From 470ac394d53df7725d18dad3d5d603b9b0717740 Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Mon, 23 Mar 2026 17:52:27 -0700
Subject: [PATCH] fix: run CI container as root (GH default) to fix bun tempdir

GH Actions overrides Dockerfile USER and HOME, creating permission
conflicts no matter what we set. Running as root (the GH default for
container jobs) gives bun full /tmp access. Claude CLI already uses
--dangerously-skip-permissions in the session runner.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/docker/Dockerfile.ci | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/docker/Dockerfile.ci b/.github/docker/Dockerfile.ci
index 8393ffcb..6fbfefb0 100644
--- a/.github/docker/Dockerfile.ci
+++ b/.github/docker/Dockerfile.ci
@@ -61,5 +61,6 @@ RUN useradd -m -s /bin/bash runner \
     && chmod 1777 /tmp \
     && mkdir -p /home/runner/.bun && chown -R runner:runner /home/runner/.bun
 
-# Switch to runner user — bun needs HOME-writable for temp files
-USER runner
+# NOTE: Do NOT use USER runner here — GH Actions overrides USER and HOME
+# anyway, creating permission conflicts. Instead, we run as root (GH default)
+# and use gosu/su-exec for claude commands that refuse root.