Skip to content

perf: improve Docker build caching (#19)#25

Closed
lroolle wants to merge 12 commits into
mainfrom
perf/docker-build-caching
Closed

perf: improve Docker build caching (#19)#25
lroolle wants to merge 12 commits into
mainfrom
perf/docker-build-caching

Conversation

@lroolle

@lroolle lroolle commented Jun 23, 2025

Copy link
Copy Markdown
Member

Dual caching strategy resolves 49+ minute build times

  • Registry cache persists across branches/runners
  • CI cache warming on PRs accelerates releases
  • Combined GHA + registry maximizes cache hits

Closes #19

claude Bot and others added 12 commits June 23, 2025 10:14
- Detect when host user is root (CLAUDE_UID=0) 
- Use fallback UID 1000 to avoid conflict with existing root user
- Also handle CLAUDE_GID=0 case with same fallback
- Display clear warning messages about fallback behavior
- Preserves security by still running as non-root in container
- Fixes "usermod: UID '0' already exists" error

Resolves #21

Co-authored-by: Eric Wang <lroolle@users.noreply.github.com>
- Separate UID=0 and GID=0 checks to prevent security bypass
- Fix case where host user has UID≠0 but GID=0 (would assign root group)
- Remove inaccurate warning message about file ownership
- Addresses Cursor BugBot security vulnerability report

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Add github_token parameter to prevent OIDC token exchange errors
- Fixes 401 Unauthorized - Invalid OIDC token error in claude-review CI
- Action was trying to use GitHub App auth instead of direct token auth

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Remove obvious comments that don't add value
- Add missing dev log entry for root user handling fix

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Replace hardcoded 1000 fallback with dynamic search
- Find first available UID/GID starting from 1000
- Prevents collision with existing container users/groups
- More robust handling of edge cases

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Use UID/GID 1000 fallback for predictable file ownership
- Existing usermod logic handles UID collision properly
- Most host users are UID 1000, so this provides correct file ownership
- Simpler than dynamic search while achieving the goal

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Explain why UID 0 can't be reassigned (root user exists)
- Clarify security fix prevents root group assignment
- Note that 1000 fallback provides proper file ownership

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Add registry cache alongside GitHub Actions cache for better persistence
- Add Docker build job in CI to warm cache on PRs
- Registry cache survives across branches and reduces release build times
- Resolves #19: Docker image build performance issues

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
- Add perf optimization entry to DEV-LOGS.md
- Document dual caching strategy in CHANGELOG.md under Performance section

Closes #19
Action doesn't support pull_request_target event type
@lroolle lroolle closed this Jun 23, 2025

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Workflow Changes Break PR Handling

The workflow changes introduce two issues:

  1. Limited Permissions for Forked PRs: Switching from pull_request_target to pull_request means workflows for PRs from external forks will run with limited permissions. This prevents the Claude action from writing review comments (due to insufficient pull-requests: write and issues: write permissions) and accessing secrets.ANTHROPIC_API_KEY.
  2. Incorrect Code Checkout: Removing the explicit ref parameter causes the workflow to check out the target branch instead of the PR branch for issue_comment events on PRs. This results in code reviews being performed on the wrong code. For these events, the ref should be github.event.issue.pull_request.head.sha.

.github/workflows/claude-code-review.yml#L3-L33

https://github.com/lroolle/claude-code-yolo/blob/2da66f45550b9f5c4950990385a8fa42a6990e98/.github/workflows/claude-code-review.yml#L3-L33

Fix in Cursor


BugBot free trial expires on July 22, 2025
You have used $0.00 of your $10.00 spend limit so far. Manage your spend limit in the Cursor dashboard.

Was this report helpful? Give feedback by reacting with 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Release performance: Docker image build too slow due to large dev dependencies

1 participant