From 5d441464afb3081e85df4341616d8f9d8b3f76f5 Mon Sep 17 00:00:00 2001
From: Bas Nijholt <bas@nijho.lt>
Date: Sun, 25 Jan 2026 05:52:37 -0800
Subject: [PATCH] fix(docker): use COPY --chmod to avoid duplicate layer in
 transcription-proxy

The previous approach of running `chmod -R 755` after COPY created a
duplicate layer (~38MB) because modifying file metadata causes Docker
to store the entire directory again.

Using `COPY --chmod=755` sets permissions during the copy operation,
eliminating the wasted layer. The RUN command now only sets permissions
on parent directories (which is essentially free).
---
 docker/transcription-proxy.Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/transcription-proxy.Dockerfile b/docker/transcription-proxy.Dockerfile
index 86ac31c35..4ead66638 100644
--- a/docker/transcription-proxy.Dockerfile
+++ b/docker/transcription-proxy.Dockerfile
@@ -20,12 +20,12 @@ FROM python:3.13-slim
 # Create non-root user with explicit UID:GID 1000:1000
 RUN groupadd -g 1000 transcribe && useradd -m -u 1000 -g transcribe transcribe
 
-# Copy installed tool virtualenv from builder (keep original path for shebang compatibility)
-COPY --from=builder /root/.local/share/uv/tools/agent-cli /root/.local/share/uv/tools/agent-cli
+# Copy installed tool virtualenv from builder with execute permissions
+# Using --chmod=755 avoids a duplicate layer from running chmod after COPY
+COPY --from=builder --chmod=755 /root/.local/share/uv/tools/agent-cli /root/.local/share/uv/tools/agent-cli
 
-# Make tool accessible to non-root users and create symlinks
+# Make parent directories accessible to non-root users and create symlinks
 RUN chmod 755 /root /root/.local /root/.local/share /root/.local/share/uv /root/.local/share/uv/tools && \
-    chmod -R 755 /root/.local/share/uv/tools/agent-cli && \
     ln -s /root/.local/share/uv/tools/agent-cli/bin/agent-cli /usr/local/bin/agent-cli && \
     ln -s /root/.local/share/uv/tools/agent-cli/bin/agent /usr/local/bin/agent && \
     ln -s /root/.local/share/uv/tools/agent-cli/bin/ag /usr/local/bin/ag