I am not a Docker expert in any way, shape, or form, and I preface this with the caveat that "idiomatic" and "idiotic" have a short edit distance.  but I think the idiomatic thing to do is:
* have a Dockerfile that sets up the environment the way you want it -- i.e., derive from your base image; apt-get install the packages you care about (pinning versions to the degree you want) with `RUN`; copy in scripts
* build and tag this docker image, and optionally upload it to a docker repository (now you have a specific tagged container that has all your known software versions in it)
* now have a script inside the Docker image that either checks out a tree inside the container and does your build, or bind in a tree from an external environment with `-v` or something and run the script to build from the external directory (setting your uid/gid to match the outside world)
* when you're done with the build, throw away the container entirely; when it's time to do a build again, to make sure that you have a pristine environment, recreate a container from the tagged image