diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 3b24156..88bd60f 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -38,6 +38,7 @@ jobs: uses: anthropics/claude-code-action@beta with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4) # model: "claude-opus-4-20250514" diff --git a/DEV-LOGS.md b/DEV-LOGS.md index e9ef513..1efc724 100644 --- a/DEV-LOGS.md +++ b/DEV-LOGS.md @@ -5,6 +5,36 @@ ## Issue Analysis: 2025-06-23 +### [bug-fixed] Root user (UID 0) handling in docker-entrypoint.sh + +**Problem**: `sudo claude-yolo` fails with "usermod: UID '0' already exists" error. + +**Root Cause**: Can't reassign existing UID 0 (root) to claude user. + +**Security Fix**: Handle UID=0 and GID=0 independently to prevent root group assignment. + +**Solution**: Use fallback UID/GID 1000 for proper file ownership with existing collision handling. + +**Status**: ✅ **COMPLETED** - PR #22 + +--- + +## Issue Analysis: 2025-06-23 + +### [bug-fixed] Claude Code Review OIDC token authentication error + +**Problem**: CI failing with "Invalid OIDC token" after changing permissions to write. + +**Solution**: Added explicit `github_token: ${{ secrets.GITHUB_TOKEN }}` to force direct token auth. + +**Cause**: Write permissions trigger GitHub App auth by default, but no App configured. + +**Status**: ✅ **COMPLETED** + +--- + +## Issue Analysis: 2025-06-23 + ### [enhancement-completed] Claude Code Review workflow simplification **Problem**: Overcomplicated workflow with manual duplicate detection using GitHub CLI. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 582f7cf..cb3c4d8 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -59,6 +59,16 @@ setup_nonroot_user() { local current_uid=$(id -u "$CLAUDE_USER") local current_gid=$(id -g "$CLAUDE_USER") + if [ "$CLAUDE_UID" = "0" ]; then + echo "[entrypoint] WARNING: Host user is root (UID=0). Using fallback UID 1000 for security." + CLAUDE_UID=1000 + fi + + if [ "$CLAUDE_GID" = "0" ]; then + echo "[entrypoint] WARNING: Host user is in root group (GID=0). Using fallback GID 1000 for security." + CLAUDE_GID=1000 + fi + if [ "$CLAUDE_GID" != "$current_gid" ]; then [ "$VERBOSE" = "true" ] && echo "[entrypoint] updating $CLAUDE_USER GID: $current_gid -> $CLAUDE_GID" if getent group "$CLAUDE_GID" >/dev/null 2>&1; then