Installing dependencies in containerized applications

Hi everyone,

first, I’m new to this forum so please bear with me if this is not the right place to discuss this topic.

I would like to share a tool we developed - micropipenv

The main purpose of it is to parse poetry.lock/Pipfile.lock or requirements.txt and install the dependencies stated. It turned out to be a good solution for us when deploying containerized applications into cluster orchestrators, such as Kubernetes/OpenShift:

  • no need to distribute Pipenv or poetry inside container images
  • micropipenv saves ~30MiB in the resulting container
  • one tool that installs application dependencies from any lock file
  • micropipenv can also convert Pipfile.lock/poetry.lock into their requirements.txt counterpart (pip-tools compatible output)

micropipenv does not implement any resolver, it does not manage any virtual environment (as Pipenv/Poetry). It just parses a lock file or requirements.txt file (that should be distributed with the application anyway in a resolved form) and installs dependencies using pip with some additional failover logic for dependencies where the installation order matters.

Hoping it could be helpful for others as well.

Why not uninstall pipenv (or whichever environment builder) (and all other unneeded dependencies) once you’ve finished building your image?

I like the idea of the tool though, it could be a smaller thing to download, making CI a bit faster for simpler packages. In addition, it’s goal of supporting all the lock files makes it useful for implementers

We’ve considered also this option, but there were other things we’ve taken into account – such as unified build logs that in case of Pipenv/Poetry are not that machine-readable nor easy to debug in the cluster just from build logs. Also, there are stored some additional metadata in the resulting container or printed to standard output/error to build logs - the application stack in a form of Pipfile.lock. Not all are immidiatelly useful to others, but it makes a lot of sense to application analyses we do on the background.