Update content from depot/app

content/container-builds/reference/api-overview.mdx → content/api/overview.mdx

@@ -13,7 +13,7 @@ Our API is built with Connect, offering [multiprotocol support](https://connectr
 
 ## Authentication
 
-Authentication to the API is handled via an `Authorization` header with the value being an Organization Token that you generate inside of your Organization Settings. See the [Authentication docs](/docs/container-builds/reference/api-authentication) for more details.
+Authentication to the API is handled via an `Authorization` header with the value being an Organization Token that you generate inside of your Organization Settings. See the [Authentication docs](/docs/api/authentication) for more details.
 
 ## Security
 

content/cache/reference/bazel.mdx

@@ -10,30 +10,13 @@ description: Learn how to use Depot remote caching for Bazel builds
 
 ## Configuring Bazel to use Depot Cache
 
-Depot Cache can be used with Bazel from Depot's managed GitHub Actions runners, from your local machine, or from any CI/CD system.
+Depot Cache can be used with Bazel from Depot's managed GitHub Actions runners, from your local machine, from any CI/CD system, or within containerized builds using Dockerfiles or Bake files.
 
 ### From Depot-managed Actions runners
 
 [Depot GitHub Actions runners](/docs/github-actions/overview) are pre-configured to use Depot Cache with Bazel - each runner is launched with a `$HOME/.bazelrc` file that is pre-populated with the connection details for Depot Cache.
 
-If this automatic configuration is incompatible with your specific setup, you can disable automatic configuration in your organization settings page and manually configure Bazel to use Depot Cache as described below.
-
-### From your local machine or any CI/CD system
-
-To manually configure Bazel to use Depot Cache, you will need to set two build flags in your `.bazelrc` file. Configure Bazel to use the Depot Cache service endpoint and set API token as the `authorization` header:
-
-```bash
-build --remote_cache=https://cache.depot.dev
-build --remote_header=authorization=DEPOT_TOKEN
-```
-
-If you are a member of multiple organizations, and you are authenticating with a user token, you must additionally specify which organization to use for cache storage with the `x-depot-org` header:
-
-```bash
-build --remote_header=x-depot-org=DEPOT_ORG_ID
-```
-
-Once Bazel is configured to use Depot Cache, you can then run your builds as you normally would. Bazel will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+If you don't want Depot to override the `$HOME/.bazelrc` file on each runner, disable **Allow Actions jobs to automatically connect to Depot Cache** in your organization settings page. You can manually configure Bazel to use Depot Cache as described in the "Using Depot Cache from your local machine or any CI/CD system" section.
 
 ### Using Depot Cache with Bazel in `depot/build-push-action`
 
@@ -74,3 +57,94 @@ RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
 ```
 
 Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.
+
+### Using Depot Cache from your local machine or any CI/CD system
+
+To manually configure Bazel to use Depot Cache, you will need to set two build flags in your `.bazelrc` file. Configure Bazel to use the Depot Cache service endpoint and set API token as the `authorization` header:
+
+```bash
+build --remote_cache=https://cache.depot.dev
+build --remote_header=authorization=DEPOT_TOKEN
+```
+
+If you are a member of multiple organizations, and you are authenticating with a user token, you must additionally specify which organization to use for cache storage with the `x-depot-org` header:
+
+```bash
+build --remote_header=x-depot-org=DEPOT_ORG_ID
+```
+
+After Bazel is configured to use Depot Cache, you can then run your builds as you normally would. Bazel will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Bazel in Depot CLI
+
+When building directly with Depot CLI, follow these steps:
+
+1. Update your Dockerfile to mount the secret and configure Bazel:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Create .bazelrc with cache configuration
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    echo "build --remote_cache=https://cache.depot.dev" >> ~/.bazelrc && \
+    echo "build --remote_header=authorization=${DEPOT_TOKEN}" >> ~/.bazelrc && \
+    bazel build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.
+
+2. Build with Depot CLI:
+
+```shell
+depot build --secret id=DEPOT_TOKEN,env=DEPOT_TOKEN -t your-image:tag .
+```
+
+Or with Docker Buildx:
+
+```shell
+docker buildx build --secret id=DEPOT_TOKEN,env=DEPOT_TOKEN -t your-image:tag .
+```
+
+### Using Depot Cache with Bazel in Bake files
+
+When using Bake files to build Docker images containing Bazel workspaces, you can pass secrets through the `target.secret` attribute:
+
+1. Define the secret in your `docker-bake.hcl` file:
+
+```hcl
+target "default" {
+  context    = "."
+  dockerfile = "Dockerfile"
+  tags       = ["your-image:tag"]
+  secret = [
+    {
+      type = "env"
+      id   = "DEPOT_TOKEN"
+    }
+  ]
+}
+```
+
+2. Update your Dockerfile to mount the secret and configure Bazel:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Create .bazelrc with cache configuration
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    echo "build --remote_cache=https://cache.depot.dev" >> ~/.bazelrc && \
+    echo "build --remote_header=authorization=${DEPOT_TOKEN}" >> ~/.bazelrc && \
+    bazel build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.
+
+3. Run the build with `depot bake`:
+
+```shell
+DEPOT_TOKEN=your_token depot bake
+```

content/cache/reference/gocache.mdx

@@ -6,15 +6,58 @@ description: Learn how to use Depot remote caching for Go
 
 ## Configuring Go to use Depot Cache
 
-Depot Cache can be used with Go from Depot's managed GitHub Actions runners, from your local machine, or from any CI/CD system.
+Depot Cache can be used with Go from Depot's managed GitHub Actions runners, from your local machine, from any CI/CD system, or within containerized builds using Dockerfiles or Bake files.
 
 ### From Depot-managed Actions runners
 
 [Depot GitHub Actions runners](/docs/github-actions/overview) are pre-configured to use Depot Cache with Go - each runner is launched with the `GOCACHEPROG` environment variable pre-populated with the connection details for Depot Cache.
 
-If this automatic configuration is incompatible with your specific setup, you can disable automatic configuration in your organization settings page and manually configure `GOCACHEPROG` to use Depot Cache as described below.
+If you don't want Depot to set up the `GOCACHEPROG` environment variable on each runner, disable **Allow Actions jobs to automatically connect to Depot Cache** in your organization settings page. You can manually configure `GOCACHEPROG` to use Depot Cache as described in the "Using Depot Cache from your local machine or any CI/CD system" section.
 
-### From your local machine or any CI/CD system
+### Using Depot Cache with Go in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Go projects, your build needs access to Go's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Go cache credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+3. Update your Dockerfile to install the Depot CLI and configure Go cache:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Install Depot CLI
+RUN curl -L https://depot.dev/install-cli.sh | sh
+
+# Mount secret and set GOCACHEPROG
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    PATH="/root/.depot/bin:$PATH" \
+    GOCACHEPROG="depot gocache" \
+    go build -v ./
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.
+
+### Using Depot Cache from your local machine or any CI/CD system
 
 To manually configure Go to use Depot Cache, set the `GOCACHEPROG` in your environment:
 
@@ -42,33 +85,64 @@ To set verbose output, add the --verbose option:
 export GOCACHEPROG='depot gocache --verbose'
 ```
 
-Once Go is configured to use Depot Cache, you can then run your builds as you normally would. Go will automatically communicate with `GOCACHEPROG` to fetch from Depot Cache and reuse any stored build artifacts from your previous builds.
+After Go is configured to use Depot Cache, you can then run your builds as you normally would. Go will automatically communicate with `GOCACHEPROG` to fetch from Depot Cache and reuse any stored build artifacts from your previous builds.
 
-### Using Depot Cache with Go in `depot/build-push-action`
+### Using Depot Cache with Go in Depot CLI
 
-When using `depot/build-push-action` to build Docker images that contain Go projects, your build needs access to Go's remote cache credentials to benefit from caching.
+When building directly with Depot CLI, follow these steps:
 
-These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+1. Update your Dockerfile to install the Depot CLI and configure Go cache:
 
-Follow these steps to securely pass your Go cache credentials into your Docker build:
+```dockerfile
+# syntax=docker/dockerfile:1
 
-1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+# ... other Dockerfile instructions
 
-2. Configure your GitHub Action to pass secrets to the container build:
+# Install Depot CLI
+RUN curl -L https://depot.dev/install-cli.sh | sh
 
-```yaml
-- name: Build and push
-  uses: depot/build-push-action@v1
-  with:
-    context: .
-    file: ./Dockerfile
-    push: true
-    tags: your-image:tag
-    secrets: |
-      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+# Mount secret and set GOCACHEPROG
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    PATH="/root/.depot/bin:$PATH" \
+    GOCACHEPROG="depot gocache" \
+    go build -v ./
 ```
 
-3. Update your Dockerfile to install the Depot CLI and configure Go cache:
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.
+
+2. Build with Depot CLI:
+
+```shell
+depot build --secret id=DEPOT_TOKEN,env=DEPOT_TOKEN -t your-image:tag .
+```
+
+Or with Docker Buildx:
+
+```shell
+docker buildx build --secret id=DEPOT_TOKEN,env=DEPOT_TOKEN -t your-image:tag .
+```
+
+### Using Depot Cache with Go in Bake files
+
+When using Bake files to build Docker images containing Go projects, you can pass secrets through the `target.secret` attribute:
+
+1. Define the secret in your `docker-bake.hcl` file:
+
+```hcl
+target "default" {
+  context    = "."
+  dockerfile = "Dockerfile"
+  tags       = ["your-image:tag"]
+  secret = [
+    {
+      type = "env"
+      id   = "DEPOT_TOKEN"
+    }
+  ]
+}
+```
+
+2. Update your Dockerfile to install the Depot CLI and configure Go cache:
 
 ```dockerfile
 # syntax=docker/dockerfile:1
@@ -86,3 +160,9 @@ RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
 ```
 
 Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.
+
+3. Run the build with `depot bake`:
+
+```shell
+DEPOT_TOKEN=your_token depot bake
+```