Comments (7)
+1, super agree. @yosifkit @tianon thoughts?
from python.
So, I'm actually very -1 on this idea unless there's a really strong case for it, and I think this section of the Hub readme helps explain a little bit what my position is:
While the onbuild variant is really useful for "getting off the ground running" (zero to Dockerized in a short period of time), it's not recommended for long-term usage within a project due to the lack of control over when the ONBUILD triggers fire (see also moby/moby#5714, moby/moby#8240, moby/moby#11917).
Once you've got a handle on how your project functions within Docker, you'll probably want to adjust your Dockerfile to inherit from a non-onbuild variant and copy the commands from the onbuild variant Dockerfile (moving the ONBUILD lines to the end and removing the ONBUILD keywords) into your own file so that you have tighter control over them and more transparency for yourself and others looking at your Dockerfile as to what it does. This also makes it easier to add additional requirements as time goes on (such as installing more packages before performing the previously-ONBUILD steps).
The onbuild
variant is really great for getting zero-to-Docker really, really fast, but it breaks down very quickly because inevitably you want more customized behavior. For example, if we add a slim-onbuild
variant, the minute your requirements.txt
references a module that needs to compile any C code, it'll fail and you'll be back to writing your own Dockerfile
again (because you cannot tell Docker that you want to apt-get install
something before it runs the ONBUILD
instructions, so you can't install extra packages before the pip install
occurs).
In Python's specific case, onbuild/Dockerfile
is really, really trivial: (https://github.com/docker-library/python/blob/0fa3202789648132971160f686f5a37595108f44/3.5/onbuild/Dockerfile)
FROM python:3.5
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
ONBUILD COPY requirements.txt /usr/src/app/
ONBUILD RUN pip install --no-cache-dir -r requirements.txt
ONBUILD COPY . /usr/src/app
Writing those lines in your own Dockerfile
instead gives you the flexibility and control you either need now, or will inevitably need later (especially if you want to go with the slim
variant, which doesn't have any headers or even a C compiler IIRC).
So what I'd recommend instead is something like this:
FROM python:3.5-slim
RUN apt-get update && apt-get install -y some-packages-you-need && rm -rf /var/lib/apt/lists/*
# mkdir isn't necessary anymore -- there used to be bugs in WORKDIR that necessitated it
WORKDIR /usr/src/app
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r requirements.txt
COPY . /usr/src/app
CMD ["python3", "your-main.py"]
from python.
So, I think there's something to be said for an image that just kinda does a thing. For one-off scripts which run off somewhere, I don't think I'd need much, and it'd be good to have a trimmed down version I could use too.
How about this; is there another home we could put the slim variant?
from python.
from python.
I guess my takeway here is that it's too bad that ONBUILD
isn't good enough that you can use it as the basis for building real abstractions.
from python.
from python.
On account of this, I guess I'm going to close this.
from python.
Related Issues (20)
- Vulnerability in Python 3.10 (setuptools inside ensurepip folder) HOT 6
- Cleanup tag alpine3.19 HOT 1
- Debbuging a `-slim` image? HOT 1
- Propral: additional base image `amazonlinux:2023`
- Consider including `uv` in images HOT 2
- SSL problems on python:3.11.8-bookworm image? HOT 6
- 3.12.0 apt-get upgrade fails on tzdata HOT 1
- CVE-2023-52425 - Rebuild alpine-based images HOT 3
- Possible use of system python packages for alpine? HOT 2
- Inexplicable pip install caching behavior HOT 1
- 3.10 bullseye build fails: "gpg: Can't check signature: No public key" HOT 1
- An error occurred while using the Python magic library at Docker & Github Action. "E ModuleNotFoundError: No module named 'magic'" HOT 3
- python 2.7.18 alpine image based on broken musl version HOT 1
- Threading issues in python3.11 to python3.11.9-slim-bookworm HOT 13
- Issue: Facing CVE-2018-20225 in Python 3.11.9-alpine3.19 Docker Image HOT 2
- Addressing CVE-2022-40897 Vulnerability in Python 3.11.9-alpine3.19 Docker Image HOT 2
- CVE-2023-42366 Vulnerability in Python 3.11.9-alpine3.19 Docker Image HOT 2
- Facing CVE-2024-3094 in Python 3.11.9-alpine3.19 Docker Image HOT 1
- CVE-2023-52425 in most images except alpine HOT 2
- Python:3.11-slim-bookworm image still uses debian:12.0 but not 12.5 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python.