From f843f6bfe8bbb14f60deecc3daedf25a4b064581 Mon Sep 17 00:00:00 2001
From: soustruh <martin@struzsky.cz>
Date: Wed, 14 May 2025 16:51:50 +0200
Subject: [PATCH] =?UTF-8?q?set=20up=20venv=20permissions=20so=20uv=20can?=
 =?UTF-8?q?=20uninstall=20packages=20if=20needed=20=F0=9F=97=91=EF=B8=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 12174e6..6817573 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,25 +3,28 @@ COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 # RUN apt-get update && apt-get install -y build-essential
 
-WORKDIR /code/
-
-COPY pyproject.toml .
-COPY uv.lock .
-
 # Set UV_CACHE_DIR to override XDG_CACHE_HOME from the base image
 # See https://docs.astral.sh/uv/concepts/cache/#cache-directory
+RUN mkdir -p /.cache/uv
+RUN chown -R 1000:1000 /.cache
 ENV UV_CACHE_DIR="/.cache/uv"
 
 # Using the same path as venv defined in the base image so we can use all the preinstalled packages
 ENV UV_PROJECT_ENVIRONMENT="/home/default/"
 
+WORKDIR /code/
+COPY pyproject.toml .
+COPY uv.lock .
+
+# Run uv sync as uid/gid 1000 so we don't have to chown the /home/default directory with 100k files =-O
+USER 1000:1000
 # The --inexact flag prevents uv from uninstalling the preinstalled packages
 RUN uv sync --all-groups --frozen --inexact
 
 # Keboola running containers with "-u 1000:1000" causes permission when installing user defined packages
-RUN chown -R 1000:1000 /.cache
-RUN chown -R 1000:1000 /code/pyproject.toml
-RUN chown -R 1000:1000 /code/uv.lock
+USER root
+RUN chown 1000:1000 /code/pyproject.toml
+RUN chown 1000:1000 /code/uv.lock
 
 COPY src/ src/
 COPY tests/ tests/