pixi icon indicating copy to clipboard operation
pixi copied to clipboard
verified publisher icon prefix-dev

docker support: Let pixi create images

Open pavelzw opened this issue 1 year ago • 4 comments

Problem description

It would be nice if pixi could create an OCI image that consists of only the environment (ideally directly activated) without needing to invoke docker (ideally fully reproducible 🤩). Apko can do something similar for alpine images/packages. https://github.com/chainguard-dev/apko

pavelzw avatar Apr 04 '24 17:04 pavelzw

That would be a killer feature!

nicornk avatar Apr 13 '24 19:04 nicornk

That would be a killer feature!

:100:

I have wanted this for a long time!

The usual way to of creating a docker image runs an install in a single command resulting in a (potentially multi-GB) layer with all the dependencies embedded. If any single dependency needs updating you need to publish and deploy a new multi-GB blob which might only be different by a few kB.

If, instead of installing packages into a filesystem in a giant single-layer blob, pixi could construct a docker image where each dependency was a single layer you could easily swap out just the dependency which needed updating, saving storage space and network bandwidth and reducing latency for updates (all the previous layers (dependencies) would already be on the node).

IIUC this was the concept behind https://github.com/conda-incubator/conda-docker

dhirschfeld avatar Apr 14 '24 23:04 dhirschfeld

I think this would be a feature that many enterprises would be interested in.

When you have a large number of containerised applications and your base image has a critical CVE you have to rebuild the entire stack which means building, publishing a deploying many GBs of container images just to increment the base image version for all of your apps.

I'm envisaging being able to simply specify an updated base image with pixi and publish a new image with an updated version / build number (the image tag) and have all the layers on top remain the same so no need to redeploy them.

IIUC this is one of the "killer" features that sees organisations adopt Buildpacks.io (they call it image rebasing):

  • https://buildpacks.io/docs/for-app-developers/concepts/rebase/

dhirschfeld avatar Apr 14 '24 23:04 dhirschfeld

I came back to comment that especially pixi being able to decide when an image needs to be rebuild (based on changes to the lockfile) would save us a lot of CI time and network traffic.

nicornk avatar Apr 15 '24 06:04 nicornk

@baszalmstra please reopen

pavelzw avatar Oct 02 '25 06:10 pavelzw