diff --git a/Dockerfile b/Dockerfile index 6ed111f5b2..ee2c491c06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,6 +55,29 @@ RUN npm install --prefer-offline --no-audit && \ (cd ui-tui && npm install --prefer-offline --no-audit) && \ npm cache clean --force +# ---------- Layer-cached Python dependency install ---------- +# Copy only pyproject.toml + uv.lock so the Python dep resolve + wheel +# download + native-extension compile layer is cached unless those inputs +# change. Before this split the Python install sat after `COPY . .`, so +# every source-only commit re-did ~4-5 min of dep work on cold builds. +# +# README.md is referenced by pyproject.toml's `readme =` field, but it's +# excluded from the build context by .dockerignore's `*.md`. uv's build +# frontend stats the readme path during dep resolution, so we `touch` an +# empty placeholder — the real README is restored by `COPY . .` below. +# +# `uv sync --frozen --no-install-project --extra all` installs only the +# deps reachable through the composite `[all]` extra (handpicked set +# intended for the production image). We do NOT use `--all-extras`: +# that would pull in `[rl]` (atroposlib + tinker + torch + wandb from +# git), `[yc-bench]` (another git dep), and `[termux-all]` (Android +# redundancy), none of which belong in the published container. +# +# The editable link is created after the source copy below. +COPY pyproject.toml uv.lock ./ +RUN touch ./README.md +RUN uv sync --frozen --no-install-project --extra all + # ---------- Source code ---------- # .dockerignore excludes node_modules, so the installs above survive. COPY --chown=hermes:hermes . . @@ -77,9 +100,10 @@ RUN chmod -R a+rX /opt/hermes && \ # Start as root so the entrypoint can usermod/groupmod + gosu. # If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000). -# ---------- Python virtualenv ---------- -RUN uv venv && \ - uv pip install --no-cache-dir -e ".[all]" +# ---------- Link hermes-agent itself (editable) ---------- +# Deps are already installed in the cached layer above; `--no-deps` makes +# this a fast (~1s) egg-link creation with no resolution or downloads. +RUN uv pip install --no-cache-dir --no-deps -e "." # ---------- Runtime ---------- ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist