From 85caa5d447edecab62f6a16b07c6869987a426fe Mon Sep 17 00:00:00 2001
From: Llugaes <43494187+Llugaes@users.noreply.github.com>
Date: Wed, 22 Apr 2026 16:33:58 +0800
Subject: [PATCH] fix(docker): exclude runtime data/ from build context
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Dockerfile declares VOLUME /opt/data and the published
docker-compose flow bind-mounts ./data:/opt/data for runtime
state. Because .dockerignore did not list data/, any file the
container writes under /opt/data leaks back into the build
context on the next `docker compose build`.

This becomes a hard failure when the container writes a
dangling symlink there — e.g. PulseAudio's XDG runtime entry
(data/.config/pulse/<host>-runtime -> /tmp/pulse-*) whose
target only exists inside the container. Docker's tar packer
cannot resolve the broken symlink on the host and aborts
context load with `invalid file request`.

Excluding data/ keeps build context clean, shrinks the context
tarball (logs/, sessions/, memories/ no longer shipped), and
matches the intent already expressed in .gitignore.
---
 .dockerignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.dockerignore b/.dockerignore
index 244e60340..0e4a88fd2 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -14,3 +14,6 @@ node_modules
 .env
 
 *.md
+
+# Runtime data (bind-mounted at /opt/data; must not leak into build context)
+data/