentary of Takao

Designing Reusable Docker Compose Configs for Dev and Prod

Mon, 20 Apr 2026 00:00:00 +0900

Designing Reusable Docker Compose Configs for Dev and Prod

Docker Compose is the standard tool for defining and running multi-container applications. But many teams fall into the trap of maintaining separate docker-compose.yml files for development, staging, and production — leading to duplication, drift, and configuration bugs.

A better approach uses compose file overlays, profiles, and environment variables to keep a single source of truth that adapts to each environment.

The Base `compose.yml` Pattern

Start with a single compose.yml that defines the shared service definitions — the image, command, ports, and environment that remain the same across environments.

Accelerating GitHub Actions Workflows via actions/cache

Thu, 20 Nov 2025 00:00:00 +0900

Automated CI/CD pipelines (like GitHub Actions) are a cornerstone of modern software quality control. However, if your workflows fetch external packages, boot container environments, and rebuild entire applications from scratch on every pull request, execution times can quickly balloon to several minutes.

Long feedback loops slow developer productivity and lead to higher billing costs.

In this article, we’ll demonstrate how to utilize GitHub’s official caching mechanisms to speed up your workflows from minutes to seconds.

Reducing Docker Image Sizes with Multi-Stage Builds

Thu, 20 Mar 2025 00:00:00 +0900

Introduction

Keeping Docker image footprints small is critical for accelerating deployment cycles, lowering storage costs, and tightening security by shrinking the container’s attack surface.

However, a naive Dockerfile construction often bundles compile-time dependencies (like gcc, headers, build caches) and testing tools directly into the final runtime image. This inflates the image size from a few megabytes to hundreds or gigabytes.

To solve this, Docker introduced Multi-Stage Builds. This article reviews the core practices of multi-stage architectures, demonstrating image footprint optimization using a TypeScript Node.js project.

Docker Networking: From Bridge to Overlay Networks

Tue, 27 Aug 2024 00:00:00 +0900

Introduction

Docker containers are designed to be portable and isolated, but they rarely run in isolation. Containers need to communicate with each other, with the host system, and with external services. Understanding Docker’s networking model is essential for building reliable, secure, and performant containerized applications.

Docker provides several built-in network drivers — bridge, host, overlay, macvlan, ipvlan, and none — each suited to different use cases. This guide covers each driver in depth, along with DNS resolution, port mapping, security isolation, and Docker Compose networking patterns.

Container Security Scanning: Protecting Your Supply Chain

Tue, 16 Jul 2024 00:00:00 +0900

Container security is no longer optional. With supply chain attacks on the rise, securing container images from build to runtime is a fundamental requirement for any organization running containerized workloads. Runtime security alone is insufficient; supply chain security must start at the image build stage.

The Container Supply Chain Threat Landscape

Attack vectors in the container supply chain include compromised base images, vulnerable dependencies, leaked secrets, and malicious packages. Real-world incidents such as the Codecov breach exposing credentials, dependency confusion attacks, and cryptominers found in public images highlight the severity of these threats. The shared responsibility model means that while platforms like Docker provide base infrastructure, the security of your built images is your responsibility.

GitHub Actions Advanced: Workflows Beyond CI/CD Basics

Tue, 16 Apr 2024 00:00:00 +0900

Introduction

GitHub Actions has evolved from a simple CI/CD tool into a comprehensive automation platform. While basic workflows are well-documented, the platform’s advanced features—reusable workflows, composite actions, matrix strategies, and deployment patterns—enable sophisticated automation pipelines. This article explores these advanced capabilities for teams building complex CI/CD systems.

Reusable Workflows

Reusable workflows allow you to define a workflow in one repository and call it from others, following the DRY principle. They are triggered with workflow_call and accept inputs and secrets.

Docker Health Checks and Container Monitoring Best Practices

Mon, 25 Dec 2023 00:00:00 +0900

Docker health checks are essential for building self-healing container infrastructure. They enable automatic detection of application failures and trigger container restarts, ensuring your services remain available. This guide covers everything from basic HEALTHCHECK implementation to advanced production patterns.

The HEALTHCHECK Instruction

The HEALTHCHECK instruction in a Dockerfile tells Docker how to test whether a container is still working correctly:

HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
 CMD curl -f http://localhost:3000/health || exit 1

Docker tracks three states: starting (during the start period), healthy (checks pass), and unhealthy (checks fail after retries). The --start-period is critical for applications with slow startup times – it suppresses failures during initialization.

Devops on Commentary of Takao

Designing Reusable Docker Compose Configs for Dev and Prod

Designing Reusable Docker Compose Configs for Dev and Prod

The Base compose.yml Pattern

Accelerating GitHub Actions Workflows via actions/cache

Reducing Docker Image Sizes with Multi-Stage Builds

Introduction

Docker Networking: From Bridge to Overlay Networks

Introduction

Container Security Scanning: Protecting Your Supply Chain

The Container Supply Chain Threat Landscape

GitHub Actions Advanced: Workflows Beyond CI/CD Basics

Introduction

Reusable Workflows

Docker Health Checks and Container Monitoring Best Practices

The HEALTHCHECK Instruction

The Base `compose.yml` Pattern