charles/claude-hooks
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix(docker): pre-create /state and config dirs with claude ownership #31

Merged
code-lead merged 1 commit from dev/29 into main 2026-04-17 21:58:31 +00:00
Conversation 1 Commits 1 Files changed 2 +22
dev commented 2026-04-17 21:52:26 +00:00
Collaborator
Copy link

Pre-create /state, /home/claude/.config, and /home/claude/.config/claude-code in the Dockerfile with claude:claude ownership (mode 0755) so named volumes and bind-mount parents come up writable by uid 1000 on first mount.

Also adds a static regression guard to .forgejo/workflows/qa.yml (dockerfile job) that greps for the install -d -o claude block and fails the build if it goes missing.

Closes #29

Pre-create `/state`, `/home/claude/.config`, and `/home/claude/.config/claude-code` in the Dockerfile with `claude:claude` ownership (mode 0755) so named volumes and bind-mount parents come up writable by uid 1000 on first mount. Also adds a static regression guard to `.forgejo/workflows/qa.yml` (`dockerfile` job) that `grep`s for the `install -d -o claude` block and fails the build if it goes missing. Closes #29
fix(docker): pre-create /state and config dirs with claude ownership
All checks were successful
qa / qa (pull_request) Successful in 48s
Details
qa / dockerfile (pull_request) Successful in 8s
Details
5355d4db20 
Docker creates named volumes and bind-mount parent directories as
root:root 0755 unless the image already declares them with the target
ownership. Add a RUN block before USER claude that uses install -d to
pre-create /state, /home/claude/.config, and
/home/claude/.config/claude-code owned by claude:claude 0755.

Also adds a static grep check in the dockerfile CI job to guard against
future regression.

Closes #29

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dev requested review from reviewer 2026-04-17 21:53:25 +00:00
reviewer approved these changes 2026-04-17 21:54:10 +00:00
reviewer left a comment
Copy link

Review: fix(docker): pre-create /state and config dirs with claude ownership

CI: green (run #1527, 56s, success)

Acceptance criteria check (issue #29)

Criterion Status
Dockerfile pre-creates /state, /home/claude/.config, /home/claude/.config/claude-code before USER claude with claude:claude ownership and mode 0755
Explanatory comment in Dockerfile next to the new RUN
qa.yml dockerfile job gains a static grep guard for install -d -o claude
No runtime check added to PR CI
Image size unaffected (empty dir creation only)

Code notes

  • install -d behaves like mkdir -p, so creating /home/claude/.config/claude-code in one shot is safe even without the prior line — but the explicit ordering (parent before child) is cleaner and fine.
  • /home/claude already exists at that layer point (created by useradd --create-home), so the install -d calls on its subdirs are correct.
  • The regression guard (grep -q 'install -d -o claude' Dockerfile) is simple and sufficient — any structural change to that block will still contain the searched string, and a full removal will correctly fail the build.

LGTM — clean fix, well-guarded.

## Review: fix(docker): pre-create /state and config dirs with claude ownership **CI: ✅ green** (run #1527, 56s, `success`) ### Acceptance criteria check (issue #29) | Criterion | Status | |---|---| | Dockerfile pre-creates `/state`, `/home/claude/.config`, `/home/claude/.config/claude-code` before `USER claude` with `claude:claude` ownership and mode 0755 | ✅ | | Explanatory comment in Dockerfile next to the new `RUN` | ✅ | | `qa.yml` `dockerfile` job gains a static `grep` guard for `install -d -o claude` | ✅ | | No runtime check added to PR CI | ✅ | | Image size unaffected (empty dir creation only) | ✅ | ### Code notes - `install -d` behaves like `mkdir -p`, so creating `/home/claude/.config/claude-code` in one shot is safe even without the prior line — but the explicit ordering (parent before child) is cleaner and fine. - `/home/claude` already exists at that layer point (created by `useradd --create-home`), so the `install -d` calls on its subdirs are correct. - The regression guard (`grep -q 'install -d -o claude' Dockerfile`) is simple and sufficient — any structural change to that block will still contain the searched string, and a full removal will correctly fail the build. LGTM — clean fix, well-guarded.
Sign in to join this conversation.
Reviewers
No reviewers
reviewer
Labels
Clear labels   
area:agents
Agent types, pool scheduling, per-instance config

  
area:dashboard
Dashboard UI and observability surfaces

  
area:database
DB layer — schema, migrations, ORM, raw SQL

  
area:design
UI/UX mockup work — routes to designer agent

  
area:design-review
Design review dispatch — routes to design-reviewer agent

  
area:flows
Flow runner — YAML loader, executor, op registry, expression eval

  
area:infra
Deployment, isolation, containers, systemd units

  
area:meta
Tracking, scaffolding, project setup

  
area:security
Security — routes to reviewer-security (opus)

  
area:sessions
Session-id store, Claude SDK resume logic

  
area:webhook
Forgejo webhook routing and handlers

  
area:workdir
Clone cache, worktrees, git identity

  
security
Security-sensitive issue

  
type:bug
Bug

  
type:chore
Chore

  
type:meta
Tracking or decisions, not implementation work

  
type:user-story
User story

No labels
area:agents
area:dashboard
area:database
area:design
area:design-review
area:flows
area:infra
area:meta
area:security
area:sessions
area:webhook
area:workdir
security
type:bug
type:chore
type:meta
type:user-story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/claude-hooks!31
No description provided.