fix: claude shouldn't reset creds after rebuild now
This commit is contained in:
+11
-2
@@ -42,11 +42,20 @@ COPY --from=oven/bun:1-slim /usr/local/bin/bun /usr/local/bin/bun
|
|||||||
RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
|
RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
|
||||||
|
|
||||||
# `--trust` is required: without it bun skips the postinstall step that
|
# `--trust` is required: without it bun skips the postinstall step that
|
||||||
# fetches claude's native binary (anthropics/claude-code#50203).
|
# fetches claude's native binary (anthropics/claude-code#50203). The
|
||||||
|
# postinstall itself is bun's smoke check — if it fails the layer
|
||||||
|
# fails. We deliberately DO NOT run `claude --version` here: claude
|
||||||
|
# touches `$HOME` on every invocation (creates `/root/.claude/`,
|
||||||
|
# `/root/.claude.json`, sometimes `/root/.config/claude/`), and those
|
||||||
|
# build-time artifacts seed the runtime named-volume `claude-home`
|
||||||
|
# with stale "haven't onboarded" state, so the user gets re-prompted
|
||||||
|
# for trust/bypass dialogs on every rebuild and the subscription auth
|
||||||
|
# can land on a tainted credential file.
|
||||||
ENV BUN_INSTALL=/usr/local/bun-global \
|
ENV BUN_INSTALL=/usr/local/bun-global \
|
||||||
PATH=/usr/local/bun-global/bin:/app/.venv/bin:$PATH
|
PATH=/usr/local/bun-global/bin:/app/.venv/bin:$PATH
|
||||||
RUN bun install -g --trust @anthropic-ai/claude-code \
|
RUN bun install -g --trust @anthropic-ai/claude-code \
|
||||||
&& claude --version
|
&& test -x "$(command -v claude)" \
|
||||||
|
&& rm -rf /root/.claude /root/.claude.json /root/.config/claude
|
||||||
|
|
||||||
COPY --from=builder /app/.venv /app/.venv
|
COPY --from=builder /app/.venv /app/.venv
|
||||||
COPY --from=builder /app /app
|
COPY --from=builder /app /app
|
||||||
|
|||||||
Reference in New Issue
Block a user