fix: run eval container as non-root — claude CLI rejects --dangerously-skip-permissions as root

Claude Code CLI blocks --dangerously-skip-permissions when running as uid=0 for security. Add a 'runner' user to the Docker image and set --user runner on the container. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-05 13:15:24 +02:00 · 2026-03-23 07:18:30 -07:00
parent 4d3f8b4cb5
commit 7b99b8c0eb
2 changed files with 7 additions and 12 deletions
@@ -43,3 +43,9 @@ RUN bun --version && node --version && claude --version && jq --version && gh --
 # Save node_modules + package.json snapshot for cache validation at runtime
 RUN mv /workspace/node_modules /opt/node_modules_cache \
    && cp /workspace/package.json /opt/node_modules_cache/.package.json
+
+# Claude CLI refuses --dangerously-skip-permissions as root.
+# Create a non-root user for eval runs (GH Actions overrides USER, so
+# the workflow must set options.user or use gosu/su-exec at runtime).
+RUN useradd -m -s /bin/bash runner \
+    && chmod -R a+rX /opt/node_modules_cache