5

In a Dockerfile where we build an image for our python projects , we have a line like this to upgrade pip to latest version:

RUN pip install --upgrade pip

This has been working well for a while, but recently the image build started to fail because we are using python 3.6.1 and latest version of pip (21.1) now requires python >= 3.6.2, otherwise you get an "ImportError: cannot import name NoReturn", see https://github.com/psf/black/issues/1666

Besides upgrading our Python version to fix this issue, I was wondering if we really should be running this command to upgrade latest version in a Dockerfile context, because when doing this we don't get a reproducible image anymore, since the pip version will continue to move, and this goes against Docker concept of reproducible environments.

So, should we specify the exact pip version to keep a reproducible build, even if that means that at some point it will be outdated? Or is there another option to ensure that our image will continue to work when a new pip version is released?

piwai
  • 158
  • 2
  • 10

1 Answers1

5

As you noticed, upgrading pip to the latest revision on each build of your Docker image doesn't guarantee a reproduciple build in the future. That is not a good idea.

The strategy to adopt depends on your needs. But you may consider the default pip version released with a specific Python version is a reasonable one. But to choose that, you may ensure your major Python release (3.6) is enough up-to-date. This is not your case here, since 3.6.1 is a very old release. The latest 3.6 is 3.6.13 and has been released 2 months ago (3.6 is still supported)

From https://www.python.org/downloads/

  • Python 3.6.13: Feb. 15, 2021
  • Python 3.6.2: July 17, 2017
  • Python 3.6.1: March 21, 2017

The reason behind updating pip on docker build is often the warning displayed by Pip when it is not the latest release

You are using pip version 6.0.8, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

This warning is useful when you have pip on your system, it has less value inside a built docker image. There is multiple way to disable this message, see How to suppress pip upgrade warning?:

CLI option

pip --disable-pip-version-check [normal stuff here]

Environment variable

export PIP_DISABLE_PIP_VERSION_CHECK=1

Pip config

pip config set global.disable-pip-version-check true

Pip config file (in $HOME/.config/pip/pip.conf)

[global]
disable-pip-version-check = True
Antwane
  • 20,760
  • 7
  • 51
  • 84
  • 1
    thanks for the details! Indeed we will stick with the latest know pip version to work with 3.6, and plan an upgrade – piwai Apr 30 '21 at 09:08