From c44d8d486bf2cc529af2f1faadab229fd63108dd Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Mon, 23 Mar 2026 06:48:25 -0700
Subject: [PATCH] =?UTF-8?q?fix:=20bun.lockb=20=E2=86=92=20bun.lock=20+=20a?=
 =?UTF-8?q?uth=20before=20manifest=20check?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This project uses bun.lock (text format), not bun.lockb (binary).
Also move Docker login before manifest inspect so GHCR auth works.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/docker/Dockerfile.ci   |  4 ++--
 .github/workflows/ci-image.yml |  6 +++---
 .github/workflows/evals.yml    | 19 ++++++++-----------
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/.github/docker/Dockerfile.ci b/.github/docker/Dockerfile.ci
index e7118cb8..1c136a8b 100644
--- a/.github/docker/Dockerfile.ci
+++ b/.github/docker/Dockerfile.ci
@@ -31,9 +31,9 @@ ENV PATH="$BUN_INSTALL/bin:$PATH"
 RUN npm i -g @anthropic-ai/claude-code
 
 # Pre-install dependencies (cached layer — only rebuilds when lockfile changes)
-COPY bun.lockb package.json /workspace/
+COPY bun.lock package.json /workspace/
 WORKDIR /workspace
-RUN bun install --frozen-lockfile && rm -rf /tmp/*
+RUN bun install && rm -rf /tmp/*
 
 # Verify everything works
 RUN bun --version && node --version && claude --version && jq --version && gh --version
diff --git a/.github/workflows/ci-image.yml b/.github/workflows/ci-image.yml
index 7f67e2c5..19099334 100644
--- a/.github/workflows/ci-image.yml
+++ b/.github/workflows/ci-image.yml
@@ -8,14 +8,14 @@ on:
     branches: [main]
     paths:
       - '.github/docker/Dockerfile.ci'
-      - 'bun.lockb'
+      - 'bun.lock'
       - 'package.json'
   # Build on PRs that change the image (so first PR run has it)
   pull_request:
     branches: [main]
     paths:
       - '.github/docker/Dockerfile.ci'
-      - 'bun.lockb'
+      - 'bun.lock'
       - 'package.json'
   # Manual trigger
   workflow_dispatch:
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@v4
 
       # Copy lockfile + package.json into Docker build context
-      - run: cp bun.lockb package.json .github/docker/
+      - run: cp bun.lock package.json .github/docker/
 
       - uses: docker/login-action@v3
         with:
diff --git a/.github/workflows/evals.yml b/.github/workflows/evals.yml
index 6f9210dd..5a05b4ea 100644
--- a/.github/workflows/evals.yml
+++ b/.github/workflows/evals.yml
@@ -23,7 +23,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - id: meta
-        run: echo "tag=${{ env.IMAGE }}:${{ hashFiles('.github/docker/Dockerfile.ci', 'bun.lockb', 'package.json') }}" >> "$GITHUB_OUTPUT"
+        run: echo "tag=${{ env.IMAGE }}:${{ hashFiles('.github/docker/Dockerfile.ci', 'bun.lock', 'package.json') }}" >> "$GITHUB_OUTPUT"
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Check if image exists
         id: check
@@ -33,18 +39,9 @@ jobs:
           else
             echo "exists=false" >> "$GITHUB_OUTPUT"
           fi
-        env:
-          DOCKER_CLI_EXPERIMENTAL: enabled
 
       - if: steps.check.outputs.exists == 'false'
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - if: steps.check.outputs.exists == 'false'
-        run: cp bun.lockb package.json .github/docker/
+        run: cp bun.lock package.json .github/docker/
 
       - if: steps.check.outputs.exists == 'false'
         uses: docker/build-push-action@v6