Add Dockerizing Node.js skill

[utkarsh232005]

Pull Request Checklist

• I have read and followed the CONTRIBUTING.md guidelines.
• I have read and followed the Guidance for submissions involving paid services.
• My contribution adds a new instruction, prompt, agent, skill, or workflow file in the correct directory.
• The file follows the required naming convention.
• The content is clearly structured and follows the example format.
• I have tested my instructions, prompt, agent, skill, or workflow with GitHub Copilot.
• I have run npm start and verified that README.md is up to date.

---

Description

This PR introduces the dockerizing-nodejs skill to the repository.

This skill provides GitHub Copilot with comprehensive, best-practice instructions for containerizing Node.js applications. It guides the AI to generate highly optimized, secure, and production-ready Dockerfile and docker-compose.yml configurations, focusing on concepts like multi-stage builds, non-root users, dependency caching, and proper environment variable handling.

---

Type of Contribution

• New instruction file.
• New prompt file.
• New agent file.
• New plugin.
• New skill file.
• New agentic workflow.
• Update to existing instruction, prompt, agent, plugin, skill, or workflow.
• Other (please specify):

---

Additional Notes

I have successfully run the local validation scripts (npm run skill:validate, npm run build, and bash scripts/fix-line-endings.sh) to ensure the skill and generated documentation perfectly comply with repository standards.

---

By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.

[Copilot]

Pull request overview

Adds a new dockerizing-nodejs skill intended to guide Copilot in generating production-ready Docker/Docker Compose assets for Node.js projects, and updates the skills index documentation.

Changes:

• Added skills/dockerizing-nodejs/SKILL.md with a structured, prompt-driven Dockerization workflow for Node.js apps.
• Updated docs/README.skills.md to include the new dockerizing-nodejs entry.
• (Unintended/needs confirmation) Removed multiple existing skill entries from docs/README.skills.md while the corresponding skills/* directories still exist.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
skills/dockerizing-nodejs/SKILL.md	New skill content covering Dockerfile, .dockerignore, Compose, hardening, and CI/CD guidance for Node.js.
docs/README.skills.md	Adds the new skill to the skills table, but also drops several existing skills from the index (needs correction).

Comments suppressed due to low confidence (5)

docs/README.skills.md:61

• The codeql skill entry has been removed from docs/README.skills.md, but skills/codeql/ still exists. Please add the row back (or remove/deprecate the skill folder in the same PR) so the skills index stays consistent with the repository contents.

| [centos-linux-triage](../skills/centos-linux-triage/SKILL.md) | Triage and resolve CentOS issues using RHEL-compatible tooling, SELinux-aware practices, and firewalld. | None |
| [chrome-devtools](../skills/chrome-devtools/SKILL.md) | Expert-level browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use for interacting with web pages, capturing screenshots, analyzing network traffic, and profiling performance. | None |
| [cli-mastery](../skills/cli-mastery/SKILL.md) | Interactive training for the GitHub Copilot CLI. Guided lessons, quizzes, scenario challenges, and a full reference covering slash commands, shortcuts, modes, agents, skills, MCP, and configuration. Say "cliexpert" to start. | `references/final-exam.md`<br />`references/module-1-slash-commands.md`<br />`references/module-2-keyboard-shortcuts.md`<br />`references/module-3-modes.md`<br />`references/module-4-agents.md`<br />`references/module-5-skills.md`<br />`references/module-6-mcp.md`<br />`references/module-7-advanced.md`<br />`references/module-8-configuration.md`<br />`references/scenarios.md` |
| [cloud-design-patterns](../skills/cloud-design-patterns/SKILL.md) | Cloud design patterns for distributed systems architecture covering 42 industry-standard patterns across reliability, performance, messaging, security, and deployment categories. Use when designing, reviewing, or implementing distributed system architectures. | `references/architecture-design.md`<br />`references/azure-service-mappings.md`<br />`references/best-practices.md`<br />`references/deployment-operational.md`<br />`references/event-driven.md`<br />`references/messaging-integration.md`<br />`references/performance.md`<br />`references/reliability-resilience.md`<br />`references/security.md` |

docs/README.skills.md:106

• The dependabot skill entry has been removed from docs/README.skills.md, but skills/dependabot/ is still present. Please restore the missing table row (or remove the skill directory if it’s intentionally being retired) to keep the docs index accurate.

| [dataverse-python-advanced-patterns](../skills/dataverse-python-advanced-patterns/SKILL.md) | Generate production code for Dataverse SDK using advanced patterns, error handling, and optimization techniques. | None |
| [dataverse-python-production-code](../skills/dataverse-python-production-code/SKILL.md) | Generate production-ready Python code using Dataverse SDK with error handling, optimization, and best practices | None |
| [dataverse-python-quickstart](../skills/dataverse-python-quickstart/SKILL.md) | Generate Python SDK setup + CRUD + bulk + paging snippets using official patterns. | None |
| [dataverse-python-usecase-builder](../skills/dataverse-python-usecase-builder/SKILL.md) | Generate complete solutions for specific Dataverse SDK use cases with architecture recommendations | None |
| [debian-linux-triage](../skills/debian-linux-triage/SKILL.md) | Triage and resolve Debian Linux issues with apt, systemd, and AppArmor-aware guidance. | None |

docs/README.skills.md:136

• A large block of gtm-* skills is no longer listed in docs/README.skills.md, but the corresponding skills/gtm-* directories still exist. Unless the intent is to remove those skills from the repo, the index should keep listing them; consider regenerating README.skills.md from the current skills/ tree to avoid dropping entries.

| [generate-custom-instructions-from-codebase](../skills/generate-custom-instructions-from-codebase/SKILL.md) | Migration and code evolution instructions generator for GitHub Copilot. Analyzes differences between two project versions (branches, commits, or releases) to create precise instructions allowing Copilot to maintain consistency during technology migrations, major refactoring, or framework version upgrades. | None |
| [gh-cli](../skills/gh-cli/SKILL.md) | GitHub CLI (gh) comprehensive reference for repositories, issues, pull requests, Actions, projects, releases, gists, codespaces, organizations, extensions, and all GitHub operations from the command line. | None |
| [git-commit](../skills/git-commit/SKILL.md) | Execute git commit with conventional commit message analysis, intelligent staging, and message generation. Use when user asks to commit changes, create a git commit, or mentions "/commit". Supports: (1) Auto-detecting type and scope from changes, (2) Generating conventional commit messages from diff, (3) Interactive commit with optional type/scope/description overrides, (4) Intelligent file staging for logical grouping | None |
| [git-flow-branch-creator](../skills/git-flow-branch-creator/SKILL.md) | Intelligent Git Flow branch creator that analyzes git status/diff and creates appropriate branches following the nvie Git Flow branching model. | None |

docs/README.skills.md:222

• The skills table no longer lists secret-scanning and spring-boot-testing, but their directories still exist under skills/. Please restore those rows (or remove the skills themselves) so docs/README.skills.md stays consistent with the repository contents.

| [python-mcp-server-generator](../skills/python-mcp-server-generator/SKILL.md) | Generate a complete MCP server project in Python with tools, resources, and proper configuration | None |
| [quasi-coder](../skills/quasi-coder/SKILL.md) | Expert 10x engineer skill for interpreting and implementing code from shorthand, quasi-code, and natural language descriptions. Use when collaborators provide incomplete code snippets, pseudo-code, or descriptions with potential typos or incorrect terminology. Excels at translating non-technical or semi-technical descriptions into production-quality code. | None |
| [readme-blueprint-generator](../skills/readme-blueprint-generator/SKILL.md) | Intelligent README.md generation prompt that analyzes project documentation structure and creates comprehensive repository documentation. Scans .github/copilot directory files and copilot-instructions.md to extract project information, technology stack, architecture, development workflow, coding standards, and testing approaches while generating well-structured markdown documentation with proper formatting, cross-references, and developer-focused content. | None |
| [refactor](../skills/refactor/SKILL.md) | Surgical code refactoring to improve maintainability without changing behavior. Covers extracting functions, renaming variables, breaking down god functions, improving type safety, eliminating code smells, and applying design patterns. Less drastic than repo-rebuilder; use for gradual improvements. | None |
| [refactor-method-complexity-reduce](../skills/refactor-method-complexity-reduce/SKILL.md) | Refactor given method `${input:methodName}` to reduce its cognitive complexity to `${input:complexityThreshold}` or below, by extracting helper methods. | None |

docs/README.skills.md:40

• docs/README.skills.md no longer lists the autoresearch and aws-cdk-python-setup skills even though their folders still exist under skills/. This looks like an accidental deletion (or a failed README generation) and will make those skills undiscoverable; please restore those rows or rerun the repo’s README generation so the skills table reflects the actual skills/ directory.

| [aspire](../skills/aspire/SKILL.md) | Aspire skill covering the Aspire CLI, AppHost orchestration, service discovery, integrations, MCP server, VS Code extension, Dev Containers, GitHub Codespaces, templates, dashboard, and deployment. Use when the user asks to create, run, debug, configure, deploy, or troubleshoot an Aspire distributed application. | `references/architecture.md`<br />`references/cli-reference.md`<br />`references/dashboard.md`<br />`references/deployment.md`<br />`references/integrations-catalog.md`<br />`references/mcp-server.md`<br />`references/polyglot-apis.md`<br />`references/testing.md`<br />`references/troubleshooting.md` |
| [aspnet-minimal-api-openapi](../skills/aspnet-minimal-api-openapi/SKILL.md) | Create ASP.NET Minimal API endpoints with proper OpenAPI documentation | None |
| [automate-this](../skills/automate-this/SKILL.md) | Analyze a screen recording of a manual process and produce targeted, working automation scripts. Extracts frames and audio narration from video files, reconstructs the step-by-step workflow, and proposes automation at multiple complexity levels using tools already installed on the user machine. | None |
| [autoresearch](../skills/autoresearch/SKILL.md) | Autonomous iterative experimentation loop for any programming task. Guides the user through defining goals, measurable metrics, and scope constraints, then runs an autonomous loop of code changes, testing, measuring, and keeping/discarding results. Inspired by Karpathy's autoresearch. USE FOR: autonomous improvement, iterative optimization, experiment loop, auto research, performance tuning, automated experimentation, hill climbing, try things automatically, optimize code, run experiments, autonomous coding loop. DO NOT USE FOR: one-shot tasks, simple bug fixes, code review, or tasks without a measurable metric. | None |

[Copilot]

In section 2.2, the Copilot prompt says to copy production node_modules from stage 1 and create a non-root user named node with uid 1001, but the “Expected Output” Dockerfile later reinstalls deps in stage 2 and creates appuser without setting uid. Please make the prompt requirements and expected Dockerfile consistent to avoid conflicting guidance.

Suggested change

	- Copy only the built output (/dist) and production node_modules from stage 1
	- Set NODE_ENV=production
	- Create a non-root user called 'node' with uid 1001
	- Copy only the built output (/dist) from stage 1
	- Install only production dependencies (for example, using `npm ci --omit=dev`)
	- Set NODE_ENV=production
	- Create a non-root user called 'appuser'

[Copilot]

The Trivy example uses aquasecurity/trivy-action@master. Using a moving branch is a supply-chain risk and can break unexpectedly; please pin to a stable release tag or (preferably) a commit SHA in the example.

Suggested change

	uses: aquasecurity/trivy-action@master
	uses: aquasecurity/trivy-action@v0.24.0

[utkarsh232005]

@aaronpowell I’d like to request if you could please add me as a code owner for this skill.