mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-09 03:11:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

docker: split python dep install into cached layer above COPY . .

Browse source 
Before this change, `uv pip install -e ".[all]"` ran AFTER `COPY . .`,
so every commit that changed any .py file busted the layer cache and
re-did the entire Python dep resolve + wheel download + native extension
compile (~4-5 min on cold Docker Hub cache).

Split it into two steps:

1. Before `COPY . .`: copy only pyproject.toml + uv.lock + README.md,
   then `uv sync --frozen --no-install-project --all-extras`.  This
   layer is cached unless any of those three files change, so .py-only
   commits skip the heavy work entirely.
2. After `COPY . .` (and its downstream chmod/chown step): run
   `uv pip install --no-cache-dir --no-deps -e .` to create the
   editable link.  With --no-deps this is a ~1s op — no resolution, no
   downloads, no compilation.

Combined with the per-arch runner split in the previous commit, this
should drop cache-hit build times to the sub-5-min range.
This commit is contained in:
ethernet 2026-05-08 16:16:53 -04:00
parent bf80508d65
commit afc186fa4e
1 changed files with 27 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

30
Dockerfile
View file

@ -55,6 +55,29 @@ RUN npm install --prefer-offline --no-audit && \
(cd ui-tui && npm install --prefer-offline --no-audit) && \
npm cache clean --force
# ---------- Layer-cached Python dependency install ----------
# Copy only pyproject.toml + uv.lock so the Python dep resolve + wheel
# download + native-extension compile layer is cached unless those inputs
# change. Before this split the Python install sat after `COPY . .`, so
# every source-only commit re-did ~4-5 min of dep work on cold builds.
#
# README.md is referenced by pyproject.toml's `readme =` field, but it's
# excluded from the build context by .dockerignore's `*.md`. uv's build
# frontend stats the readme path during dep resolution, so we `touch` an
# empty placeholder — the real README is restored by `COPY . .` below.
#
# `uv sync --frozen --no-install-project --extra all` installs only the
# deps reachable through the composite `[all]` extra (handpicked set
# intended for the production image). We do NOT use `--all-extras`:
# that would pull in `[rl]` (atroposlib + tinker + torch + wandb from
# git), `[yc-bench]` (another git dep), and `[termux-all]` (Android
# redundancy), none of which belong in the published container.
#
# The editable link is created after the source copy below.
COPY pyproject.toml uv.lock ./
RUN touch ./README.md
RUN uv sync --frozen --no-install-project --extra all
# ---------- Source code ----------
# .dockerignore excludes node_modules, so the installs above survive.
COPY --chown=hermes:hermes . .
@ -77,9 +100,10 @@ RUN chmod -R a+rX /opt/hermes && \
# Start as root so the entrypoint can usermod/groupmod + gosu.
# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
# ---------- Python virtualenv ----------
RUN uv venv && \
uv pip install --no-cache-dir -e ".[all]"
# ---------- Link hermes-agent itself (editable) ----------
# Deps are already installed in the cached layer above; `--no-deps` makes
# this a fast (~1s) egg-link creation with no resolution or downloads.
RUN uv pip install --no-cache-dir --no-deps -e "."
# ---------- Runtime ----------
ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist