[RAPTOR-14742] python311: Drop virtualenv

nullspoon · nullspoon · commit a6b10285f893 · 2025-10-03T08:10:18.000-06:00
Since this runs inside of a docker container, there really isn't much point to a virtual env here. It just adds storage overhead and path complexity. That said, additionally, the upstream pip has a security vulnerability, CVE-2025-8869, which has been fixed, but not released, and it is uncertain when the fix will be released. Chainguard has however fixed pip in their version. As such, using system python resources uses their fixed pip version, as using a virtualenv installs its own version of pip, reintroducing the vulnerability.
diff --git a/public_dropin_environments/python311/Dockerfile b/public_dropin_environments/python311/Dockerfile
@@ -30,6 +30,7 @@ COPY --from=build /bin/mkdir /bin/mkdir
 
 # Required for custom-models to install dependencies
 COPY --from=build /usr/bin/pip /usr/bin/pip
+COPY --from=build /usr/lib/python3.11/site-packages/pip /usr/lib/python3.11/site-packages/pip
 
 # Cleanup '__pycache__' directories. It solves an AsymmetricPrivateKey scanning error.
 COPY --from=build /usr/bin/rm /usr/bin/rm
@@ -40,16 +41,9 @@ COPY --from=build /bin/ls /bin/ls
 
 COPY requirements.txt requirements.txt
 
-ENV VIRTUAL_ENV=/opt/venv
+RUN sh -c "python -m pip install --no-cache-dir -r requirements.txt \
+           && find /usr -type d -name '__pycache__' -exec rm -rf '{}' +"
 
-RUN sh -c "python -m venv ${VIRTUAL_ENV} && \
-    . ${VIRTUAL_ENV}/bin/activate && \
-    python -m ensurepip --default-pip && \
-    python -m pip install --upgrade pip && \
-    python -m pip install --no-cache-dir -r requirements.txt && \
-    find ${VIRTUAL_ENV} -type d -name '__pycache__' -exec rm -rf {} +"
-
-ENV PATH=${VIRTUAL_ENV}/bin:${PATH}
 ENV HOME=/opt
 ENV CODE_DIR=/opt/code
 ENV ADDRESS=0.0.0.0:8080
diff --git a/public_dropin_environments/python311/env_info.json b/public_dropin_environments/python311/env_info.json
@@ -1,10 +1,10 @@
 {
-  "id": "67a554baeade3a4ce2ab6700",
+  "id": "67a554bbfbef3a4ce2ab6700",
   "name": "[DataRobot] Python 3.11 Drop-In",
   "description": "This template environment can be used to create Python based custom models. User is responsible to provide requirements.txt with the model, to install all the required dependencies.",
   "programmingLanguage": "python",
   "label": "",
-  "environmentVersionId": "68ddb0110008035274003e75",
+  "environmentVersionId": "67a554bbfbef4b4ce2ab6700",
   "environmentVersionDescription": "",
   "isPublic": true,
   "isDownloadable": true,
@@ -14,8 +14,8 @@
   "contextUrl": "https://github.com/datarobot/datarobot-user-models/tree/master/public_dropin_environments/python311",
   "imageRepository": "env-python",
   "tags": [
-    "v11.2.0-68ddb0110008035274003e75",
-    "68ddb0110008035274003e75",
+    "v11.2.0-67a554bbfbef4b4ce2ab6700",
+    "67a554bbfbef4b4ce2ab6700",
     "v11.2.0-latest"
   ]
 }
