# ── Stage 1: Build openlatch from source ──────────────────────
# Use the same bookworm base as the runtime stage to avoid glibc mismatch
FROM debian:bookworm-slim AS builder
RUN apt-get update && apt-get install -y curl build-essential pkg-config && rm -rf /var/lib/apt/lists/*
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
ENV PATH="/root/.cargo/bin:${PATH}"
WORKDIR /src
COPY Cargo.toml Cargo.lock ./
COPY src/ src/
RUN cargo build --release --bin openlatch --features full-cli
# ── Stage 2: Runtime ──────────────────────────────────────────
FROM node:22-bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates curl jq && rm -rf /var/lib/apt/lists/*
# Install Claude Code
RUN npm install -g @anthropic-ai/claude-code
# Install openlatch (built in stage 1)
COPY --from=builder /src/target/release/openlatch /usr/local/bin/openlatch
# Create non-root user (Claude Code refuses --dangerously-skip-permissions as root)
RUN useradd -m -s /bin/bash testuser
# Create required directories owned by testuser
RUN mkdir -p /home/testuser/.claude /home/testuser/.openlatch/logs && \
chown -R testuser:testuser /home/testuser/.claude /home/testuser/.openlatch
# Suppress Claude Code auto-update and telemetry
ENV DISABLE_AUTOUPDATER=1
ENV CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
ENV OPENLATCH_LOG_LEVEL=debug
ENV OPENLATCH_UPDATE_CHECK=false
COPY tools/e2e/docker/live-entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
WORKDIR /workspace
# Create a file for Claude Code to read during the test
RUN echo "Hello from openlatch live e2e test" > README.md && chown testuser:testuser README.md
USER testuser
ENTRYPOINT ["/entrypoint.sh"]