perf: improve Docker build caching (#19)#25
Closed
lroolle wants to merge 12 commits into
Closed
Conversation
- Detect when host user is root (CLAUDE_UID=0) - Use fallback UID 1000 to avoid conflict with existing root user - Also handle CLAUDE_GID=0 case with same fallback - Display clear warning messages about fallback behavior - Preserves security by still running as non-root in container - Fixes "usermod: UID '0' already exists" error Resolves #21 Co-authored-by: Eric Wang <lroolle@users.noreply.github.com>
- Separate UID=0 and GID=0 checks to prevent security bypass - Fix case where host user has UID≠0 but GID=0 (would assign root group) - Remove inaccurate warning message about file ownership - Addresses Cursor BugBot security vulnerability report 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add github_token parameter to prevent OIDC token exchange errors - Fixes 401 Unauthorized - Invalid OIDC token error in claude-review CI - Action was trying to use GitHub App auth instead of direct token auth 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove obvious comments that don't add value - Add missing dev log entry for root user handling fix 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Replace hardcoded 1000 fallback with dynamic search - Find first available UID/GID starting from 1000 - Prevents collision with existing container users/groups - More robust handling of edge cases 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Use UID/GID 1000 fallback for predictable file ownership - Existing usermod logic handles UID collision properly - Most host users are UID 1000, so this provides correct file ownership - Simpler than dynamic search while achieving the goal 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Explain why UID 0 can't be reassigned (root user exists) - Clarify security fix prevents root group assignment - Note that 1000 fallback provides proper file ownership 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add registry cache alongside GitHub Actions cache for better persistence - Add Docker build job in CI to warm cache on PRs - Registry cache survives across branches and reduces release build times - Resolves #19: Docker image build performance issues 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add perf optimization entry to DEV-LOGS.md - Document dual caching strategy in CHANGELOG.md under Performance section Closes #19
Action doesn't support pull_request_target event type
There was a problem hiding this comment.
Bug: Workflow Changes Break PR Handling
The workflow changes introduce two issues:
- Limited Permissions for Forked PRs: Switching from
pull_request_targettopull_requestmeans workflows for PRs from external forks will run with limited permissions. This prevents the Claude action from writing review comments (due to insufficientpull-requests: writeandissues: writepermissions) and accessingsecrets.ANTHROPIC_API_KEY. - Incorrect Code Checkout: Removing the explicit
refparameter causes the workflow to check out the target branch instead of the PR branch forissue_commentevents on PRs. This results in code reviews being performed on the wrong code. For these events, therefshould begithub.event.issue.pull_request.head.sha.
.github/workflows/claude-code-review.yml#L3-L33
BugBot free trial expires on July 22, 2025
You have used $0.00 of your $10.00 spend limit so far. Manage your spend limit in the Cursor dashboard.
Was this report helpful? Give feedback by reacting with 👍 or 👎
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dual caching strategy resolves 49+ minute build times
Closes #19