build: add uv.lock for reproducible Docker builds

[GeiserX]

Summary

• Migrate Docker builds from pip install -r requirements.txt to uv sync --frozen with a committed lockfile
• Add all dependencies (merged from both requirements files) to pyproject.toml under [project] dependencies
• Both Dockerfiles now use ghcr.io/astral-sh/uv:0.11 multi-stage pattern with deterministic installs
• Keep requirements.txt / requirements-worker.txt for backward compatibility with local dev

Why

Every docker build previously resolved dependency versions at build time, making builds non-reproducible. The lockfile pins exact versions so CI and production always get identical environments.

Dependabot compatibility

Dependabot supports uv.lock natively — it will open PRs updating both pyproject.toml bounds and lockfile pins.

Test plan

• CI passes (lint, tests)
• Docker build succeeds for both Dockerfile and Dockerfile.worker
• uv lock --check confirms lockfile is in sync with pyproject.toml

[coderabbitai]

Warning

Review limit reached

@GeiserX, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 25 minutes and 36 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fdd4e050-6bb5-4109-bc01-34b3dd1acb22

📥 Commits

Reviewing files that changed from the base of the PR and between fdc1117 and c0e7324.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• Dockerfile
• Dockerfile.worker
• pyproject.toml
• requirements-worker.txt
• requirements.txt

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch build/uv-lock

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}