diff --git a/.dockerignore b/.dockerignore index 7453425d727..731eef60311 100644 --- a/.dockerignore +++ b/.dockerignore @@ -20,3 +20,16 @@ typescript/**/tsconfig.tsbuildinfo pnpm-debug.log* .idea + +# === Additional exclusions for smaller Docker context === +# Note: .git/ is NOT excluded because rust/Dockerfile needs it for vergen build-time info +.github/ +.changeset/ +.vscode/ +.turbo/ +.nyc_output/ +coverage/ +docs/ +*.log +junit.xml +.eslintcache diff --git a/.github/workflows/ccip-server-docker.yml b/.github/workflows/ccip-server-docker.yml index 4477ad7e3a5..e50f7f5ca8c 100644 --- a/.github/workflows/ccip-server-docker.yml +++ b/.github/workflows/ccip-server-docker.yml @@ -111,6 +111,9 @@ jobs: build-args: | FOUNDRY_VERSION=${{ steps.foundry-version.outputs.FOUNDRY_VERSION }} SERVICE_VERSION=${{ steps.taggen.outputs.TAG_SHA }}-${{ steps.taggen.outputs.TAG_DATE }} + TURBO_TEAM=${{ secrets.DEPOT_ORG_ID }} + secrets: | + TURBO_TOKEN=${{ secrets.DEPOT_TURBO_TOKEN }} - name: Comment image tags on PR if: github.event_name == 'pull_request' diff --git a/.github/workflows/monorepo-docker.yml b/.github/workflows/monorepo-docker.yml index 60220cfd9b5..4d18a3a2d37 100644 --- a/.github/workflows/monorepo-docker.yml +++ b/.github/workflows/monorepo-docker.yml @@ -128,6 +128,9 @@ jobs: build-args: | FOUNDRY_VERSION=${{ env.FOUNDRY_VERSION }} REGISTRY_COMMIT=${{ env.REGISTRY_VERSION }} + TURBO_TEAM=${{ secrets.DEPOT_ORG_ID }} + secrets: | + TURBO_TOKEN=${{ secrets.DEPOT_TURBO_TOKEN }} platforms: ${{ steps.determine-platforms.outputs.platforms }} - name: Comment image tags on PR diff --git a/.github/workflows/rebalancer-docker.yml b/.github/workflows/rebalancer-docker.yml index ead9771adb2..d8d273c0dc9 100644 --- a/.github/workflows/rebalancer-docker.yml +++ b/.github/workflows/rebalancer-docker.yml @@ -111,6 +111,9 @@ jobs: build-args: | FOUNDRY_VERSION=${{ steps.foundry-version.outputs.FOUNDRY_VERSION }} SERVICE_VERSION=${{ steps.taggen.outputs.TAG_SHA }}-${{ steps.taggen.outputs.TAG_DATE }} + TURBO_TEAM=${{ secrets.DEPOT_ORG_ID }} + secrets: | + TURBO_TOKEN=${{ secrets.DEPOT_TURBO_TOKEN }} - name: Comment image tags on PR if: github.event_name == 'pull_request' diff --git a/.github/workflows/warp-monitor-docker.yml b/.github/workflows/warp-monitor-docker.yml index a163627a1cc..7614dd4e528 100644 --- a/.github/workflows/warp-monitor-docker.yml +++ b/.github/workflows/warp-monitor-docker.yml @@ -111,6 +111,9 @@ jobs: build-args: | FOUNDRY_VERSION=${{ steps.foundry-version.outputs.FOUNDRY_VERSION }} SERVICE_VERSION=${{ steps.taggen.outputs.TAG_SHA }}-${{ steps.taggen.outputs.TAG_DATE }} + TURBO_TEAM=${{ secrets.DEPOT_ORG_ID }} + secrets: | + TURBO_TOKEN=${{ secrets.DEPOT_TURBO_TOKEN }} - name: Comment image tags on PR if: github.event_name == 'pull_request' diff --git a/Dockerfile b/Dockerfile index 18c9ead4581..fd79bae2d3b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,14 @@ COPY solidity ./solidity COPY solhint-plugin ./solhint-plugin COPY starknet ./starknet -RUN pnpm build +# Build with Turbo remote cache (secret mounted for security) +ARG TURBO_TEAM +RUN --mount=type=secret,id=TURBO_TOKEN \ + TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN 2>/dev/null || echo "") \ + TURBO_API=https://cache.depot.dev \ + TURBO_TEAM=${TURBO_TEAM} \ + TURBO_TELEMETRY_DISABLED=1 \ + pnpm build # Baked-in registry version # keep for back-compat until we update all usage of the monorepo image (e.g. key-funder) diff --git a/rust/.dockerignore b/rust/.dockerignore index f2a4093411b..d25a5a404f9 100644 --- a/rust/.dockerignore +++ b/rust/.dockerignore @@ -1 +1,6 @@ -**/target \ No newline at end of file +**/target +.github/ +*.md +docs/ +.vscode/ +.idea/ \ No newline at end of file diff --git a/typescript/ccip-server/Dockerfile b/typescript/ccip-server/Dockerfile index c7d3ce17ffa..56f4d9e7889 100644 --- a/typescript/ccip-server/Dockerfile +++ b/typescript/ccip-server/Dockerfile @@ -71,7 +71,13 @@ COPY solhint-plugin ./solhint-plugin COPY starknet ./starknet # Build the ccip-server -RUN pnpm turbo run build --filter=@hyperlane-xyz/ccip-server +ARG TURBO_TEAM +RUN --mount=type=secret,id=TURBO_TOKEN \ + TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN 2>/dev/null || echo "") \ + TURBO_API=https://cache.depot.dev \ + TURBO_TEAM=${TURBO_TEAM} \ + TURBO_TELEMETRY_DISABLED=1 \ + pnpm turbo run build --filter=@hyperlane-xyz/ccip-server # Create standalone deployment with resolved dependencies (no symlinks) # --legacy flag required for pnpm v10+ without inject-workspace-packages diff --git a/typescript/rebalancer/Dockerfile b/typescript/rebalancer/Dockerfile index 043823c3a4f..be7304998ff 100644 --- a/typescript/rebalancer/Dockerfile +++ b/typescript/rebalancer/Dockerfile @@ -62,7 +62,13 @@ COPY solhint-plugin ./solhint-plugin COPY starknet ./starknet # Build and bundle the rebalancer (ncc creates a single-file bundle with all deps) -RUN pnpm turbo run bundle --filter=@hyperlane-xyz/rebalancer +ARG TURBO_TEAM +RUN --mount=type=secret,id=TURBO_TOKEN \ + TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN 2>/dev/null || echo "") \ + TURBO_API=https://cache.depot.dev \ + TURBO_TEAM=${TURBO_TEAM} \ + TURBO_TELEMETRY_DISABLED=1 \ + pnpm turbo run bundle --filter=@hyperlane-xyz/rebalancer # Production stage - minimal Alpine image with just the bundled code FROM node:20-alpine AS runner diff --git a/typescript/warp-monitor/Dockerfile b/typescript/warp-monitor/Dockerfile index 3fa921fef23..ff3b9277fc4 100644 --- a/typescript/warp-monitor/Dockerfile +++ b/typescript/warp-monitor/Dockerfile @@ -62,7 +62,13 @@ COPY solhint-plugin ./solhint-plugin COPY starknet ./starknet # Build and bundle the warp-monitor (ncc creates a single-file bundle with all deps) -RUN pnpm turbo run bundle --filter=@hyperlane-xyz/warp-monitor +ARG TURBO_TEAM +RUN --mount=type=secret,id=TURBO_TOKEN \ + TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN 2>/dev/null || echo "") \ + TURBO_API=https://cache.depot.dev \ + TURBO_TEAM=${TURBO_TEAM} \ + TURBO_TELEMETRY_DISABLED=1 \ + pnpm turbo run bundle --filter=@hyperlane-xyz/warp-monitor # Production stage - minimal Alpine image with just the bundled code FROM node:20-alpine AS runner