Adjust docker to official UV docs

Author: kazmer97

Dockerfile.optimized

@@ -4,11 +4,20 @@
 # checkov:skip=CKV_DOCKER_3: "The Dockerfile uses the official AWS Lambda Python base image (public.ecr.aws/lambda/python:3.12-arm64), which already configures the appropriate non-root user for Lambda execution"
 # checkov:skip=CKV_DOCKER_2: "The Dockerfile.optimized is specifically designed for AWS Lambda container images, which don't use Docker HEALTHCHECK instructions."
 
+# Use specific version to avoid network issues
+FROM ghcr.io/astral-sh/uv:0.9.6 AS uv
 
+# Builder stage - bundle dependencies into Lambda task root
 FROM public.ecr.aws/lambda/python:3.12-arm64 AS builder
 
-# Copy uv from official distroless image
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+# Enable bytecode compilation to improve cold-start performance
+ENV UV_COMPILE_BYTECODE=1
+
+# Disable installer metadata to create a deterministic layer
+ENV UV_NO_INSTALLER_METADATA=1
+
+# Enable copy mode to support bind mount caching
+ENV UV_LINK_MODE=copy
 
 # Build argument for function path
 ARG FUNCTION_PATH
@@ -22,26 +31,25 @@ COPY lib/idp_common_pkg /tmp/idp_common_pkg
 COPY ${FUNCTION_PATH}/requirements.txt* /build/
 
 # Install all dependencies including idp_common_pkg in one step
-RUN --mount=type=cache,target=/root/.cache/uv \
-    if [ -f /build/requirements.txt ]; then \
-        sed 's|^\.\./\.\.\(/\.\.\)\?/lib/idp_common_pkg|/tmp/idp_common_pkg|' /build/requirements.txt > /tmp/requirements.txt && \
-        uv pip install --python python3.12 --target /opt/python -r /tmp/requirements.txt && \
-        rm /tmp/requirements.txt; \
-    fi && \
-    rm -rf /tmp/idp_common_pkg
+# Using mount from uv stage instead of COPY to avoid layer bloat
+RUN --mount=from=uv,source=/uv,target=/bin/uv \
+  --mount=type=cache,target=/root/.cache/uv \
+  if [ -f /build/requirements.txt ]; then \
+  sed 's|^\.\./\.\.\(/\.\.\)\?/lib/idp_common_pkg|/tmp/idp_common_pkg|' /build/requirements.txt > /tmp/requirements.txt && \
+  uv pip install --python python3.12 --target "${LAMBDA_TASK_ROOT}" -r /tmp/requirements.txt && \
+  rm /tmp/requirements.txt; \
+  fi && \
+  rm -rf /tmp/idp_common_pkg
 
 # Final stage - minimal runtime
 FROM public.ecr.aws/lambda/python:3.12-arm64
 
-# Copy only the installed packages
-COPY --from=builder /opt/python /opt/python
+# Copy the runtime dependencies from the builder stage
+COPY --from=builder ${LAMBDA_TASK_ROOT} ${LAMBDA_TASK_ROOT}
 
 # Copy function code
 ARG FUNCTION_PATH
 COPY ${FUNCTION_PATH}/*.py ${LAMBDA_TASK_ROOT}/
 
-# Set Python path
-ENV PYTHONPATH=/opt/python:${LAMBDA_TASK_ROOT}
-
 # Set handler
-CMD ["index.handler"]
+CMD ["index.handler"]