Open
Description
There are opportunities to improve the helix Dockerfiles.
- Make the Dockerfiles non-root: The Dockerfiles define a non-root user, but install
sudo
and give that usersudoer
permissions. That means that the resultant container images are effectivelyroot
images. That's not great. - Base on runtime-deps: We already have official images for running .NET code in containers w/baseline dependencies. We should use them and not guess. Where we don't have the correct
runtime-deps
image, we should ask for one. - Limit dependencies: This Alma Dockerfile works so why does this Debian Dockerfile install so many packages? We should define the min set and stick to that.
- Use Python idiomatically: There are multiple opportunities to improve how we use Python. Those are listed later.
Opportunities to improve Python use:
- Install
pip
one way: First, we installpip
via apt, then installpip
viacurl
, and then upgradepip
viapip
. - Adopt
venv
:venv
seems to have replacedvirtualenv
for most use cases.venv
comes with Python. In the case of Debian, we can install it viapython3-venv
in recent Debian versions. Also, if you usevenv
, you don't need to separately installpip
. - Use the standard directory for
venv
: Thevenv
docs suggest thatenv
is the default name. We are using.vsts-env
. Is that to align with scripts that are run in multiple environments? - Install packages via
venv
: This approach will enable us to stop using--break-system-package
Related issues:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Type
Projects
Status
Backlog