GitLab

Alpine Linux has gained popularity as a Linux distribution that is especially good for Docker images.

What’s one of the biggest benefits of Docker? Reproducibility, including deterministic, reproducible Dockerfile builds. You should be able to make a Dockerfile deterministic by pinning package version numbers, so that your image is not dependent on the point in time when it was built.

Unfortunately, the Alpine package repo drops packages, even packages on "stable" branches.

Example: on 2020 March 10th, I found gcc 9.2.0-r3 on the Alpine package repository (web UI) under branch 3.11. On 2020 March 23rd, just 13 days later, my Dockerfile failed to run because the package gcc 9.2.0-r3 had been revoked from the branch 3.11 of the package repository, and was replaced with gcc 9.2.0-r4.

This makes Alpine Linux unsuitable for use in Docker images. Either your Dockerfile with pinning will "expire", or you are forced to avoid pinning package versions, which may cause unexpected behavior. When package maintainers decide to release a new version, this unexpected version will be automatically installed as soon as you rebuild your image the next time.

Compare this to PyPI or npm: No version is dropped, so version pinning works perfectly fine, no matter when you build or use your stuff.

There is a similar thread, apk-tools#10661 (closed) , which Timo Teräs (@fabled) closed, based on the unconfirmed assumption that the OP was mixing an Alpine image with Alpine packages from 2 different branches.

However, in my example, both the Alpine version and the package version were on the 3.11 branch. There is no mixing.