COPY vs ADD

Last updated: Jun 12, 2026

Author: ManaCoding Team

∙ Docker

COPY vs ADD covers Dockerfile instructions for placing files into an image, with ADD providing extra archive and URL behavior.

📝Syntax

COPY <src> <dest>

copy-vs-add.sh

📝 Example Command

# Topic: COPY vs ADD
FROM alpine:3.20
WORKDIR /app
COPY config.json ./config.json
CMD ["cat", "config.json"]

👁 Output

💡 Copy the example, run it against disposable Docker resources, and compare the resulting state with the lesson.

👀Output

COPY places config.json at /app/config.json without extra behavior

🔍Line-by-Line Explanation

Line	Meaning
`FROM alpine:3.20`	Selects the base image for the new build stage.
`WORKDIR /app`	Sets the working directory used by following instructions.
`COPY config.json ./config.json`	Copies selected build-context files into the image.
`CMD ["cat", "config.json"]`	Defines the default process started by the container.

🌐Real-World Uses

1Packaging applications for repeatable delivery.
2Improving build cache efficiency.
3Creating smaller production runtime images.

⚠Common Mistakes

1Using ADD by default makes builds less obvious and may introduce unexpected extraction.
2Sending unnecessary files in the build context.
3Embedding credentials in image layers.
4Installing build tools in the runtime image.

✓Best Practices

1Prefer COPY for ordinary files because its behavior is explicit; use ADD only when its extra behavior is intentional.
2Keep the build context small with .dockerignore.
3Order stable dependency steps before frequently changed source files.
4Use multi-stage builds where compilation is required.

💡How it works

1Primary Docker responsibility: image build contract.
2Operation performed: create small, reproducible, cache-efficient images.
3The active Docker daemon applies the request to the relevant resource.
4The resulting object state determines whether the operation succeeded.

💡Practical workflow

1Prepare the build context.
2Build with a versioned tag.
3Inspect layers, size, user, and command.
4Run a smoke test from the built image.

💡Verification

1Build equivalent COPY and ADD examples and inspect the resulting filesystem.
2Compare the observed state with the expected output shown in this lesson.
3Repeat the check from a clean or disposable Docker environment.
4Confirm the final evidence is the intended files with no unexpected extraction or download.

💡Limits and boundaries

1This topic owns image build contract; related concerns still need their own configuration.
2Docker does not automatically provide secure permissions, durable data, useful monitoring, or recovery.
3Host operating system, architecture, daemon mode, and runtime environment can change the available behavior.
4Add further tooling only when the application requirement cannot be met by this focused Docker feature.

✅Summary

Identify the Docker resource before changing it.
Run the example with disposable test resources.
Inspect the result instead of trusting command success alone.
Keep configuration reproducible across environments.
Finish with an intentional cleanup or retention decision.

🧑‍💻Interview Questions

Q1. Which Docker resource does COPY vs ADD affect?

Answer: It primarily concerns image build contract.

Q2. What result should COPY vs ADD produce?

Answer: It should produce a reproducible image digest and verified runtime.

Q3. What should be inspected after the operation?

Answer: Inspect the relevant status, metadata, output, dependencies, and cleanup state.

Q4. What production concern matters most?

Answer: Reproducibility and explicit lifecycle ownership are the main production concerns.

Q5. How can the behavior be demonstrated?

Answer: Use the smallest disposable example, observe the state change, and remove the test resources safely.

🎯Quick Quiz

Which approach is best when implementing COPY vs ADD?

○Use explicit inputs, inspect the resulting Docker state, and document cleanup. ○Use mutable defaults and skip recording the Docker configuration. ○Keep important data only in the disposable container writable layer. ○Treat the first successful command as proof that production behavior is correct.