fix: use Dockerfile USER directive + writable .bun dir

The --user runner container option doesn't set up the user environment
properly — bun can't write temp files even with TMPDIR overrides.
Switch to USER runner in the Dockerfile which properly sets HOME and
creates the user context. Also pre-create ~/.bun owned by runner.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/docker/Dockerfile.ci

@@ -58,4 +58,8 @@ RUN mv /workspace/node_modules /opt/node_modules_cache \
 RUN useradd -m -s /bin/bash runner \
     && chmod -R a+rX /opt/node_modules_cache \
     && mkdir -p /home/runner/.gstack && chown -R runner:runner /home/runner/.gstack \
-    && chmod 1777 /tmp
+    && chmod 1777 /tmp \
+    && mkdir -p /home/runner/.bun && chown -R runner:runner /home/runner/.bun
+
+# Switch to runner user — bun needs HOME-writable for temp files
+USER runner

.github/workflows/evals.yml

@@ -62,7 +62,7 @@ jobs:
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
-      options: --user runner --tmpfs /tmp:exec
+      options: --tmpfs /tmp:exec
     timeout-minutes: 20
     strategy:
       fail-fast: false
@@ -123,9 +123,10 @@ jobs:
       - name: Verify Chromium
         if: matrix.suite.name == 'e2e-browse'
         run: |
-          echo "TMPDIR=$TMPDIR BUN_TMPDIR=$BUN_TMPDIR HOME=$HOME"
+          echo "whoami=$(whoami) HOME=$HOME TMPDIR=${TMPDIR:-unset}"
-          ls -la "$TMPDIR" || echo "TMPDIR not accessible"
+          ls -la /tmp | head -3
-          TMPDIR="$HOME/tmp" BUN_TMPDIR="$HOME/tmp" bun -e "import {chromium} from 'playwright';const b=await chromium.launch({args:['--no-sandbox']});console.log('Chromium OK');await b.close()"
+          touch /tmp/.bun-write-test && rm /tmp/.bun-write-test && echo "/tmp writable"
+          bun -e "import {chromium} from 'playwright';const b=await chromium.launch({args:['--no-sandbox']});console.log('Chromium OK');await b.close()"
 
       - name: Run ${{ matrix.suite.name }}
         env: