chore: fix build workflow

.github/workflows/reusable-build-image.yaml

@@ -38,12 +38,15 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
-          context: .
-          file: ./docker/Dockerfile
+          context: ./docker
           provenance: false
           # Build for both amd64 and arm64
           platforms: "linux/amd64,linux/arm64"
           push: ${{ inputs.push }}
           tags: ${{ inputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          secrets: |
+            github_token=${{ secrets.GITHUB_TOKEN }}
         env:
           DOCKER_BUILD_SUMMARY: false

docker/Brewfile

@@ -1,3 +1,2 @@
 brew 'mise'
-brew 'vim'
 cask 'claude-code'

docker/Dockerfile

@@ -11,22 +11,17 @@ RUN apt-get update && \
     procps \
     curl \
     file \
-    git \
-    sudo && \
+    git && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-# setup sudo user
-ARG SUDO_USER_UID=1001
-ARG SUDO_USER_GID=$SUDO_USER_UID
-ARG SUDO_USERNAME=sudo-user
-RUN echo "Defaults:sudo-user !env_reset" > /etc/sudoers && \
-    echo "sudo-user    ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
-    groupadd --gid ${SUDO_USER_GID} ${SUDO_USERNAME} && \
-    useradd -s /bin/bash --uid ${SUDO_USER_UID} --gid ${SUDO_USER_GID} -G sudo -m ${SUDO_USERNAME}
-USER ${SUDO_USERNAME}
-
-# install brew
+# create linuxbrew user for Homebrew installation
+RUN useradd -m -s /bin/bash linuxbrew && \
+    mkdir -p /home/linuxbrew/.linuxbrew && \
+    chown -R linuxbrew:linuxbrew /home/linuxbrew
+
+# install brew as linuxbrew user
+USER linuxbrew
 ARG NONINTERACTIVE=1
 RUN /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/09792a0a1565f62eb8c90f1578a992968c85468c/install.sh)"
 
@@ -45,6 +40,7 @@ RUN apt-get update && \
     ssh-client \
     procps \
     gnupg \
+    vim \
     zsh && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -71,19 +67,30 @@ ENV MISE_CONFIG_DIR="/mise"
 ENV MISE_CACHE_DIR="/mise/cache"
 ENV MISE_INSTALL_PATH="/usr/local/bin/mise"
 
+RUN mkdir -p /home/linuxbrew && \
+    chown -R ${USER_UID}:${USER_GID} /home/linuxbrew
+
 USER ${USERNAME}
 
 # setup brew
-COPY --from=install-brew /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew
-COPY Brewfile ${HOME_DIR}/Brewfile
+COPY --from=install-brew --chown=${USER_UID}:${USER_GID} /home/linuxbrew/.linuxbrew /home/linuxbrew/.linuxbrew
+
+# install mise
+RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+    brew install mise
+
+# install claude-code
+RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+    brew install --cask claude-code
+
+# cleanup brew
 RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
-    brew bundle --file=${HOME_DIR}/Brewfile && \
     brew cleanup -s && \
-    rm -rf $(brew --cache) && \
-    rm -rf ${HOME_DIR}/Brewfile
+    rm -rf $(brew --cache)
 
 # install baseline tools from /mise/config.toml
-RUN eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
+RUN --mount=type=secret,id=github_token,env=GITHUB_TOKEN \
+    eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv) && \
     mise install --yes
 
 ARG PNPM_HOME="${HOME_DIR}/.local/share/pnpm"

scripts/post-create.sh

@@ -2,6 +2,7 @@
 
 # remove ssh program settings for host env
 git config --global --unset gpg.ssh.program || true
+git config --global --add safe.directory /workspace
 
 # install project-specific tools from workspace mise.toml
 mise install --yes