Merge pull request #149 from depot/docs-sync-updates

Update content from depot/app

Author: jacobwgillespie

content/cache/reference/turbo.mdx

@@ -31,3 +31,50 @@ export TURBO_TEAM=DEPOT_ORG_ID
 ## Using Depot Cache with Turborepo
 
 Once Turborepo is configured to use Depot Cache, you can then run your builds as you normally would. Turborepo will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Turborepo in container builds
+
+Container builds with `depot/build-push-action` don't automatically connect to Depot Cache. Unlike Depot GitHub Actions runners, container builds run on separate VMs and require manual configuration.
+
+You need to pass Turborepo credentials as build secrets (not build arguments) to your container build for the following reasons:
+
+- Build secrets avoid cache invalidation because the values of `TURBO_API` and `TURBO_TOKEN` change.
+- Build secrets keep tokens secure and prevent them from persisting in the final image.
+
+Follow these steps to add your Turborepo credentials as build secrets.
+
+1. Create GitHub Secrets for your Turborepo cache variables:
+   - `TURBO_API`
+   - `TURBO_TOKEN`
+   - `TURBO_TEAM`
+
+2. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "TURBO_API=${{ secrets.TURBO_API }}"
+      "TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}"
+      "TURBO_TEAM=${{ secrets.TURBO_TEAM }}"
+```
+
+3. Update your Dockerfile to mount the secrets as environment variables:
+
+```dockerfile
+syntax=docker/dockerfile:1
+# ^ Required to use secret mounts with environment variables
+
+# ... other Dockerfile instructions
+
+# Mount secrets with IDs matching the environment variable names
+RUN --mount=type=secret,id=TURBO_API,env=TURBO_API \
+    --mount=type=secret,id=TURBO_TOKEN,env=TURBO_TOKEN \
+    --mount=type=secret,id=TURBO_TEAM,env=TURBO_TEAM \
+    turbo build
+```

content/container-builds/how-to-guides/optimal-dockerfiles.mdx

@@ -1,14 +1,40 @@
 ---
-title: Best practice Dockerfiles
-ogTitle: Best practice Dockerfiles
-description: A set of best practice Dockerfiles for building Docker images
+title: Optimal Dockerfiles
+ogTitle: Optimal Dockerfiles
+description: A set of optimal Dockerfiles for building Docker images
 ---
 
-We've assembled some best practice Dockerfiles for building Docker images for several different languages:
+The following guides provide optimal Dockerfiles that are tailored for Depot container build cache and your preferred programming language. You can use these Dockerfiles as reference implementations or starting points for your own projects.
+
+If you already have a Dockerfile and want to optimize it for your Depot builds, refer to the _Understanding BuildKit Cache Mounts_ section in each guide. This section explains:
+
+- How to add cache mounts to your existing `RUN` commands
+- Cache mount parameters (`id`, `target`, `sharing`)
+- Language-specific cache strategies and optimization techniques
+
+The cache mount integration is the core enhancement that makes builds significantly faster on Depot, and these sections provide everything you need to retrofit your existing Dockerfiles. For more in-depth information on BuildKit cache mounts, please refer to the blog post [How to use cache mounts to speed up Docker builds](https://depot.dev/blog/how-to-use-cache-mount-to-speed-up-docker-builds).
 
 ## Guides
 
-- [Dockerfile for Node.js using `pnpm`](/docs/container-builds/how-to-guides/optimal-dockerfiles/node-pnpm-dockerfile)
-- [Dockerfile for Python using `uv`](/docs/container-builds/how-to-guides/optimal-dockerfiles/python-uv-dockerfile)
-- [Dockerfile for Python using `poetry`](/docs/container-builds/how-to-guides/optimal-dockerfiles/python-poetry-dockerfile)
+### Node.js
+
+- [Node.js Dockerfiles](/docs/container-builds/how-to-guides/optimal-dockerfiles/node)
+
+### Python
+
+- [Python Dockerfiles](/docs/container-builds/how-to-guides/optimal-dockerfiles/python)
+
+### Java
+
+- [Java Dockerfiles](/docs/container-builds/how-to-guides/optimal-dockerfiles/java)
+
+### .NET
+
+- [.NET Dockerfiles](/docs/container-builds/how-to-guides/optimal-dockerfiles/dotnet)
+
+### Other Languages
+
+- [Dockerfile for Go](/docs/container-builds/how-to-guides/optimal-dockerfiles/go-dockerfile)
+- [Dockerfile for PHP using Composer](/docs/container-builds/how-to-guides/optimal-dockerfiles/php-composer-dockerfile)
+- [Dockerfile for Ruby using Bundler](/docs/container-builds/how-to-guides/optimal-dockerfiles/ruby-bundler-dockerfile)
 - [Dockerfile for Rust](/docs/container-builds/how-to-guides/optimal-dockerfiles/rust-dockerfile)

content/container-builds/how-to-guides/optimal-dockerfiles/dotnet-aspnetcore-dockerfile.mdx

@@ -0,0 +1,172 @@
+---
+title: Optimal Dockerfile for .NET ASP.NET Core
+ogTitle: Optimal Dockerfile for .NET ASP.NET Core
+description: A sample optimal Dockerfile for building images for .NET ASP.NET Core applications from us at Depot.
+---
+
+Below is an example `Dockerfile` that we recommend at Depot for building images for .NET ASP.NET Core applications.
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+
+WORKDIR /src
+
+COPY src/WebApp/WebApp.csproj src/WebApp/
+COPY src/WebApp.Core/WebApp.Core.csproj src/WebApp.Core/
+COPY Directory.Build.props ./
+COPY *.sln ./
+
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    --mount=type=cache,target=/root/.local/share/NuGet/v3-cache \
+    --mount=type=cache,target=/root/.local/share/NuGet/plugins-cache \
+    --mount=type=cache,target=/tmp/NuGetScratchroot \
+    dotnet restore
+
+COPY src/ src/
+
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    --mount=type=cache,target=/root/.local/share/NuGet/v3-cache \
+    --mount=type=cache,target=/root/.local/share/NuGet/plugins-cache \
+    --mount=type=cache,target=/tmp/NuGetScratchroot \
+    dotnet publish "src/WebApp/WebApp.csproj" \
+    --no-restore \
+    --configuration Release \
+    --output /app/publish
+
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS runtime
+
+RUN groupadd -g 1001 appgroup && \
+    useradd -u 1001 -g appgroup -m -d /app -s /bin/false appuser
+
+WORKDIR /app
+
+COPY --from=build --chown=appuser:appgroup /app/publish .
+
+USER appuser
+
+ENV DOTNET_RUNNING_IN_CONTAINER=true \
+    DOTNET_EnableDiagnostics=0 \
+    HTTP_PORT=8080 \
+    ASPNETCORE_ENVIRONMENT=Production
+
+ENTRYPOINT ["dotnet", "WebApp.dll"]
+```
+
+## Explanation of the Dockerfile
+
+At a high level, here are the things we're optimizing in our Docker build for a .NET ASP.NET Core application:
+
+- Multi-stage builds for smaller final images
+- NuGet cache mounts for dependency caching
+- Security optimizations with non-root users
+- Production-optimized ASP.NET Core configuration
+
+### Stage 1: `FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build`
+
+```dockerfile
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
+
+WORKDIR /src
+```
+
+We use the official .NET 8 SDK image for the build stage, providing all necessary tools for compilation and publishing.
+
+#### Project file and dependency restoration
+
+```dockerfile
+COPY src/WebApp/WebApp.csproj src/WebApp/
+COPY src/WebApp.Core/WebApp.Core.csproj src/WebApp.Core/
+COPY Directory.Build.props ./
+COPY *.sln ./
+
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    --mount=type=cache,target=/root/.local/share/NuGet/v3-cache \
+    --mount=type=cache,target=/root/.local/share/NuGet/plugins-cache \
+    --mount=type=cache,target=/tmp/NuGetScratchroot \
+    dotnet restore
+```
+
+We copy only the project files and solution file first for optimal layer caching. This pattern ensures that package restoration only runs when dependencies change, not when source code changes. The cache mount persists NuGet packages between builds.
+
+#### Source code and publishing
+
+```dockerfile
+COPY src/ src/
+
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    --mount=type=cache,target=/root/.local/share/NuGet/v3-cache \
+    --mount=type=cache,target=/root/.local/share/NuGet/plugins-cache \
+    --mount=type=cache,target=/tmp/NuGetScratchroot \
+    dotnet publish "src/WebApp/WebApp.csproj" \
+    --no-restore \
+    --configuration Release \
+    --output /app/publish
+```
+
+After copying the source code, we publish the application:
+
+- `--no-restore` skips restoration since we've already restored packages
+- `--configuration Release` builds in release mode for production
+- `--output /app/publish` specifies the output directory for the published files
+
+### Stage 2: `FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS runtime`
+
+```dockerfile
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS runtime
+
+RUN groupadd -g 1001 appgroup && \
+    useradd -u 1001 -g appgroup -m -d /app -s /bin/false appuser
+
+WORKDIR /app
+
+COPY --from=build --chown=appuser:appgroup /app/publish .
+```
+
+The runtime stage uses the ASP.NET Core runtime image, which is much smaller than the SDK. We create a non-root user for security and copy only the published application files.
+
+#### Runtime configuration
+
+```dockerfile
+USER appuser
+
+ENV DOTNET_RUNNING_IN_CONTAINER=true \
+    DOTNET_EnableDiagnostics=0 \
+    HTTP_PORT=8080 \
+    ASPNETCORE_ENVIRONMENT=Production
+
+ENTRYPOINT ["dotnet", "WebApp.dll"]
+```
+
+We configure the runtime environment:
+
+- Run as non-root user for security
+- `DOTNET_RUNNING_IN_CONTAINER=true` enables container-optimized settings
+- `DOTNET_EnableDiagnostics=0` disables diagnostics for production
+- `HTTP_PORT=8080` sets the HTTP port
+- `ASPNETCORE_ENVIRONMENT=Production` sets the environment
+
+## Understanding BuildKit Cache Mounts
+
+Cache mounts are one of the most powerful features for optimizing Docker builds with Depot. This Dockerfile uses the following cache mount syntax:
+
+```dockerfile
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    --mount=type=cache,target=/root/.local/share/NuGet/v3-cache \
+    --mount=type=cache,target=/root/.local/share/NuGet/plugins-cache \
+    --mount=type=cache,target=/tmp/NuGetScratchroot \
+    dotnet restore
+```
+
+### Cache Mount Parameters Explained
+
+- **`type=cache`**: Specifies this is a cache mount that persists across builds.
+
+- **Multiple cache targets**:
+  - **`/root/.nuget/packages`**: Global NuGet package cache
+  - **`/root/.local/share/NuGet/v3-cache`**: NuGet v3 API cache
+  - **`/root/.local/share/NuGet/plugins-cache`**: NuGet plugins cache
+  - **`/tmp/NuGetScratchroot`**: Temporary extraction directory
+
+For more information regarding NuGet cache mounts, please visit the official [Microsoft documentation](https://learn.microsoft.com/en-us/nuget/consume-packages/managing-the-global-packages-and-cache-folders).