Skip to content

build: remove test and dev deps from docker image#3969

Merged
qued merged 7 commits intomainfrom
build/remove-test-dev-deps-from-docker-image
Mar 27, 2025
Merged

build: remove test and dev deps from docker image#3969
qued merged 7 commits intomainfrom
build/remove-test-dev-deps-from-docker-image

Conversation

@qued
Copy link
Copy Markdown
Contributor

@qued qued commented Mar 27, 2025
edited
Loading

Removed the dependencies contained in test.txt, dev.txt, and constraints.txt from the things that get installed in the docker image. In order to keep testing the image (running the tests), I added a step to the docker-test make target to install test.txt and dev.txt. Thus we presumably get a smaller image (probably not much smaller), reduce the dependency chain or our images, and have less exposure to vulnerabilities while still testing as robustly as before.

Incidentally, I removed the Dockerfile for our ubuntu image, since it made reference to non-existent make targets, which tells me it's stale and wasn't being used.

Review:

  • Reviewer should ensure the dev and test dependencies are not being installed in the docker image. One way to check is to check the logs in CI, and note, e.g. that this is the first reference to pytest in the docker build and test logs, after the image build is completed.
  • Reviewer should ensure docker image is still being tested in CI and is passing.

@qued qued requested a review from badGarnet March 27, 2025 18:00
@qued qued marked this pull request as ready for review March 27, 2025 18:00
badGarnet
badGarnet reviewed Mar 27, 2025
View reviewed changes
Comment thread CHANGELOG.md Outdated
## 0.17.5

### Enhancements
- **Remove test and dev dependencies from docker image** This reduces the docker image size slightly and reduces potential security vulnerabilities.
Copy link
Copy Markdown
Collaborator

@badGarnet badGarnet Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also removed ubuntu-22 (which is out of date anyway but still good to document it)

Copy link
Copy Markdown
Contributor Author

@qued qued Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, done.

@qued qued enabled auto-merge March 27, 2025 18:12
@qued qued added this pull request to the merge queue Mar 27, 2025
Merged via the queue into main with commit 9a239fa Mar 27, 2025
43 checks passed
@qued qued deleted the build/remove-test-dev-deps-from-docker-image branch March 27, 2025 19:11
@badGarnet badGarnet mentioned this pull request Mar 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@badGarnet badGarnet badGarnet approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qued @badGarnet