Dockerfile

FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim

ARG USERNAME=user
ARG USER_UID=1000
ARG USER_GID=1000

RUN groupadd --gid ${USER_GID} ${USERNAME} \
    && useradd --uid ${USER_UID} --gid ${USER_GID} --create-home ${USERNAME}

# Switch to the "user" user
USER ${USERNAME}

# Set home to the user's home directory
ENV HOME=/home/${USERNAME}

# Set the working directory to the user's home directory
WORKDIR ${HOME}/app

# Enable bytecode compilation and copy mode for mounted volumes
ENV UV_COMPILE_BYTECODE=1
ENV UV_LINK_MODE=copy

# Writable UV cache for non-root user
ENV UV_CACHE_DIR=${HOME}/.cache/uv
RUN mkdir -p ${UV_CACHE_DIR}

# Install dependencies from lockfile using bind mounts (no cache mount to avoid perms issues)
RUN --mount=type=bind,source=uv.lock,target=uv.lock,readonly \
    --mount=type=bind,source=pyproject.toml,target=pyproject.toml,readonly \
    uv sync --locked --no-install-project --no-dev

# Then, add the rest of the project source code and install it
# Installing separately from its dependencies allows optimal layer caching
COPY --chown=${USERNAME}:${USERNAME} . ${HOME}/app
RUN uv sync --locked --no-dev

# Place executables in the environment at the front of the path
ENV PATH="${HOME}/app/.venv/bin:$PATH"

# Reset entrypoint; don't invoke uv directly
ENTRYPOINT []

EXPOSE 7860
ENV GRADIO_SERVER_NAME="0.0.0.0"
ENV GRADIO_SERVER_PORT="7860"

# Default command: run from the venv directly (no uv at runtime)
CMD ["python", "-m", "vlm_playground.app"]