You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are opportunities to improve the helix Dockerfiles.
Make the Dockerfiles non-root: The Dockerfiles define a non-root user, but install sudo and give that user sudoer permissions. That means that the resultant container images are effectively root images. That's not great.
Base on runtime-deps: We already have official images for running .NET code in containers w/baseline dependencies. We should use them and not guess. Where we don't have the correct runtime-deps image, we should ask for one.
Limit dependencies: This Alma Dockerfile works so why does this Debian Dockerfile install so many packages? We should define the min set and stick to that.
Use Python idiomatically: There are multiple opportunities to improve how we use Python. Those are listed later.
Opportunities to improve Python use:
Install pip one way: First, we install pipvia apt, then install pip via curl, and then upgrade pip via pip.
Adopt venv:venv seems to have replaced virtualenv for most use cases. venv comes with Python. In the case of Debian, we can install it via python3-venv in recent Debian versions. Also, if you use venv, you don't need to separately install pip.
Use the standard directory for venv: The venv docs suggest that env is the default name. We are using .vsts-env. Is that to align with scripts that are run in multiple environments?
Install packages via venv: This approach will enable us to stop using --break-system-package
[Triage]
To begin, we'll update the existing distros for which we have official runtime-deps images and change the relevant Dockerfiles in this repo to be based on those tags. At that point, we'll evaluate to see how that it's working and assess next steps.
There are opportunities to improve the helix Dockerfiles.
sudo
and give that usersudoer
permissions. That means that the resultant container images are effectivelyroot
images. That's not great.runtime-deps
image, we should ask for one.Opportunities to improve Python use:
pip
one way: First, we installpip
via apt, then installpip
viacurl
, and then upgradepip
viapip
.venv
:venv
seems to have replacedvirtualenv
for most use cases.venv
comes with Python. In the case of Debian, we can install it viapython3-venv
in recent Debian versions. Also, if you usevenv
, you don't need to separately installpip
.venv
: Thevenv
docs suggest thatenv
is the default name. We are using.vsts-env
. Is that to align with scripts that are run in multiple environments?venv
: This approach will enable us to stop using--break-system-package
Related issues:
The text was updated successfully, but these errors were encountered: