how to get uv to run my app on a read-only volume?

[straz]

My Dockerfile implements a FastAPI web server, as follows:

...
RUN uv sync
CMD ["uv", "run", "--no-dev", "uvicorn", "myapp.main:app", "--host", "0.0.0.0", "--port", "8000"]

The /app volume is read-only for safety reasons. At startup, python imports site, whose documentation says

This module is automatically imported during initialization. The automatic import can be suppressed using the interpreter’s -S option.

site attempts to write to this path, and fails because the volume is read-only:
/app/.venv/lib/python3.11/site-packages/_myapp_back_end.pth

How do I get uv to be aware of running code on read-only volumes? Can uv suppress this by somehow calling python with the -S parameter?

[zanieb]

You can probably use uv run --no-dev python -S -m uvicorn ...

It looks like there's an editable package or something writing the .pth? You could try not using an editable install or using a different build backend?

[straz]

Thank you @zanieb . I'll try your suggestion uv run --no-dev python -S -m uvicorn ...

The .pth file is being written by site, and it's not editable.
The only configurable option apparently is to use python -S.

Is fair to suggest creating a FAQ question for how to run uv on a read-only volume? I've also figured out I need to suppress or redirect .cache.

[zanieb]

.pth files are generally used to power editable dependencies, e.g., uv pip install --editable ./foo. Why is site to writing this file in the first place?

Is fair to suggest creating a FAQ question for how to run uv on a read-only volume? I've also figured out I need to suppress or redirect .cache.

I'm not sure yet. I think I need to understand more about what's going on. This isn't really a uv-specific problem.