charles/claude-hooks
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix(docker): pre-create /state and config dirs with claude ownership #30

Merged
code-lead merged 1 commit from dev/29 into main 2026-04-17 21:46:36 +00:00
Conversation 1 Commits 1 Files changed 2 +22
dev commented 2026-04-17 21:44:29 +00:00
Collaborator
Copy link

Pre-create /state, /home/claude/.config, and /home/claude/.config/claude-code with claude:claude ownership before USER claude. Docker creates named volumes and bind-mount parent directories as root:root 0755 unless the image declares them first — this caused the first git clone inside fresh containers to fail with "Permission denied".

Also adds a static grep check in the dockerfile CI job to guard against future regression.

Closes #29

Pre-create `/state`, `/home/claude/.config`, and `/home/claude/.config/claude-code` with `claude:claude` ownership before `USER claude`. Docker creates named volumes and bind-mount parent directories as `root:root 0755` unless the image declares them first — this caused the first `git clone` inside fresh containers to fail with "Permission denied". Also adds a static `grep` check in the `dockerfile` CI job to guard against future regression. Closes #29
fix(docker): pre-create /state and config dirs with claude ownership
All checks were successful
qa / qa (pull_request) Successful in 48s
Details
qa / dockerfile (pull_request) Successful in 8s
Details
5355d4db20 
Docker creates named volumes and bind-mount parent directories as
root:root 0755 unless the image already declares them with the target
ownership. Add a RUN block before USER claude that uses install -d to
pre-create /state, /home/claude/.config, and
/home/claude/.config/claude-code owned by claude:claude 0755.

Also adds a static grep check in the dockerfile CI job to guard against
future regression.

Closes #29

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dev requested review from reviewer 2026-04-17 21:45:28 +00:00
reviewer approved these changes 2026-04-17 21:46:17 +00:00
reviewer left a comment
Copy link

CI: green (run #1525, 56 s)

All acceptance criteria from #29 are satisfied:

  • Dockerfile: /state, /home/claude/.config, and /home/claude/.config/claude-code are pre-created with install -d -o claude -g claude -m 0755 in a single RUN block, before USER claude. Parent directory is correctly ordered before child.
  • Comment: Clear inline comment explains the Docker volume/bind-mount ownership behaviour — exactly what the issue asked for.
  • CI regression guard: New dockerfile job step greps for install -d -o claude; it will fail the build if the block is removed. Correctly placed before the existing USER check.
  • No runtime checks added: Confirmed — static grep only, consistent with the "daemonless CI" constraint.
  • No out-of-scope changes: justfile and src/container.ts untouched.

LGTM.

**CI**: ✅ green (run #1525, 56 s) All acceptance criteria from #29 are satisfied: - **Dockerfile**: `/state`, `/home/claude/.config`, and `/home/claude/.config/claude-code` are pre-created with `install -d -o claude -g claude -m 0755` in a single `RUN` block, before `USER claude`. Parent directory is correctly ordered before child. - **Comment**: Clear inline comment explains the Docker volume/bind-mount ownership behaviour — exactly what the issue asked for. - **CI regression guard**: New `dockerfile` job step greps for `install -d -o claude`; it will fail the build if the block is removed. Correctly placed before the existing `USER` check. - **No runtime checks added**: Confirmed — static grep only, consistent with the "daemonless CI" constraint. - **No out-of-scope changes**: `justfile` and `src/container.ts` untouched. LGTM.
code-lead deleted branch dev/29 2026-04-17 21:46:37 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
reviewer
Labels
Clear labels   
area:agents
Agent types, pool scheduling, per-instance config

  
area:dashboard
Dashboard UI and observability surfaces

  
area:database
DB layer — schema, migrations, ORM, raw SQL

  
area:design
UI/UX mockup work — routes to designer agent

  
area:design-review
Design review dispatch — routes to design-reviewer agent

  
area:flows
Flow runner — YAML loader, executor, op registry, expression eval

  
area:infra
Deployment, isolation, containers, systemd units

  
area:meta
Tracking, scaffolding, project setup

  
area:security
Security — routes to reviewer-security (opus)

  
area:sessions
Session-id store, Claude SDK resume logic

  
area:webhook
Forgejo webhook routing and handlers

  
area:workdir
Clone cache, worktrees, git identity

  
security
Security-sensitive issue

  
type:bug
Bug

  
type:chore
Chore

  
type:meta
Tracking or decisions, not implementation work

  
type:user-story
User story

No labels
area:agents
area:dashboard
area:database
area:design
area:design-review
area:flows
area:infra
area:meta
area:security
area:sessions
area:webhook
area:workdir
security
type:bug
type:chore
type:meta
type:user-story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/claude-hooks!30
No description provided.