Anyone tried to install Streamlit in Alpine Docker image?

I’m trying to build a Docker image based on the python:3.10.13-alpine3.18 image. The reason for why I chose to use Alpine over Debian, is due to the vulnerabilities seen in Debian (observed using Snyk, see here). Alpine seem to show no vulnerabilities, at least no critical.

This is the Docker file that includes the step needed to reproduce the issue:

FROM python:3.10.13-alpine3.18

RUN python3 -m pip install streamlit

This results in numpy failing to build.

Sadly, Alpine does not support installing through wheels, so wheels have to be built from scratch. This should not be an issue for small, standalone packages, but quickly becomes a challenge for complex packages like streamlit, with various of dependencies.

Of course there exists Alpine-precompiled packages for numpy (see here), but I do not see any for streamlit, or any other relevant packages. So might be that I will have to build all these myself from scratch.

So I was wondering if anyone has tried using streamlit with Alpine, and if there existed Alpine-precompiled packages somewhere that I could test?

Note that installing just a simple package like pyarrow that has two main dependencies in pandas and numpy, requires an insane amount of overhead, just to get working with Alpine (see this thread).

Just to demonstrate how annoying Alpine is, I pasted the proposed solution just to install pyarrow in a Alpine Docker image below:

FROM python:3.7-alpine3.8

RUN apk add --no-cache \
            git \
            build-base \
            cmake \
            bash \
            jemalloc-dev \
            boost-dev \
            autoconf \
            zlib-dev \
            flex \
            bison

RUN pip install six numpy pandas cython pytest

RUN git clone https://github.com/apache/arrow.git

RUN mkdir /arrow/cpp/build    
WORKDIR /arrow/cpp/build

ENV ARROW_BUILD_TYPE=release
ENV ARROW_HOME=/usr/local
ENV PARQUET_HOME=/usr/local

#disable backtrace
RUN sed -i -e '/_EXECINFO_H/,/endif/d' -e '/execinfo/d' ../src/arrow/util/logging.cc

RUN cmake -DCMAKE_BUILD_TYPE=$ARROW_BUILD_TYPE \
          -DCMAKE_INSTALL_LIBDIR=lib \
          -DCMAKE_INSTALL_PREFIX=$ARROW_HOME \
          -DARROW_PARQUET=on \
          -DARROW_PYTHON=on \
          -DARROW_PLASMA=on \
          -DARROW_BUILD_TESTS=OFF \
          ..
RUN make -j$(nproc)
RUN make install

WORKDIR /arrow/python

RUN python setup.py build_ext --build-type=$ARROW_BUILD_TYPE \
       --with-parquet --inplace
      #--with-plasma  # commented out because plasma tests don't work
RUN py.test pyarrow

So it is likely that this path is not worth venturing for anyone who considers using Streamlit with Alpine. Go with Debian instead and wait for Debian to resolve the vulnerability issues observed (and reported) by Snyk.

1 Like

I am trying to use alpine too. Will update here with any success.

I give up for now with Alpine. Annoying but there are some recommendations against using it… The best Docker base image for your Python application (June 2023). Maybe there are some prebuilt images with pyarrow that would work.

As for the security issues in Debian (FROM python:3.12-slim), the only High vulnerability I found was with the cryptography library. You can unload that in your Docker build with
RUN apt-get remove -y python3-cryptography

and then manually install the latest one with
RUN pip3 install cryptography

Optionally remove a medium vulnerabilitie with
RUN pip3 install --upgrade pip

Docker Scout is a great way to drill into security vulnerabilities.

The problem with Alpine, is that 1) there are barely any precompiled binaries which you can install and 2) (even worse) installing these is a huge hassle, as you cannot install wheels, and you can for most other Linux distros.

If you want to learn about all current vulnerabilities with Python for Debian distro, you can check what Snyk has reported:

If I recall correctly, there was a critical vulnerability in a zlib-variant, which is bundled as part of the Ubuntu distro. You should be able to find this from the link above. Note that deleting this “dependency” would be a bad idea, as it would corrupt the distro, hence, why this has not been resolved yet.

I added a snapshot below of what you should see when checking Python on Snyk below:

1 Like

Got you guys. I managed to do it after some trying. Here is my Dockerfile

FROM alpine:3.19.1

RUN apk update && apk add \
    curl \
    python3 \
    py3-pip \
    py3-pyarrow \
    && rm -rf /var/lib/apt/lists/*

COPY . /app
WORKDIR /app

RUN pip3 install --break-system-packages -r requirements.txt

CMD ["streamlit", "run", "Inicio.py", "--server.port=8501", "--server.address=0.0.0.0"]
  1. ‘–break-system-packages’ is there because pip gets frisky about installing things systemwide, but we are the Docker gang so we don’t care about it.
  2. py3-pyarrow: The real solution. Now we don’t have to compile from source because “oh no, there is no wheel for pyarrow”.
1 Like

Oooh, I gave up a while back on that but looking forward to trying your Dockerfile. Thank you for sharing!

1 Like

@JoaoPedroMDP The original question was about installing streamlit on alpine. Sadly pyarrow is only one tiny dependency in the mix of all deps that need to be installed. There is also of interest to install other deps like openai. Even if you manage to install pyarrow I think we are quite far to get streamlit working in Alpine.

As barely any deps are supported on Alpine, I think its going to be nightmare to add support for all. its better to just wait for Ubuntu to add a fix for the vulnerability in the Ubuntu distro, which was the main reason why I at all tried Alpine (as Alpine dont have the same vulnerability built into the distro).


EDIT: I also disagree that py3-pyarrow: The real solution. (...) approach is the proper solution. Sure this is a way to solve the issue with pyarrow, but do you have the same solution for all other deps? Surely not.

Right. Well, i managed to run my streamlit app on Alpine after following those steps. I thought it would be useful.

1 Like

No worries. I was not hating on your solution for pyarrow. Great that you found a workaround :]

I just wanted to inform @shawngiese and others that come across this thread that we have yet to solve the original issue.