From 8210e7aba6a7ce37ed5c2a70c93f4c09e62487fb Mon Sep 17 00:00:00 2001 From: Bryan Cross Date: Mon, 30 Mar 2026 15:19:52 -0500 Subject: [PATCH 1/5] Optimize Dockerfile: combine RUN commands, clear caches, add .dockerignore - Combine apt-get update and install into single RUN with cache clearing - Remove APT lists after installation - Add --no-cache-dir to pip install - Add --prefer-offline --no-audit to npm install - Create .dockerignore to exclude unnecessary files from build context - Update docker-publish.yml workflow to tag images with release names - Ensure buildx caching is used (type=gha) --- .dockerignore | 74 +++++++++++++++++++++++++--- .github/workflows/docker-publish.yml | 20 +++++++- Dockerfile | 19 ++++--- 3 files changed, 98 insertions(+), 15 deletions(-) diff --git a/.dockerignore b/.dockerignore index a690443f72b..356ab9decf1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,11 +3,73 @@ .gitignore .gitmodules -# Dependencies -node_modules - -# CI/CD +# GitHub .github -# Environment files -.env \ No newline at end of file +# Python +__pycache__ +*.py[cod] +*$py.class +*.so +.Python +.pytest_cache +.mypy_cache +.ruff_cache +*.egg-info +.eggs + +# Virtual environments +.venv +venv/ +ENV/ +env/ + +# IDE +.vscode +.idea +*.swp +*.swo +*~ + +# Environment files (secrets) +.env +.env.* +!.env.example + +# Logs and data +logs/ +data/ +tmp/ +temp_vision_images/ +testlogs +wandb/ + +# Test files +tests/ +*.test.py +*.spec.py + +# Documentation +*.md +!README.md + +# CI/CD +*.yml +!package.json + +# Development files +examples/ +result +.direnv/ + +# Release scripts +.release_notes.md +mini-swe-agent/ + +# Nix +.direnv/ +result + +# Skills hub +skills/.hub/ +ignored/ diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 11b98c3a989..1f83913b201 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -5,6 +5,8 @@ on: branches: [main] pull_request: branches: [main] + release: + types: [published] concurrency: group: docker-${{ github.ref }} @@ -41,13 +43,13 @@ jobs: nousresearch/hermes-agent:test --help - name: Log in to Docker Hub - if: github.event_name == 'push' && github.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'release' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Push image + - name: Push image (main branch) if: github.event_name == 'push' && github.ref == 'refs/heads/main' uses: docker/build-push-action@v6 with: @@ -59,3 +61,17 @@ jobs: nousresearch/hermes-agent:${{ github.sha }} cache-from: type=gha cache-to: type=gha,mode=max + + - name: Push image (release) + if: github.event_name == 'release' + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile + push: true + tags: | + nousresearch/hermes-agent:latest + nousresearch/hermes-agent:${{ github.event.release.tag_name }} + nousresearch/hermes-agent:${{ github.sha }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 61b725d397c..0ffe0fc2f10 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,25 @@ FROM debian:13.4 -RUN apt-get update -RUN apt-get install -y nodejs npm python3 python3-pip ripgrep ffmpeg gcc python3-dev libffi-dev +# Install system dependencies in one layer, clear APT cache +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + nodejs npm python3 python3-pip ripgrep ffmpeg gcc python3-dev libffi-dev && \ + rm -rf /var/lib/apt/lists/* COPY . /opt/hermes WORKDIR /opt/hermes -RUN pip install -e ".[all]" --break-system-packages -RUN npm install -RUN npx playwright install --with-deps chromium +# Install Python and Node dependencies in one layer, no cache +RUN pip install --no-cache-dir -e ".[all]" --break-system-packages && \ + npm install --prefer-offline --no-audit && \ + npx playwright install --with-deps chromium + WORKDIR /opt/hermes/scripts/whatsapp-bridge -RUN npm install +RUN npm install --prefer-offline --no-audit WORKDIR /opt/hermes RUN chmod +x /opt/hermes/docker/entrypoint.sh ENV HERMES_HOME=/opt/data VOLUME [ "/opt/data" ] -ENTRYPOINT [ "/opt/hermes/docker/entrypoint.sh" ] \ No newline at end of file +ENTRYPOINT [ "/opt/hermes/docker/entrypoint.sh" ] From 48942c89b526274d560d6e9452f2bb675be391c2 Mon Sep 17 00:00:00 2001 From: Bryan Cross Date: Mon, 30 Mar 2026 15:27:11 -0500 Subject: [PATCH 2/5] Further npm optimizations --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0ffe0fc2f10..7efb14a6f8c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,10 +12,10 @@ WORKDIR /opt/hermes # Install Python and Node dependencies in one layer, no cache RUN pip install --no-cache-dir -e ".[all]" --break-system-packages && \ npm install --prefer-offline --no-audit && \ - npx playwright install --with-deps chromium - -WORKDIR /opt/hermes/scripts/whatsapp-bridge -RUN npm install --prefer-offline --no-audit + npx playwright install --with-deps chromium && \ + cd /opt/hermes/scripts/whatsapp-bridge && \ + npm install --prefer-offline --no-audit && \ + npm cache clean --force WORKDIR /opt/hermes RUN chmod +x /opt/hermes/docker/entrypoint.sh From 5de312c9e39ad0ee88a2ff41f040b16d84d66c42 Mon Sep 17 00:00:00 2001 From: Bryan Cross Date: Mon, 30 Mar 2026 15:29:06 -0500 Subject: [PATCH 3/5] Simplify dockerignore --- .dockerignore | 72 +++++---------------------------------------------- 1 file changed, 6 insertions(+), 66 deletions(-) diff --git a/.dockerignore b/.dockerignore index 356ab9decf1..ecf199fc96f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,73 +3,13 @@ .gitignore .gitmodules -# GitHub -.github - -# Python -__pycache__ -*.py[cod] -*$py.class -*.so -.Python -.pytest_cache -.mypy_cache -.ruff_cache -*.egg-info -.eggs - -# Virtual environments -.venv -venv/ -ENV/ -env/ - -# IDE -.vscode -.idea -*.swp -*.swo -*~ - -# Environment files (secrets) -.env -.env.* -!.env.example - -# Logs and data -logs/ -data/ -tmp/ -temp_vision_images/ -testlogs -wandb/ - -# Test files -tests/ -*.test.py -*.spec.py - -# Documentation -*.md -!README.md +# Dependencies +node_modules # CI/CD -*.yml -!package.json +.github -# Development files -examples/ -result -.direnv/ +# Environment files +.env -# Release scripts -.release_notes.md -mini-swe-agent/ - -# Nix -.direnv/ -result - -# Skills hub -skills/.hub/ -ignored/ +*.md From 3a1e489dd6d0bf99f54ef513204065318fd8c985 Mon Sep 17 00:00:00 2001 From: Bryan Cross Date: Mon, 30 Mar 2026 15:57:22 -0500 Subject: [PATCH 4/5] Add build-essential to Dockerfile dependencies --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7efb14a6f8c..3b2862a818b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM debian:13.4 # Install system dependencies in one layer, clear APT cache RUN apt-get update && \ apt-get install -y --no-install-recommends \ - nodejs npm python3 python3-pip ripgrep ffmpeg gcc python3-dev libffi-dev && \ + build-essential nodejs npm python3 python3-pip ripgrep ffmpeg gcc python3-dev libffi-dev && \ rm -rf /var/lib/apt/lists/* COPY . /opt/hermes From 0287597d02c74f26084f36ff610044b7a930dd85 Mon Sep 17 00:00:00 2001 From: Bryan Cross Date: Mon, 30 Mar 2026 17:38:07 -0500 Subject: [PATCH 5/5] Optimize Playwright install --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3b2862a818b..a9624530c0d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ WORKDIR /opt/hermes # Install Python and Node dependencies in one layer, no cache RUN pip install --no-cache-dir -e ".[all]" --break-system-packages && \ npm install --prefer-offline --no-audit && \ - npx playwright install --with-deps chromium && \ + npx playwright install --with-deps chromium --only-shell && \ cd /opt/hermes/scripts/whatsapp-bridge && \ npm install --prefer-offline --no-audit && \ npm cache clean --force