Containerisation as a Standard
Every production system we ship is containerised. Docker eliminates the “works on my machine” problem, makes deployments reproducible, and is the prerequisite for any modern CI/CD pipeline. We write Dockerfiles with multi-stage builds to keep production images as small and attack-surface-minimal as possible.
Our Docker Practices
- Multi-stage builds — build stage compiles, production stage copies only the binary
- Non-root users in all production containers
- Minimal base images (Alpine, Distroless) for security and size
- .dockerignore files to exclude development dependencies
- Docker Compose for local development environments with hot-reload
- Healthcheck instructions for container orchestrator integration