I’m no Docker expert, but how about using an env file and pulling a list of packages into the Dockerfile as a variable. Will this not be cached if nothing changes?
Atm I just use this in my docker compose file, it however reinstalls the packages on rebuild:
entrypoint: >
/bin/bash -c "apt-get update && apt-get install -y hello && /tini -- /docker-entrypoint.sh"
I think pandoc is such a small dependency (this size seems numb for us Deep Learning Engineers where most of the image can be of the size of 10 GBs). I would suggest simply add them when building the image.
Also when we were using it for the first time with a fresh container, downloading it would always introduce some delay that is somewhat not ideal and also may confuse not that tech-savvy user and blame SB. On either side I don’t see any benefit to use apt install on demand.
Projecting from my own experience with self-hosting. The size of SB image (1.17GB for now) + texlive and pandoc would normally have no impact on the end user. But suppose there is such usecase which I’m not aware of, it is also possible to provide additional ci with additional tag that provides slim version of the image building without texlive. This way those users are catered for their special need and most of the people are defaulted to the image that serves the best user experience.
After all, the space/RAM left available are the space/RAM wasted 
An alternative for including extra applications might be to use two docker images:
/usr/bin or something similar.It seems the docker image build times have increased from 3-5min to 8min since adding pdflatex and pandoc, which is something I don’t like. Haven’t checked the image size increase, but it’s probably also quite a bit. So still looking at how take this out again, and install such packages more on the fly. So keep the possible solutions going 