version: 1
runtime:
backend: podman
rootless: true
reuse_container: true
workspace:
root: ../..
mount: /workspace
writable: false
writable_paths: []
exclude_paths:
- .env
- .env.local
- .env.production
- .env.development
- "*.pem"
- "*.key"
- .pypirc
- .netrc
image:
ref: ghcr.io/astral-sh/uv:python3.13-bookworm-slim
digest: sha256:847b5e690018bc6b9d97a0848da65f721b785f1e78d9c7067b8947c7010b2718
environment:
set:
APP_MODE: reusable-shell
UV_CACHE_DIR: /var/tmp/sbox/uv-cache
UV_PROJECT_ENVIRONMENT: /var/tmp/sbox/uv-env
deny: []
caches:
- name: uv-cache
target: /var/tmp/sbox/uv-cache
- name: uv-env
target: /var/tmp/sbox/uv-env
profiles:
default:
mode: sandbox
network: off
writable: true
ports: []
no_new_privileges: true
deps:
mode: sandbox
network: on
writable: true
role: install
require_pinned_image: true
lockfile_files:
- uv.lock
ports: []
no_new_privileges: true
dispatch:
uv-sync:
match:
- uv sync
- uv sync*
profile: deps