Dockerfiles act as build recipes containing sequential instructions to assemble a container image. The Docker daemon processes these instructions from top to bottom. Every valid Dockerfile must begin by defining a base image. Comments within the file are denoted by the # symbol.

FROM

The FROM instruction initializes the build process by setting the base image. It must be the first instruction in the file.

FROM ubuntu:22.04
FROM node:18-alpine

MAINTAINER

This instruction allows the author to set contact details for the image. While valid, the LABEL instruction is now often preferred for metadata.

MAINTAINER "DevOps Team <admin@example.com>"

RUN

RUN executes commands within the image's filesystem layer to build the final image. It supports two formats: shell form and exec form. Intermediate layers created by RUN are cached.

RUN apt-get update && apt-get install -y python3
RUN ["/bin/bash", "-c", "echo hello"]

CMD

This directive provides default execution parameters for a container instance. There can be only one CMD in a Dockerfile. If users specify a command during docker run, it overrides this default.

CMD ["nginx", "-g", "daemon off;"]
CMD ["node", "app.js"]

COPY

The COPY instruction transfers files or directories from the build context on the host machine into the container's filesystem.

COPY ./src/app.js /usr/src/app/
COPY config.json /etc/app/config.json

ADD

Similar to COPY, but with added capabilities. ADD can handle remote URLs and automatically extract tar archives. Best practices often suggest using COPY for simple file transfers to avoid unintended side effects.

ADD https://example.com/archive.tar.gz /tmp/
ADD local-archive.tar.gz /var/www/html/

ENV

Sets environment variables available during both the build process and runtime for the container.

ENV APP_ENV=production
ENV DB_HOST=localhost DB_PORT=5432

EXPOSE

Documents the network ports the container listens on. It does not publish the port but acts as a hint for users and enables automatic port mapping via the -P flag.

EXPOSE 8080
EXPOSE 443 80

ARG

Defines build-time variables passed via the --build-arg flag. Unlike ENV variables, ARG values are not persisted in the final image.

ARG VERSION=latest
ARG USER_ID

VOLUME

Creates a mount point to externally hosted volumes or other containers. It marks specific directories as holding persistent data, bypassing the container's filesystem.

VOLUME ["/data/log"]
VOLUME ["/var/lib/mysql"]

WORKDIR

Sets the working directory for any RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it.

WORKDIR /app
WORKDIR /opt/services

ONBUILD

Adds a trigger instruction to be executed when the image is used as a base for another build. The triggered instruction runs after the downstream FROM.

ONBUILD COPY . /app/src
ONBUILD RUN npm install

LABEL

Applies key-value metadata to the image, useful for organization, licensing, and versioning information.

LABEL version="2.0.1" description="API Service" vendor="TechCorp"