From 2e5fa7aa26b35817a1cee3b75f80c2e2db48e9ef Mon Sep 17 00:00:00 2001
From: Cheffromspace <jonflatt@gmail.com>
Date: Sat, 31 May 2025 21:30:52 -0500
Subject: [PATCH] fix: Complete production build logic in build.sh (#150)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Remove claude-config directory

* fix: Complete production build logic in build.sh

Complete the truncated production build logic that was missing from
scripts/build/build.sh:

- Add complete production build implementation that creates a temporary
  Dockerfile with claude-config copying enabled
- Update regular Dockerfile.claudecode to comment out claude-config copying
  for non-production builds
- Production builds now properly require claude-config directory and copy
  it into the container
- Regular builds work without claude-config directory (for development)

The production build creates a temporary Dockerfile.claudecode.prod with
claude-config copying enabled, builds the production image, then cleans
up the temporary file.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
---
 Dockerfile.claudecode  |   9 ++--
 scripts/build/build.sh | 104 +++++++++++++++++++++++++++++++++++++++--
 2 files changed, 105 insertions(+), 8 deletions(-)

diff --git a/Dockerfile.claudecode b/Dockerfile.claudecode
index e76d496..584102d 100644
--- a/Dockerfile.claudecode
+++ b/Dockerfile.claudecode
@@ -44,10 +44,11 @@ RUN npm install -g @anthropic-ai/claude-code
 # Switch back to root
 USER root
 
-# Copy the pre-authenticated Claude config to BOTH root and node user
-COPY claude-config /root/.claude
-COPY claude-config /home/node/.claude
-RUN chown -R node:node /home/node/.claude
+# Copy the pre-authenticated Claude config to BOTH root and node user (only for production builds)
+# For regular builds, this will be empty directories that Claude can authenticate into
+# COPY claude-config /root/.claude
+# COPY claude-config /home/node/.claude
+# RUN chown -R node:node /home/node/.claude
 
 # Copy the rest of the setup
 WORKDIR /workspace
diff --git a/scripts/build/build.sh b/scripts/build/build.sh
index b3f454d..6e7c117 100755
--- a/scripts/build/build.sh
+++ b/scripts/build/build.sh
@@ -25,10 +25,106 @@ case "$BUILD_TYPE" in
     fi
     
     echo "Building production image with pre-authenticated config..."
-    cp Dockerfile.claudecode Dockerfile.claudecode.backup
-    # Production build logic from update-production-image.sh
-    # ... (truncated for brevity)
-    docker build -f Dockerfile.claudecode -t claude-code-runner:production .
+    
+    # Create a temporary production Dockerfile with claude-config enabled
+    cat > Dockerfile.claudecode.prod << 'EOF'
+FROM node:24
+
+# Install dependencies
+RUN apt update && apt install -y less \
+  git \
+  procps \
+  sudo \
+  fzf \
+  zsh \
+  man-db \
+  unzip \
+  gnupg2 \
+  gh \
+  iptables \
+  ipset \
+  iproute2 \
+  dnsutils \
+  aggregate \
+  jq
+
+# Set up npm global directory
+RUN mkdir -p /usr/local/share/npm-global && \
+  chown -R node:node /usr/local/share
+
+# Configure zsh and command history
+ENV USERNAME=node
+RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
+  && mkdir /commandhistory \
+  && touch /commandhistory/.bash_history \
+  && chown -R $USERNAME /commandhistory
+
+# Create workspace and config directories
+RUN mkdir -p /workspace /home/node/.claude && \
+  chown -R node:node /workspace /home/node/.claude
+
+# Switch to node user temporarily for npm install
+USER node
+ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
+ENV PATH=$PATH:/usr/local/share/npm-global/bin
+
+# Install Claude Code  
+RUN npm install -g @anthropic-ai/claude-code
+
+# Switch back to root
+USER root
+
+# Copy the pre-authenticated Claude config to BOTH root and node user (PRODUCTION ONLY)
+COPY claude-config /root/.claude
+COPY claude-config /home/node/.claude
+RUN chown -R node:node /home/node/.claude
+
+# Copy the rest of the setup
+WORKDIR /workspace
+
+# Install delta and zsh
+RUN ARCH=$(dpkg --print-architecture) && \
+  wget "https://github.com/dandavison/delta/releases/download/0.18.2/git-delta_0.18.2_${ARCH}.deb" && \
+  sudo dpkg -i "git-delta_0.18.2_${ARCH}.deb" && \
+  rm "git-delta_0.18.2_${ARCH}.deb"
+
+RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v1.2.0/zsh-in-docker.sh)" -- \
+  -p git \
+  -p fzf \
+  -a "source /usr/share/doc/fzf/examples/key-bindings.zsh" \
+  -a "source /usr/share/doc/fzf/examples/completion.zsh" \
+  -a "export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
+  -x
+
+# Copy firewall and entrypoint scripts
+COPY scripts/security/init-firewall.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/init-firewall.sh && \
+  echo "node ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/node-firewall && \
+  chmod 0440 /etc/sudoers.d/node-firewall
+
+# Create scripts directory and copy unified entrypoint script
+RUN mkdir -p /scripts/runtime
+COPY scripts/runtime/claudecode-entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY scripts/runtime/claudecode-entrypoint.sh /scripts/runtime/claudecode-entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh && \
+  chmod +x /scripts/runtime/claudecode-entrypoint.sh
+
+# Set the default shell to bash
+ENV SHELL /bin/zsh
+ENV DEVCONTAINER=true
+
+# Run as root to allow permission management
+USER root
+
+# Use the custom entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+EOF
+    
+    # Build the production image
+    docker build -f Dockerfile.claudecode.prod -t claude-code-runner:production .
+    
+    # Clean up temporary file
+    rm -f Dockerfile.claudecode.prod
     ;;
   
   *)