fix: claude shouldn't reset creds after rebuild now
This commit is contained in:
+11
-2
@@ -42,11 +42,20 @@ COPY --from=oven/bun:1-slim /usr/local/bin/bun /usr/local/bin/bun
|
||||
RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
|
||||
|
||||
# `--trust` is required: without it bun skips the postinstall step that
|
||||
# fetches claude's native binary (anthropics/claude-code#50203).
|
||||
# fetches claude's native binary (anthropics/claude-code#50203). The
|
||||
# postinstall itself is bun's smoke check — if it fails the layer
|
||||
# fails. We deliberately DO NOT run `claude --version` here: claude
|
||||
# touches `$HOME` on every invocation (creates `/root/.claude/`,
|
||||
# `/root/.claude.json`, sometimes `/root/.config/claude/`), and those
|
||||
# build-time artifacts seed the runtime named-volume `claude-home`
|
||||
# with stale "haven't onboarded" state, so the user gets re-prompted
|
||||
# for trust/bypass dialogs on every rebuild and the subscription auth
|
||||
# can land on a tainted credential file.
|
||||
ENV BUN_INSTALL=/usr/local/bun-global \
|
||||
PATH=/usr/local/bun-global/bin:/app/.venv/bin:$PATH
|
||||
RUN bun install -g --trust @anthropic-ai/claude-code \
|
||||
&& claude --version
|
||||
&& test -x "$(command -v claude)" \
|
||||
&& rm -rf /root/.claude /root/.claude.json /root/.config/claude
|
||||
|
||||
COPY --from=builder /app/.venv /app/.venv
|
||||
COPY --from=builder /app /app
|
||||
|
||||
Reference in New Issue
Block a user