initial: add all custom Claude.ai skills

my-python-senior/containers.md

@@ -0,0 +1,49 @@
+# Containers and Deployment Guidelines
+
+## Docker/Podman basics
+
+- Prefer small, focused images with:
+  - minimal base (e.g. `python:3.x-slim`, `debian:stable-slim`, or distroless where appropriate)
+  - pinned major versions for reproducibility.
+- Use multi-stage builds:
+  - builder image for dependencies and compilation
+  - slim runtime image with only what is needed.
+
+## Image structure
+
+- Avoid copying whole repositories blindly; copy only necessary parts:
+  - `pyproject.toml` / `setup.cfg` / `requirements.txt`
+  - `src/` or application code
+  - scripts and entrypoints.
+- Do not run containers as root unless strictly required.
+- Set a working directory (`WORKDIR /app`) and explicit entrypoint.
+
+## Dependencies and caching
+
+- Leverage Docker layer caching:
+  - copy dependency descriptors first
+  - install dependencies
+  - then copy source code.
+- Pin versions of critical dependencies; use constraints files where relevant.
+
+## Runtime behavior
+
+- Applications should respond correctly to signals (`SIGTERM`, `SIGINT`) and exit promptly.
+- Avoid writing to container filesystem except to designated writable paths; support external volumes for state.
+- Expose configuration via env vars with sane defaults.
+
+## Observability and health
+
+- Provide:
+  - health endpoints for HTTP services
+  - metrics endpoints (Prometheus-style when building web services).
+- Log to stdout/stderr in structured or easily parseable format.
+- Make it easy to run the same container locally and in CI/CD.
+
+## Security basics
+
+- Minimize attack surface:
+  - remove build tools, compilers, and unnecessary packages in runtime image
+  - use non-root user
+  - keep base images updated.
+- Handle secrets via env vars or secret stores, never bake them into images.