I’m creating a multi stage build docker file. In the deployment step that will actually run the program i’m running
RUN apk update && apk upgrade --no-cache
Should I also have this statement in my build stage?
I’m creating a multi stage build docker file. In the deployment step that will actually run the program i’m running
RUN apk update && apk upgrade --no-cache
Should I also have this statement in my build stage?
2
Answers
It isn’t necessary to always
apk update/upgradein your dockerfile. However it surely isn’t a bad idea. Especially if you install packages withapk, you should make sure that the package list is up-to-date. So you always get the latest version of the package you want to install.Installing security updates on build time does matter, especially if your base image is not that recent. But I wouldn’t call it necessary and it also depends on how important it is for your base image to be up-to-date.
In my opinion one of the good aspects of Docker is to have things reproducible and less ‘it works on my machine’ moments.
When you start calling things like apk update/upgrade the result depends on WHEN the call is executed. So basically you won’t be able to recreate an image or compare one version in CVS to another. I would argue the minor security updates you might or might not get are not worth it.
Better to update to next specific release of the alpine base image for example and not to call apk update or upgrade.