Dockerfile Writing Vocabulary
5 exercises — Master the English vocabulary of writing production-quality Dockerfiles: COPY vs ADD, CMD vs ENTRYPOINT, multi-stage builds, and layer caching.
0 / 5 completed
Quick reference: Dockerfile vocabulary
- COPY — copies local files into image; explicit, predictable, always preferred over ADD for local files
- ENTRYPOINT — fixed executable; CMD — default arguments, overridable at docker run
- Multi-stage build — multiple FROM instructions; COPY --from extracts only runtime artifacts
- Layer cache — each instruction is cached; order dependencies before source to minimise cache busts
- Exec form — JSON array syntax; process becomes PID 1 and receives signals directly
1 / 5
A code review comment reads: "You're using ADD to copy your application source into the image. Replace it with COPY — ADD has extra behaviour you don't need here, and it makes the Dockerfile harder to reason about."
Which statement best describes the key difference between COPY and ADD?
COPY is explicit; ADD has hidden "magic" that is rarely what you want.
Both
1. It can fetch files from remote URLs (a security risk if misused — the URL content is not verified at build time)
2. It automatically extracts
Docker's official best practices recommend using
Key vocabulary:
• COPY — Dockerfile instruction that copies local files or directories from the build context into the image
• ADD — like COPY, but also supports remote URL fetching and automatic archive extraction
• build context — the set of files sent to the Docker daemon when running
• layer — each Dockerfile instruction creates an immutable image layer stacked on the previous one
Both
COPY and ADD place files into the image, but ADD has two additional behaviours:1. It can fetch files from remote URLs (a security risk if misused — the URL content is not verified at build time)
2. It automatically extracts
.tar, .tar.gz, and other archive formatsDocker's official best practices recommend using
COPY for all local file operations and reserving ADD only for the rare case where automatic tar extraction is explicitly needed. Any valid use of ADD for remote URLs should be replaced by a RUN curl | tar pattern so the source and verification are explicit.Key vocabulary:
• COPY — Dockerfile instruction that copies local files or directories from the build context into the image
• ADD — like COPY, but also supports remote URL fetching and automatic archive extraction
• build context — the set of files sent to the Docker daemon when running
docker build• layer — each Dockerfile instruction creates an immutable image layer stacked on the previous one