I’m trying to build a Docker image based on the
python:3.10.13-alpine3.18 image. The reason for why I chose to use
Debian, is due to the vulnerabilities seen in
Debian (observed using Snyk, see here). Alpine seem to show no vulnerabilities, at least no critical.
This is the Docker file that includes the step needed to reproduce the issue:
RUN python3 -m pip install streamlit
This results in
numpy failing to build.
Alpine does not support installing through wheels, so wheels have to be built from scratch. This should not be an issue for small, standalone packages, but quickly becomes a challenge for complex packages like
streamlit, with various of dependencies.
Of course there exists Alpine-precompiled packages for
numpy (see here), but I do not see any for
streamlit, or any other relevant packages. So might be that I will have to build all these myself from scratch.
So I was wondering if anyone has tried using
streamlit with Alpine, and if there existed Alpine-precompiled packages somewhere that I could test?
Note that installing just a simple package like
pyarrow that has two main dependencies in pandas and numpy, requires an insane amount of overhead, just to get working with Alpine (see this thread).
Just to demonstrate how annoying Alpine is, I pasted the proposed solution just to install
pyarrow in a Alpine Docker image below:
RUN apk add --no-cache \
RUN pip install six numpy pandas cython pytest
RUN git clone https://github.com/apache/arrow.git
RUN mkdir /arrow/cpp/build
RUN sed -i -e '/_EXECINFO_H/,/endif/d' -e '/execinfo/d' ../src/arrow/util/logging.cc
RUN cmake -DCMAKE_BUILD_TYPE=$ARROW_BUILD_TYPE \
RUN make -j$(nproc)
RUN make install
RUN python setup.py build_ext --build-type=$ARROW_BUILD_TYPE \
#--with-plasma # commented out because plasma tests don't work
RUN py.test pyarrow
So it is likely that this path is not worth venturing for anyone who considers using Streamlit with Alpine. Go with Debian instead and wait for Debian to resolve the vulnerability issues observed (and reported) by Snyk.
I am trying to use alpine too. Will update here with any success.
I give up for now with Alpine. Annoying but there are some recommendations against using it… The best Docker base image for your Python application (June 2023). Maybe there are some prebuilt images with pyarrow that would work.
As for the security issues in Debian (FROM python:3.12-slim), the only High vulnerability I found was with the cryptography library. You can unload that in your Docker build with
RUN apt-get remove -y python3-cryptography
and then manually install the latest one with
RUN pip3 install cryptography
Optionally remove a medium vulnerabilitie with
RUN pip3 install --upgrade pip
Docker Scout is a great way to drill into security vulnerabilities.
The problem with Alpine, is that 1) there are barely any precompiled binaries which you can install and 2) (even worse) installing these is a huge hassle, as you cannot install wheels, and you can for most other Linux distros.
If you want to learn about all current vulnerabilities with Python for Debian distro, you can check what Snyk has reported:
If I recall correctly, there was a critical vulnerability in a
zlib-variant, which is bundled as part of the Ubuntu distro. You should be able to find this from the link above. Note that deleting this “dependency” would be a bad idea, as it would corrupt the distro, hence, why this has not been resolved yet.
I added a snapshot below of what you should see when checking Python on Snyk below:
Got you guys. I managed to do it after some trying. Here is my Dockerfile
RUN apk update && apk add \
&& rm -rf /var/lib/apt/lists/*
COPY . /app
RUN pip3 install --break-system-packages -r requirements.txt
CMD ["streamlit", "run", "Inicio.py", "--server.port=8501", "--server.address=0.0.0.0"]
- ‘–break-system-packages’ is there because pip gets frisky about installing things systemwide, but we are the Docker gang so we don’t care about it.
- py3-pyarrow: The real solution. Now we don’t have to compile from source because “oh no, there is no wheel for pyarrow”.
Oooh, I gave up a while back on that but looking forward to trying your Dockerfile. Thank you for sharing!
@JoaoPedroMDP The original question was about installing
streamlit on alpine. Sadly
pyarrow is only one tiny dependency in the mix of all deps that need to be installed. There is also of interest to install other deps like
openai. Even if you manage to install
pyarrow I think we are quite far to get
streamlit working in Alpine.
As barely any deps are supported on Alpine, I think its going to be nightmare to add support for all. its better to just wait for
Ubuntu to add a fix for the vulnerability in the Ubuntu distro, which was the main reason why I at all tried Alpine (as Alpine dont have the same vulnerability built into the distro).
EDIT: I also disagree that
py3-pyarrow: The real solution. (...) approach is the proper solution. Sure this is a way to solve the issue with
pyarrow, but do you have the same solution for all other deps? Surely not.
Right. Well, i managed to run my streamlit app on Alpine after following those steps. I thought it would be useful.
No worries. I was not hating on your solution for pyarrow. Great that you found a workaround :]
I just wanted to inform @shawngiese and others that come across this thread that we have yet to solve the original issue.