hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-21 12:18:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: run as runner user + redirect bun temp to writable /home/runner

Browse Source 
Running as root breaks Claude CLI (refuses to start). Running as runner
breaks bun (can't write to root-owned /tmp dirs from Docker build).

Fix: run as --user runner, but redirect BUN_TMPDIR and TMPDIR to
/home/runner/.cache/bun which is writable by the runner user.
GITHUB_ENV exports apply to all subsequent steps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-23 17:59:23 -07:00
parent 470ac394d5
commit 9dc04020a4
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.github/docker/Dockerfile.ci vendored
View File

@@ -59,8 +59,5 @@ RUN useradd -m -s /bin/bash runner \
&& chmod -R a+rX /opt/node_modules_cache \ && chmod -R a+rX /opt/node_modules_cache \
&& mkdir -p /home/runner/.gstack && chown -R runner:runner /home/runner/.gstack \ && mkdir -p /home/runner/.gstack && chown -R runner:runner /home/runner/.gstack \
&& chmod 1777 /tmp \ && chmod 1777 /tmp \
&& mkdir -p /home/runner/.bun && chown -R runner:runner /home/runner/.bun && mkdir -p /home/runner/.bun && chown -R runner:runner /home/runner/.bun \
&& chmod -R 1777 /tmp
# NOTE: Do NOT use USER runner here — GH Actions overrides USER and HOME
# anyway, creating permission conflicts. Instead, we run as root (GH default)
# and use gosu/su-exec for claude commands that refuse root.

12
.github/workflows/evals.yml vendored
View File

@@ -62,6 +62,7 @@ jobs:
credentials: credentials:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
options: --user runner
timeout-minutes: 20 timeout-minutes: 20
strategy: strategy:
fail-fast: false fail-fast: false
@@ -97,9 +98,16 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
# Bun creates root-owned temp dirs during Docker build. GH Actions runs as
# runner user with HOME=/github/home. Redirect bun's cache to a writable dir.
- name: Fix bun temp
run: |
mkdir -p /home/runner/.cache/bun
echo "BUN_INSTALL_CACHE_DIR=/home/runner/.cache/bun" >> "$GITHUB_ENV"
echo "BUN_TMPDIR=/home/runner/.cache/bun" >> "$GITHUB_ENV"
echo "TMPDIR=/home/runner/.cache" >> "$GITHUB_ENV"
# Restore pre-installed node_modules from Docker image via symlink (~0s vs ~15s install) # Restore pre-installed node_modules from Docker image via symlink (~0s vs ~15s install)
# If package.json changed since image was built, fall back to fresh install
# Note: GITHUB_ENV vars from previous step are now active
- name: Restore deps - name: Restore deps
run: | run: |
if [ -d /opt/node_modules_cache ] && diff -q /opt/node_modules_cache/.package.json package.json >/dev/null 2>&1; then if [ -d /opt/node_modules_cache ] && diff -q /opt/node_modules_cache/.package.json package.json >/dev/null 2>&1; then