Update Dockerfile

Dockerfile

@@ -1,20 +1,30 @@
-FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim
-
+FROM dev.data-turing.cn:14443/library/python:3.13-slim-bookworm AS build
+COPY --from=dev.data-turing.cn:14443/library/uv:latest /uv /uvx /bin/
 WORKDIR /app
+ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy UV_PYTHON=3.13 UV_PYTHON_INSTALL_MIRROR="https://ghfast.top/https://github.com/astral-sh/python-build-standalone/releases/download"
 
-ENV PYTHONDONTWRITEBYTECODE=1 \
-    PYTHONUNBUFFERED=1 \
-    UV_COMPILE_BYTECODE=1 \
-    UV_LINK_MODE=copy \
-    PATH="/app/.venv/bin:$PATH"
-
-COPY pyproject.toml uv.lock ./
-RUN uv sync --frozen --no-dev --no-install-project
+COPY uv.lock pyproject.toml README.md ./
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --no-install-project --no-dev
+COPY . .
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --frozen --no-dev
 
-COPY app ./app
-COPY main.py README.md ./
-RUN uv sync --frozen --no-dev
 
+FROM dev.data-turing.cn:14443/library/python:3.13-slim-bookworm AS runtime
+ENV PATH="/app/.venv/bin:$PATH" \
+    PYTHONUNBUFFERED=1 \
+    HOST="0.0.0.0" \
+    PORT="8000"
+RUN groupadd -g 1001 appgroup && \
+    useradd -u 1001 -g appgroup -m -d /app -s /bin/false appuser
+WORKDIR /app
+COPY --from=build --chown=appuser:appgroup /app/.venv /app/.venv
+COPY --from=build --chown=appuser:appgroup /app/app /app/app
+COPY --from=build --chown=appuser:appgroup /app/main.py /app/main.py
+COPY --from=build --chown=appuser:appgroup /app/README.md /app/README.md
+COPY --from=build --chown=appuser:appgroup /app/pyproject.toml /app/pyproject.toml
+COPY --from=build --chown=appuser:appgroup /app/uv.lock /app/uv.lock
+USER appuser
 EXPOSE 8000
-
-CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
+CMD ["python", "-u", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]