From 5e44a9941023b93b3a043c729f8bbfec14275e28 Mon Sep 17 00:00:00 2001 From: Guoguo <16666742+imguoguo@users.noreply.github.com> Date: Thu, 9 Apr 2026 10:53:52 +0800 Subject: [PATCH] fix(docker): run self-built images as root for parity with release (#2435) The self-built docker/Dockerfile and docker/Dockerfile.heavy created a dedicated picoclaw user (uid 1000) and stored config at /home/picoclaw/.picoclaw, while the released images from Dockerfile.goreleaser (and Dockerfile.full) run as root at /root/.picoclaw. Both docker-compose files mount ./data:/root/.picoclaw, so self-built images silently broke when used with the shared compose. Drop the picoclaw user switch and align both Dockerfiles on root + /root/.picoclaw. Dockerfile also adopts the release entrypoint.sh so first-run behavior matches between self-built and release tags. Co-authored-by: Claude Opus 4.6 (1M context) --- docker/Dockerfile | 17 ++++------------- docker/Dockerfile.heavy | 11 ++--------- 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 480244127..f36a98ff6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -26,18 +26,9 @@ RUN apk add --no-cache ca-certificates tzdata curl HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD wget -q --spider http://localhost:18790/health || exit 1 -# Copy binary +# Copy binary and first-run entrypoint (same as release image). COPY --from=builder /src/build/picoclaw /usr/local/bin/picoclaw +COPY docker/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh -# Create non-root user and group -RUN addgroup -g 1000 picoclaw && \ - adduser -D -u 1000 -G picoclaw picoclaw - -# Switch to non-root user -USER picoclaw - -# Run onboard to create initial directories and config -RUN /usr/local/bin/picoclaw onboard - -ENTRYPOINT ["picoclaw"] -CMD ["gateway"] +ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker/Dockerfile.heavy b/docker/Dockerfile.heavy index cbc243e39..2a9fc742d 100644 --- a/docker/Dockerfile.heavy +++ b/docker/Dockerfile.heavy @@ -48,20 +48,13 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ # Copy binary COPY --from=builder /src/build/picoclaw /usr/local/bin/picoclaw -# Reuse existing node user (UID/GID 1000) — rename to picoclaw -RUN deluser node 2>/dev/null; delgroup node 2>/dev/null; \ - addgroup -g 1000 picoclaw 2>/dev/null; \ - adduser -D -u 1000 -G picoclaw -h /home/picoclaw picoclaw 2>/dev/null || true - -USER picoclaw - # Run onboard to create initial directories and config RUN /usr/local/bin/picoclaw onboard # Copy default workspace -COPY --chown=picoclaw:picoclaw workspace/ /home/picoclaw/.picoclaw/workspace/ +COPY workspace/ /root/.picoclaw/workspace/ -VOLUME /home/picoclaw/.picoclaw/workspace +VOLUME /root/.picoclaw/workspace ENTRYPOINT ["picoclaw"] CMD ["gateway"]