Update docs content from https://github.com/depot/app

Author: andie787

content/cache/reference/bazel.mdx

@@ -33,6 +33,44 @@ If you are a member of multiple organizations, and you are authenticating with a
 build --remote_header=x-depot-org=DEPOT_ORG_ID
 ```
 
-## Using Depot Cache with Bazel
-
 Once Bazel is configured to use Depot Cache, you can then run your builds as you normally would. Bazel will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Bazel in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Bazel workspaces, your build needs access to Bazel's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Bazel credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+3. Update your Dockerfile to mount the secrets and configure Bazel:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Create .bazelrc with cache configuration
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    echo "build --remote_cache=https://cache.depot.dev" >> ~/.bazelrc && \
+    echo "build --remote_header=authorization=${DEPOT_TOKEN}" >> ~/.bazelrc && \
+    bazel build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/gocache.mdx

@@ -42,6 +42,47 @@ To set verbose output, add the --verbose option:
 export GOCACHEPROG='depot gocache --verbose'
 ```
 
-## Using Depot Cache with Go
-
 Once Go is configured to use Depot Cache, you can then run your builds as you normally would. Go will automatically communicate with `GOCACHEPROG` to fetch from Depot Cache and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Go in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Go projects, your build needs access to Go's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Go cache credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+3. Update your Dockerfile to install the Depot CLI and configure Go cache:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Install Depot CLI
+RUN curl -L https://depot.dev/install-cli.sh | sh
+
+# Mount secret and set GOCACHEPROG
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    PATH="/root/.depot/bin:$PATH" \
+    GOCACHEPROG="depot gocache" \
+    go build -v ./
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/gradle.mdx

@@ -58,6 +58,59 @@ buildCache {
 }
 ```
 
-## Using Depot Cache with Gradle
-
 Once Gradle is configured to use Depot Cache, you can then run your builds as you normally would. Gradle will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Gradle in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Gradle projects, your build needs access to Gradle's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Gradle credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Update your `settings.gradle` to read the Depot token from an environment variable:
+
+```groovy
+buildCache {
+    remote(HttpBuildCache) {
+        url = 'https://cache.depot.dev'
+        enabled = true
+        push = true
+        credentials {
+            username = ''
+            password = System.getenv('DEPOT_TOKEN')
+        }
+    }
+}
+```
+
+3. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+4. Update your Dockerfile to mount the secret and run the build:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy settings.gradle and run build with mounted secret
+COPY settings.gradle .
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    ./gradlew build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/maven.mdx

@@ -77,6 +77,87 @@ To manually configure Maven to use Depot Cache, you will need to configure remot
 
 **Note: Maven support currently only supports Depot Organization API tokens, not user tokens.**
 
-## Using Depot Cache with Maven
-
 Once Maven is configured to use Depot Cache, you can run your builds as usual. Maven will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Maven in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Maven projects, your build needs access to Maven's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Maven credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure Maven Build Cache extension in `.mvn/maven-build-cache-config.xml`:
+
+```xml
+<cache xmlns="http://maven.apache.org/BUILD-CACHE-CONFIG/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/BUILD-CACHE-CONFIG/1.0.0 https://maven.apache.org/xsd/build-cache-config-1.0.0.xsd">
+    <configuration>
+        <enabled>true</enabled>
+        <hashAlgorithm>SHA-256</hashAlgorithm>
+        <validateXml>true</validateXml>
+        <remote enabled="true" saveToRemote="true" id="depot-cache">
+            <url>https://cache.depot.dev</url>
+        </remote>
+        <projectVersioning adjustMetaInf="true" />
+    </configuration>
+</cache>
+```
+
+3. Update your `settings.xml` to read the Depot token from an environment variable. Create or update `.m2/settings.xml`:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
+  <servers>
+    <server>
+      <id>depot-cache</id>
+      <configuration>
+        <httpHeaders>
+          <property>
+            <name>Authorization</name>
+            <value>Bearer ${env.DEPOT_TOKEN}</value>
+          </property>
+        </httpHeaders>
+      </configuration>
+    </server>
+  </servers>
+</settings>
+```
+
+4. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+5. Update your Dockerfile to copy configuration files and run the build with mounted secret:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy Maven configuration files
+COPY .mvn/maven-build-cache-config.xml .mvn/maven-build-cache-config.xml
+COPY .m2/settings.xml /root/.m2/settings.xml
+
+# Run build with mounted secret
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    mvn clean install
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/moonrepo.mdx

@@ -34,6 +34,54 @@ unstable_remote:
 
 See [moonrepo's remote cache documentation](https://moonrepo.dev/docs/guides/remote-cache#cloud-hosted-depot) for more details.
 
-## Using Depot Cache with moonrepo
-
 Once moonrepo is configured to use Depot Cache, you can then run your builds as you normally would. moonrepo will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with moonrepo in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain moonrepo workspaces, your build needs access to moonrepo's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your moonrepo credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure moonrepo to read the Depot token from an environment variable in `.moon/workspace.yml`:
+
+```yaml
+unstable_remote:
+  host: 'grpcs://cache.depot.dev'
+  auth:
+    token: 'DEPOT_TOKEN'
+```
+
+3. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+4. Update your Dockerfile to copy the workspace configuration and run the build with mounted secret:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy moonrepo workspace configuration
+COPY .moon/workspace.yml .moon/workspace.yml
+
+# Mount secret as environment variable and run build
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    moon run build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/pants.mdx

@@ -41,6 +41,55 @@ If you are a member of multiple organizations, and you are authenticating with a
 remote_store_headers = { "x-depot-org" = "DEPOT_ORG_ID" }
 ```
 
-## Using Depot Cache with Pants
-
 Once Pants is configured to use Depot Cache, you can then run your builds as you normally would. Pants will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Pants in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Pants projects, your build needs access to Pants' remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Pants credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Update your `pants.toml` to read the Depot token from an environment variable:
+
+```toml
+[GLOBAL]
+remote_cache_read = true
+remote_cache_write = true
+remote_store_address = "grpcs://cache.depot.dev"
+
+[GLOBAL.remote_store_headers]
+Authorization = "%(env.DEPOT_TOKEN)s"
+```
+
+3. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+4. Update your Dockerfile to mount the secret and run the build:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy pants.toml and run build with mounted secret
+COPY pants.toml .
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    pants package ::
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.