fix: bun.lockb → bun.lock + auth before manifest check

This project uses bun.lock (text format), not bun.lockb (binary).
Also move Docker login before manifest inspect so GHCR auth works.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/docker/Dockerfile.ci

@@ -31,9 +31,9 @@ ENV PATH="$BUN_INSTALL/bin:$PATH"
 RUN npm i -g @anthropic-ai/claude-code
 
 # Pre-install dependencies (cached layer — only rebuilds when lockfile changes)
-COPY bun.lockb package.json /workspace/
+COPY bun.lock package.json /workspace/
 WORKDIR /workspace
-RUN bun install --frozen-lockfile && rm -rf /tmp/*
+RUN bun install && rm -rf /tmp/*
 
 # Verify everything works
 RUN bun --version && node --version && claude --version && jq --version && gh --version

.github/workflows/ci-image.yml

@@ -8,14 +8,14 @@ on:
     branches: [main]
     paths:
       - '.github/docker/Dockerfile.ci'
-      - 'bun.lockb'
+      - 'bun.lock'
       - 'package.json'
   # Build on PRs that change the image (so first PR run has it)
   pull_request:
     branches: [main]
     paths:
       - '.github/docker/Dockerfile.ci'
-      - 'bun.lockb'
+      - 'bun.lock'
       - 'package.json'
   # Manual trigger
   workflow_dispatch:
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@v4
 
       # Copy lockfile + package.json into Docker build context
-      - run: cp bun.lockb package.json .github/docker/
+      - run: cp bun.lock package.json .github/docker/
 
       - uses: docker/login-action@v3
         with:

.github/workflows/evals.yml

@@ -23,7 +23,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - id: meta
-        run: echo "tag=${{ env.IMAGE }}:${{ hashFiles('.github/docker/Dockerfile.ci', 'bun.lockb', 'package.json') }}" >> "$GITHUB_OUTPUT"
+        run: echo "tag=${{ env.IMAGE }}:${{ hashFiles('.github/docker/Dockerfile.ci', 'bun.lock', 'package.json') }}" >> "$GITHUB_OUTPUT"
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Check if image exists
         id: check
@@ -33,18 +39,9 @@ jobs:
           else
             echo "exists=false" >> "$GITHUB_OUTPUT"
           fi
-        env:
-          DOCKER_CLI_EXPERIMENTAL: enabled
 
       - if: steps.check.outputs.exists == 'false'
-        uses: docker/login-action@v3
+        run: cp bun.lock package.json .github/docker/
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - if: steps.check.outputs.exists == 'false'
-        run: cp bun.lockb package.json .github/docker/
 
       - if: steps.check.outputs.exists == 'false'
         uses: docker/build-push-action@v6