[Build] use uv with cache mount for faster docker builds

[Hexoplon]

Move to using uv with cache mount for building the docker image, resulting in much faster builds by not having to redownload dependencies each time, at least when building locally.

Also ran uv sync to update the uv.lock file, as it was outdated.

---

• Make sure the code changes pass the pre-commit checks.
• Sign-off your commit by using -s when doing git commit
• Try to classify PRs for easy understanding of the type of changes, such as [Bugfix], [Feat], and [CI].

Detailed Checklist (Click to Expand)

Thank you for your contribution to production-stack! Before submitting the pull request, please ensure the PR meets the following criteria. This helps us maintain the code quality and improve the efficiency of the review process.

PR Title and Classification

Please try to classify PRs for easy understanding of the type of changes. The PR title is prefixed appropriately to indicate the type of change. Please use one of the following:

• [Bugfix] for bug fixes.
• [CI/Build] for build or continuous integration improvements.
• [Doc] for documentation fixes and improvements.
• [Feat] for new features in the cluster (e.g., autoscaling, disaggregated prefill, etc.).
• [Router] for changes to the vllm_router (e.g., routing algorithm, router observability, etc.).
• [Misc] for PRs that do not fit the above categories. Please use this sparingly.

Note: If the PR spans more than one category, please include all relevant prefixes.

Code Quality

The PR need to meet the following code quality standards:

• Pass all linter checks. Please use pre-commit to format your code. See README.md for installation.
• The code need to be well-documented to ensure future contributors can easily understand the code.
• Please include sufficient tests to ensure the change is stay correct and robust. This includes both unit tests and integration tests.

DCO and Signed-off-by

When contributing changes to this project, you must agree to the DCO. Commits must include a Signed-off-by: header which certifies agreement with the terms of the DCO.

Using -s with git commit will automatically add this header.

What to Expect for the Reviews

We aim to address all PRs in a timely manner. If no one reviews your PR within 5 days, please @-mention one of YuhanLiu11
, Shaoting-Feng or ApostaC.

[gemini-code-assist]

Summary of Changes

Hello @Hexoplon, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Docker build process by migrating from pip to uv for Python dependency management. This change, coupled with the strategic use of Docker's cache mounts, aims to drastically reduce build times, especially for local development, by preventing redundant dependency downloads. The uv.lock file has also been updated to reflect the new dependency resolution.

Highlights

• Transition to uv for Dependency Management: The Dockerfile now utilizes uv instead of pip for installing Python dependencies, leveraging uv's speed and efficiency.
• Optimized Docker Layer Caching: Docker build steps for dependency installation now use cache mounts (--mount=type=cache) for uv's cache directory, ensuring that dependencies are not re-downloaded on subsequent builds.
• Updated Dependency Lock File: The uv.lock file has been refreshed using uv sync, bringing the dependency tree up-to-date and ensuring reproducible builds.
• Refined Dependency Set: Specific dependencies like aiohappyeyeballs, httpcore, and httpx have been removed, and aiohttp has been adjusted to version 3.9.1, streamlining the project's dependency graph.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request switches from pip to uv for dependency management within the Docker build process, which should significantly speed up local builds by leveraging cache mounts. The changes in the Dockerfile are well-implemented.

The uv.lock file has been updated, which includes a significant dependency change from httpx to aiohttp. This seems to be a functional change beyond just a build optimization.

I have one suggestion for the Dockerfile to make the dependency installation script more robust against globbing.

[gemini-code-assist]

The shell script for handling optional dependencies is vulnerable to filename expansion (globbing) if a dependency name contains a wildcard character (e.g., *). It's safer to disable globbing with set -f during word splitting. I've also added comments to improve readability.

    if [ -n "$INSTALL_OPTIONAL_DEP" ]; then
        # Prevent globbing
        set -f;
        OLD_IFS="$IFS"; IFS=',';
        set --;
        for dep in $INSTALL_OPTIONAL_DEP; do
            [ -n "$dep" ] && set -- "$@" --extra "$dep";
        done;
        IFS="$OLD_IFS";
        # Re-enable globbing
        set +f;
        uv sync --locked "$@";
    else
        uv sync --locked;
    fi