CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 11:45:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: run eval container as non-root — claude CLI rejects --dangerously-skip-permissions as root

Browse Source 
Claude Code CLI blocks --dangerously-skip-permissions when running
as uid=0 for security. Add a 'runner' user to the Docker image and
set --user runner on the container.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-23 07:18:30 -07:00
parent 4d3f8b4cb5
commit 7b99b8c0eb
2 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/docker/Dockerfile.ci
+6
View File
@@ -43,3 +43,9 @@ RUN bun --version && node --version && claude --version && jq --version && gh --
# Save node_modules + package.json snapshot for cache validation at runtime
RUN mv /workspace/node_modules /opt/node_modules_cache \
&& cp /workspace/package.json /opt/node_modules_cache/.package.json
# Claude CLI refuses --dangerously-skip-permissions as root.
# Create a non-root user for eval runs (GH Actions overrides USER, so
# the workflow must set options.user or use gosu/su-exec at runtime).
RUN useradd -m -s /bin/bash runner \
&& chmod -R a+rX /opt/node_modules_cache
.github/workflows/evals.yml
+1 -12
View File
@@ -62,6 +62,7 @@ jobs:
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
options: --user runner
timeout-minutes: 20
strategy:
fail-fast: false
@@ -108,18 +109,6 @@ jobs:
- run: bun run build
- name: Debug claude CLI
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
echo "=== which claude ===" && which claude 2>&1 || true
echo "=== claude path ===" && ls -la $(which claude 2>/dev/null) 2>&1 || true
echo "=== node version ===" && node --version 2>&1 || true
echo "=== claude version ===" && claude --version 2>&1 || true
echo "=== claude smoke ===" && echo "say hi" | claude -p --output-format text --dangerously-skip-permissions 2>&1 | head -10 || true
echo "=== HOME ===" && echo $HOME
echo "=== id ===" && id 2>&1 || true
- name: Run ${{ matrix.suite.name }}
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}