From 6cd599079ba47275b47f593b6a29b590ffd5b0ad Mon Sep 17 00:00:00 2001
From: Kayos <kayos@sulkta.com>
Date: Wed, 29 Apr 2026 18:06:02 +0000
Subject: [PATCH] Dockerfile: set GOPATH=/home/crafter/go BEFORE go install
 layer (was inheriting /root/go)

---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 6f0aa1a..486bed8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -230,6 +230,11 @@ RUN python3 -m pip install --user --break-system-packages --no-cache-dir pipx \
     && pipx install semgrep
 
 # ============================================================
+# Reset GOPATH to crafter-owned path BEFORE the go install runs as crafter.
+# (The /root/go default set in the root-user ENV block fails permission-wise here.)
+ENV PATH=/home/crafter/go/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/root/.bun/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/root/go/bin \
+    GOPATH=/home/crafter/go
+
 # 17. Go user tooling: govulncheck + staticcheck
 # ============================================================
 RUN go install golang.org/x/vuln/cmd/govulncheck@latest \