From d1835686440d60686b7b9f66e160d47e747266da Mon Sep 17 00:00:00 2001
From: Dax Raad <d@ironbay.co>
Date: Sat, 18 Apr 2026 22:32:53 -0400
Subject: core: ensure executable permissions are set before Docker builds

Fixes an issue where GitHub artifact downloads could strip executable bits
from binaries, causing Docker builds to fail when using unpacked dist files
directly rather than published tarballs. The chmod now runs before the
publish check to guarantee binaries are executable.
---
 packages/opencode/script/publish.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/opencode/script/publish.ts b/packages/opencode/script/publish.ts
index b444106a1..7557c475f 100755
--- a/packages/opencode/script/publish.ts
+++ b/packages/opencode/script/publish.ts
@@ -12,11 +12,13 @@ async function published(name: string, version: string) {
 }
 
 async function publish(dir: string, name: string, version: string) {
+  // GitHub artifact downloads can drop the executable bit, and Docker uses the
+  // unpacked dist binaries directly rather than the published tarball.
+  if (process.platform !== "win32") await $`chmod -R 755 .`.cwd(dir)
   if (await published(name, version)) {
     console.log(`already published ${name}@${version}`)
     return
   }
-  if (process.platform !== "win32") await $`chmod -R 755 .`.cwd(dir)
   await $`bun pm pack`.cwd(dir)
   await $`npm publish *.tgz --access public --tag ${Script.channel}`.cwd(dir)
 }
-- 
cgit v1.2.3