diff --git a/.dockerignore b/.dockerignore index ee3947b2533..f6fbbc9f137 100644 --- a/.dockerignore +++ b/.dockerignore @@ -63,3 +63,45 @@ data/ # Compose/profile runtime state (bind-mounted; avoid ownership/secret issues) hermes-config/ runtime/ + +# ---------- Not needed inside the Docker image ---------- + +# Desktop app source (Tauri/Electron); never installed in the container +apps/ + +# Test suite — not shipped in production images +tests/ + +# Documentation site (Docusaurus) and supplementary docs +website/ +docs/ + +# Assets only used by the GitHub README +assets/ +infographic/ + +# Plugin-level docs (hermes-achievements ships docs/ but the runtime doesn't read them) +plugins/hermes-achievements/docs/ + +# Nix / Homebrew / AUR packaging metadata — irrelevant to Docker +nix/ +flake.nix +flake.lock +packaging/ + +# Design and planning documents +plans/ +.plans/ + +# ACP registry manifest (icon + agent.json) — not consumed at runtime +acp_registry/ + +# Repo-level dotfiles that are git-only or dev-tooling config +.env.example +.envrc +.gitattributes +.hadolint.yaml +.mailmap + +# Top-level LICENSE (not matched by *.md); not needed inside the container +LICENSE diff --git a/Dockerfile b/Dockerfile index deaba1174f7..be358ac5343 100644 --- a/Dockerfile +++ b/Dockerfile @@ -146,9 +146,9 @@ RUN npm install --prefer-offline --no-audit && \ # # `uv sync --frozen --no-install-project --extra all --extra messaging` # installs the deps reachable through the composite `[all]` extra -# (handpicked set intended for the production image), plus gateway -# messaging adapters that should work in the published image without a -# first-boot lazy install. We do NOT use `--all-extras`: +# (handpicked set intended for the production image — excludes `[dev]`), +# plus gateway messaging adapters that should work in the published image +# without a first-boot lazy install. We do NOT use `--all-extras`: # that would pull in `[rl]` (atroposlib + tinker + torch + wandb from # git), `[yc-bench]` (another git dep), and `[termux-all]` (Android # redundancy), none of which belong in the published container. @@ -176,14 +176,18 @@ COPY pyproject.toml uv.lock ./ RUN touch ./README.md RUN uv sync --frozen --no-install-project --extra all --extra messaging --extra anthropic --extra bedrock --extra azure-identity --extra hindsight --extra matrix +# ---------- Frontend build (cached independently from Python source) ---------- +# Copy only the frontend source trees first so that Python-only changes don't +# invalidate the (relatively slow) web + ui-tui build layer. +COPY web/ web/ +COPY ui-tui/ ui-tui/ +RUN cd web && npm run build && \ + cd ../ui-tui && npm run build + # ---------- Source code ---------- # .dockerignore excludes node_modules, so the installs above survive. COPY --chown=hermes:hermes . . -# Build browser dashboard and terminal UI assets. -RUN cd web && npm run build && \ - cd ../ui-tui && npm run build - # ---------- Permissions ---------- # Make install dir world-readable so any HERMES_UID can read it at runtime. # The venv needs to be traversable too.