Context
PR #8038 introduces the first backend Python reproducibility step:
backend/.python-versionbackend/pylock.toml- uv local sync/update scripts
- Backend Hermetic E2E install via
uv pip sync pylock.toml --system
It intentionally leaves production Dockerfiles on the current pip install -r requirements.txt path to avoid mixing CI/local dependency changes with production image build changes.
Goal
Move backend production image dependency installation to the checked-in uv lock once #8038 is green/merged.
Proposed scope
Start with the main backend image only, then expand if validation stays straightforward:
backend/Dockerfile- optionally
backend/pusher/Dockerfile and backend/agent-proxy/Dockerfile if they can consume the same pattern cleanly
- defer GPU/specialized services (
modal, diarizer, parakeet) unless explicitly validated in this PR
Suggested implementation
- Install/copy uv in the builder stage.
- Copy
backend/pylock.toml and .python-version before application code for better Docker layer caching.
- Replace runtime dependency install with locked sync semantics, e.g.
uv pip sync pylock.toml --python /opt/venv/bin/python or an equivalent uv-managed install path.
- Remove
pip install --upgrade -r ... for converted images.
- Preserve the existing liblc3/PyOgg build behavior unless the uv path explicitly handles it.
Verification
- Build the converted Docker image locally or in CI.
- Run a lightweight import/smoke check inside the built image.
- Compare build time with the current pip path.
- Confirm
/v1/health or equivalent app startup works.
- Keep rollback simple: revert to the previous Docker install stanza if image build/runtime differs.
Out of scope
- Repo-wide plugin migration.
- GPU image conversion unless separately validated.
- Moving every dependency into
[project.dependencies]; requirements.txt can remain the human-maintained input while pylock.toml is the resolved install artifact during this transition.
Context
PR #8038 introduces the first backend Python reproducibility step:
backend/.python-versionbackend/pylock.tomluv pip sync pylock.toml --systemIt intentionally leaves production Dockerfiles on the current
pip install -r requirements.txtpath to avoid mixing CI/local dependency changes with production image build changes.Goal
Move backend production image dependency installation to the checked-in uv lock once #8038 is green/merged.
Proposed scope
Start with the main backend image only, then expand if validation stays straightforward:
backend/Dockerfilebackend/pusher/Dockerfileandbackend/agent-proxy/Dockerfileif they can consume the same pattern cleanlymodal,diarizer,parakeet) unless explicitly validated in this PRSuggested implementation
backend/pylock.tomland.python-versionbefore application code for better Docker layer caching.uv pip sync pylock.toml --python /opt/venv/bin/pythonor an equivalent uv-managed install path.pip install --upgrade -r ...for converted images.Verification
/v1/healthor equivalent app startup works.Out of scope
[project.dependencies];requirements.txtcan remain the human-maintained input whilepylock.tomlis the resolved install artifact during this transition.