Update Dockerfile following parent image update

Dockerfile

@@ -8,26 +8,16 @@ FROM defradigital/python-development:${PARENT_VERSION} AS development
 ENV PATH="/home/nonroot/.venv/bin:${PATH}"
 ENV LOG_CONFIG="logging-dev.json"
 
-USER root
-
-# curl is required for CDP health checks
-# Install curl via Debian 13 (trixie) backport to patch CVE-2025-0725
-RUN echo "deb https://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/bookworm-backports.list \
-    && apt update \
-    && apt install -t bookworm-backports -y --no-install-recommends \
-        curl \
-    && rm -rf /var/lib/apt/lists/*
-
-USER nonroot
-
 WORKDIR /home/nonroot
 
 COPY --chown=nonroot:nonroot pyproject.toml .
+COPY --chown=nonroot:nonroot README.md .
 COPY --chown=nonroot:nonroot uv.lock .
+COPY --chown=nonroot:nonroot app/ ./app/
 
-RUN uv sync --frozen --no-cache
+RUN --mount=type=cache,target=/home/nonroot/.cache/uv,uid=1000,gid=1000 \
+    uv sync --locked --link-mode=copy
 
-COPY --chown=nonroot:nonroot app/ ./app/
 COPY --chown=nonroot:nonroot logging-dev.json .
 
 ARG PORT=8085
@@ -44,21 +34,23 @@ ENV LOG_CONFIG="logging.json"
 
 USER root
 
-# CDP requires a shell and curl to run health checks
-COPY --from=development /bin/sh /bin/sh
-
-# Copy curl from the development stage to production
-COPY --from=development /lib/x86_64-linux-gnu/* /lib/x86_64-linux-gnu/
-COPY --from=development /bin/curl /bin/curl
+RUN apt update && \
+    apt install -y curl
 
 USER nonroot
 
 WORKDIR /home/nonroot
 
-COPY --chown=nonroot:nonroot --from=development /home/nonroot/.venv .venv/
+COPY --from=development /home/nonroot/pyproject.toml .
+COPY --chown=nonroot:nonroot README.md .
+COPY --from=development /home/nonroot/uv.lock .
+COPY --from=development /home/nonroot/app ./app
+
+COPY logging.json .
 
-COPY --chown=nonroot:nonroot --from=development /home/nonroot/app/ ./app/
-COPY --chown=nonroot:nonroot logging.json .
+RUN --mount=type=cache,target=/home/nonroot/.cache/uv,uid=1000,gid=1000 \
+    --mount=from=development,source=/home/nonroot/.local/bin/uv,target=/home/nonroot/.local/bin/uv \
+    uv sync --locked --compile-bytecode --link-mode=copy --no-dev
 
 ARG PORT
 ENV PORT=${PORT}

pyproject.toml

@@ -5,26 +5,26 @@ description = "CDP Python Backend Template"
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
-    "asgi-logger>=0.1.0",
-    "aws-embedded-metrics>=3.3.0",
-    "dnspython>=2.7.0",
-    "ecs-logging>=2.2.0",
-    "fastapi>=0.115.12",
-    "httpx>=0.28.1",
-    "pydantic-settings>=2.9.1",
-    "pymongo[aws,encryption,snappy,zstd]>=4.13.1",
-    "uvicorn>=0.34.3",
+    "asgi-logger==0.1.0",
+    "aws-embedded-metrics==3.3.0",
+    "dnspython==2.7.0",
+    "ecs-logging==2.2.0",
+    "fastapi==0.115.12",
+    "httpx==0.28.1",
+    "pydantic-settings==2.9.1",
+    "pymongo[aws,encryption,snappy,zstd]==4.13.1",
+    "uvicorn==0.34.3",
 ]
 
 [dependency-groups]
 dev = [
-    "httpx>=0.28.1",
-    "pre-commit>=4.2.0",
-    "pytest>=8.4.0",
-    "pytest-asyncio>=1.0.0",
-    "pytest-cov>=6.2.1",
-    "ruff>=0.11.13",
-    "taskipy>=1.14.1",
+    "httpx==0.28.1",
+    "pre-commit==4.2.0",
+    "pytest==8.4.0",
+    "pytest-asyncio==1.0.0",
+    "pytest-cov==6.2.1",
+    "ruff==0.11.13",
+    "taskipy==1.14.1",
 ]
 
 [tool.taskipy.tasks]