Update content from depot/app

content/agents/claude-code/quickstart.mdx

@@ -9,31 +9,33 @@ import {DocsCTA} from '~/components/blog/CTA'
 
 Run Claude Code agents in Depot's remote agent sandboxes: a secure, isolated environment in the cloud, where you can launch, resume, and share coding sessions.
 
-## Install the Depot CLI
+## Prerequisites
 
-You'll need the [Depot CLI](/docs/cli/reference) on your machine to configure and launch remote sandboxes.
+You'll need a [Depot account](https://depot.dev/sign-up).
 
-### macOS
+## Install the Depot CLI
 
-Install the Depot CLI with Homebrew:
+Install the [Depot CLI](/docs/cli/reference) on your machine to configure and launch remote sandboxes.
 
-```shell
-brew install depot/tap/depot
-```
+- **macOS**
 
-### Linux
+  Install the Depot CLI with Homebrew:
 
-Install the Depot CLI with the installation script.
+      ```shell
+      brew install depot/tap/depot
+      ```
 
-Install the latest version:
+- **Linux**
 
-```shell
-curl -L https://depot.dev/install-cli.sh | sh
-```
+  Install the Depot CLI with the installation script:
+
+      ```shell
+      curl -L https://depot.dev/install-cli.sh | sh
+      ```
 
-### All platforms
+- **All platforms**
 
-Download the binary file for your platform from the [Depot CLI releases page](https://github.com/depot/cli/releases) in GitHub.
+  Download the binary file for your platform from the [Depot CLI releases page](https://github.com/depot/cli/releases) in GitHub.
 
 ## Get and set your Anthropic credentials
 
@@ -87,7 +89,7 @@ To grant remote agent sandboxes access to clone and push changes to your private
 
 ### Grant access outside of GitHub
 
-If you don't want to use the Depot Code app, you can set your Git credentials as secrets in your Depot organization allow changes to your private repositories. The value of `GIT_CREDENTIALS` must be one of the following:
+If you don't want to use the Depot Code app, you can set your Git credentials as secrets in your Depot organization to allow changes to your private repositories. The value of `GIT_CREDENTIALS` must be one of the following:
 
 - A token, such as a personal access token. Depot uses `x-token` as the username and the token you specify as the password.
 - A user name and password in the format: username@password.

content/cache/reference/bazel.mdx

@@ -33,6 +33,44 @@ If you are a member of multiple organizations, and you are authenticating with a
 build --remote_header=x-depot-org=DEPOT_ORG_ID
 ```
 
-## Using Depot Cache with Bazel
-
 Once Bazel is configured to use Depot Cache, you can then run your builds as you normally would. Bazel will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Bazel in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Bazel workspaces, your build needs access to Bazel's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Bazel credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+3. Update your Dockerfile to mount the secrets and configure Bazel:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Create .bazelrc with cache configuration
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    echo "build --remote_cache=https://cache.depot.dev" >> ~/.bazelrc && \
+    echo "build --remote_header=authorization=${DEPOT_TOKEN}" >> ~/.bazelrc && \
+    bazel build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/gocache.mdx

@@ -42,6 +42,47 @@ To set verbose output, add the --verbose option:
 export GOCACHEPROG='depot gocache --verbose'
 ```
 
-## Using Depot Cache with Go
-
 Once Go is configured to use Depot Cache, you can then run your builds as you normally would. Go will automatically communicate with `GOCACHEPROG` to fetch from Depot Cache and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Go in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Go projects, your build needs access to Go's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Go cache credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+3. Update your Dockerfile to install the Depot CLI and configure Go cache:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Install Depot CLI
+RUN curl -L https://depot.dev/install-cli.sh | sh
+
+# Mount secret and set GOCACHEPROG
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    PATH="/root/.depot/bin:$PATH" \
+    GOCACHEPROG="depot gocache" \
+    go build -v ./
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/gradle.mdx

@@ -58,6 +58,59 @@ buildCache {
 }
 ```
 
-## Using Depot Cache with Gradle
-
 Once Gradle is configured to use Depot Cache, you can then run your builds as you normally would. Gradle will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Gradle in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Gradle projects, your build needs access to Gradle's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Gradle credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Update your `settings.gradle` to read the Depot token from an environment variable:
+
+```groovy
+buildCache {
+    remote(HttpBuildCache) {
+        url = 'https://cache.depot.dev'
+        enabled = true
+        push = true
+        credentials {
+            username = ''
+            password = System.getenv('DEPOT_TOKEN')
+        }
+    }
+}
+```
+
+3. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+4. Update your Dockerfile to mount the secret and run the build:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy settings.gradle and run build with mounted secret
+COPY settings.gradle .
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    ./gradlew build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/maven.mdx

@@ -77,6 +77,87 @@ To manually configure Maven to use Depot Cache, you will need to configure remot
 
 **Note: Maven support currently only supports Depot Organization API tokens, not user tokens.**
 
-## Using Depot Cache with Maven
-
 Once Maven is configured to use Depot Cache, you can run your builds as usual. Maven will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with Maven in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain Maven projects, your build needs access to Maven's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your Maven credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure Maven Build Cache extension in `.mvn/maven-build-cache-config.xml`:
+
+```xml
+<cache xmlns="http://maven.apache.org/BUILD-CACHE-CONFIG/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/BUILD-CACHE-CONFIG/1.0.0 https://maven.apache.org/xsd/build-cache-config-1.0.0.xsd">
+    <configuration>
+        <enabled>true</enabled>
+        <hashAlgorithm>SHA-256</hashAlgorithm>
+        <validateXml>true</validateXml>
+        <remote enabled="true" saveToRemote="true" id="depot-cache">
+            <url>https://cache.depot.dev</url>
+        </remote>
+        <projectVersioning adjustMetaInf="true" />
+    </configuration>
+</cache>
+```
+
+3. Update your `settings.xml` to read the Depot token from an environment variable. Create or update `.m2/settings.xml`:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
+  <servers>
+    <server>
+      <id>depot-cache</id>
+      <configuration>
+        <httpHeaders>
+          <property>
+            <name>Authorization</name>
+            <value>Bearer ${env.DEPOT_TOKEN}</value>
+          </property>
+        </httpHeaders>
+      </configuration>
+    </server>
+  </servers>
+</settings>
+```
+
+4. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+5. Update your Dockerfile to copy configuration files and run the build with mounted secret:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy Maven configuration files
+COPY .mvn/maven-build-cache-config.xml .mvn/maven-build-cache-config.xml
+COPY .m2/settings.xml /root/.m2/settings.xml
+
+# Run build with mounted secret
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    mvn clean install
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.

content/cache/reference/moonrepo.mdx

@@ -34,6 +34,54 @@ unstable_remote:
 
 See [moonrepo's remote cache documentation](https://moonrepo.dev/docs/guides/remote-cache#cloud-hosted-depot) for more details.
 
-## Using Depot Cache with moonrepo
-
 Once moonrepo is configured to use Depot Cache, you can then run your builds as you normally would. moonrepo will automatically communicate with Depot Cache to fetch and reuse any stored build artifacts from your previous builds.
+
+### Using Depot Cache with moonrepo in `depot/build-push-action`
+
+When using `depot/build-push-action` to build Docker images that contain moonrepo workspaces, your build needs access to moonrepo's remote cache credentials to benefit from caching.
+
+These credentials are not automatically available inside your Docker build environment. Unlike builds running directly on Depot-managed GitHub Actions runners (which have automatic access to Depot Cache environment variables), containerized builds execute in isolated VMs that require explicit configuration.
+
+Follow these steps to securely pass your moonrepo credentials into your Docker build:
+
+1. Store the Depot token in a GitHub Secret named `DEPOT_TOKEN`.
+
+2. Configure moonrepo to read the Depot token from an environment variable in `.moon/workspace.yml`:
+
+```yaml
+unstable_remote:
+  host: 'grpcs://cache.depot.dev'
+  auth:
+    token: 'DEPOT_TOKEN'
+```
+
+3. Configure your GitHub Action to pass secrets to the container build:
+
+```yaml
+- name: Build and push
+  uses: depot/build-push-action@v1
+  with:
+    context: .
+    file: ./Dockerfile
+    push: true
+    tags: your-image:tag
+    secrets: |
+      "DEPOT_TOKEN=${{ secrets.DEPOT_TOKEN }}"
+```
+
+4. Update your Dockerfile to copy the workspace configuration and run the build with mounted secret:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# ... other Dockerfile instructions
+
+# Copy moonrepo workspace configuration
+COPY .moon/workspace.yml .moon/workspace.yml
+
+# Mount secret as environment variable and run build
+RUN --mount=type=secret,id=DEPOT_TOKEN,env=DEPOT_TOKEN \
+    moon run build
+```
+
+Adding `# syntax=docker/dockerfile:1` as the first line of your Dockerfile enables mounting secrets as environment variables.