Put packer build in the terraform graph

[djeebus]

This simplifies the process, reduces the number of steps

[cursor]

PR Summary

High Risk
Apply now runs Packer builds and rolls new images through every node pool; mis-triggers or failed builds block or reshape production cluster capacity.

Overview
Moves the e2b-orch node disk image build into the main Terraform apply path via the toowoxx/packer provider, so packer build is no longer a separate bootstrap step. Cluster node pools on AWS and GCP stop resolving “latest” AMIs/GCE image families and instead boot from the image produced in that graph (manifest output parsed into launch templates / instance templates).

Init and deploy workflows now install Packer and plugins where needed; provider Makefiles split tf-init from init and only cache plugins during init. On GCP the dedicated Packer build network Terraform root is removed in favor of the shared cluster network with IAP-scoped SSH rules for the build VM.

^{Reviewed by Cursor Bugbot for commit 2778415. Bugbot is set up for automated code reviews on this repo. Configure here.}

[codecov]

❌ 3 Tests Failed:

Tests completed	Failed	Passed	Skipped
2716	3	2713	7

View the full list of 3 ❄️ flaky test(s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestCommandKillNextApp

Flake rate in main: 40.06% (Passed 859 times, Failed 574 times)

Stack Traces | 273s run time

=== RUN   TestCommandKillNextApp
=== PAUSE TestCommandKillNextApp
=== CONT  TestCommandKillNextApp
    process_test.go:28: Command [npx] output: event:{start:{pid:1276}}
Executing command /bin/bash in sandbox iekf2yhcarwy3b3miko8x
    process_test.go:28: Command [npx] output: event:{data:{stderr:"npm"}}
    process_test.go:28: Command [npx] output: event:{data:{stderr:" WARN exec"}}
    process_test.go:28: Command [npx] output: event:{data:{stderr:" The following package was not found and will be installed: create-next-app@16.2.7\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"Creating a new Next.js app in .../home/user/nextapp.\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"Using npm.\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"\nInitializing project with template: app-tw \n\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"\nInstalling dependencies:\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- next\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- react\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- react-dom\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"\nInstalling devDependencies:\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- @tailwindcss/postcss\n- @types/node\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- @types/react\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- @types/react-dom\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- eslint\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- eslint-config-next\n"}}
    process_test.go:28: Command [npx] output: event:{data:{stdout:"- tailwindcss\n- typescript\n\n"}}
    process_test.go:28: Command [npx] output: event:{keepalive:{}}
    process_test.go:29: 
        	Error Trace:	.../tests/envd/process_test.go:29
        	Error:      	Received unexpected error:
        	            	failed to execute command npx in sandbox inu128rubv4eqoswx2o5l: invalid_argument: protocol error: incomplete envelope: unexpected EOF
        	Test:       	TestCommandKillNextApp
--- FAIL: TestCommandKillNextApp (272.84s)

github.com/e2b-dev/infra/tests/integration/internal/tests/proxies::TestEnvdAccessTokenAutoResumeViaProxy

Flake rate in main: 40.32% (Passed 860 times, Failed 581 times)

Stack Traces | 11.2s run time

=== RUN   TestEnvdAccessTokenAutoResumeViaProxy
=== PAUSE TestEnvdAccessTokenAutoResumeViaProxy
=== CONT  TestEnvdAccessTokenAutoResumeViaProxy
    traffic_access_token_test.go:357: 
        	Error Trace:	.../tests/proxies/traffic_access_token_test.go:357
        	Error:      	Received unexpected error:
        	            	Get "http://localhost:3002/health": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
        	Test:       	TestEnvdAccessTokenAutoResumeViaProxy
--- FAIL: TestEnvdAccessTokenAutoResumeViaProxy (11.18s)

github.com/e2b-dev/infra/tests/integration/internal/tests/proxies::TestSandboxAutoResumeViaProxy

Flake rate in main: 40.79% (Passed 858 times, Failed 591 times)

Stack Traces | 19.4s run time

=== RUN   TestSandboxAutoResumeViaProxy
=== PAUSE TestSandboxAutoResumeViaProxy
=== CONT  TestSandboxAutoResumeViaProxy
Executing command ls in sandbox ita1wlofglqgf73s2omk7
    auto_resume_test.go:97: [Status code: 502] Response body: {"sandboxId":"i0j7l1pg7h0tu8qt9ii7m","message":"The sandbox is running but port is not open","port":8000,"code":502}
    auto_resume_test.go:116: 
        	Error Trace:	.../tests/proxies/auto_resume_test.go:116
        	Error:      	Received unexpected error:
        	            	Get "http://localhost:3002": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
        	Test:       	TestSandboxAutoResumeViaProxy
--- FAIL: TestSandboxAutoResumeViaProxy (19.43s)

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[gemini-code-assist]

Code Review

The fileset call in packer-image.tf matches all files in the Packer directory, including manifest.json which is updated at the end of every Packer build. This creates a perpetual diff loop where every successful build modifies manifest.json, changing the files hash and triggering another rebuild on the next Terraform run. Filtering out manifest.json from the file dependencies list prevents this rebuild loop.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bc127b2a0c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c9087e2d45

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0647a29b49

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 20b6d0fcac

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 2778415. Configure here.}

[cursor]

apply-init skips Packer plugin install

Medium Severity

apply-init only applies module.init, but a full apply now runs the packer_image resource and needs the Packer CLI plus provider plugins on the machine. init still runs nomad-cluster-disk-image init; apply-init does not, so a path of apply-init then plan/apply (as in deploy-infra locally, without the composite action’s Packer steps) can fail when Packer builds the node image.

Additional Locations (1)

• iac/provider-aws/Makefile#L116-L119

 

^{Reviewed by Cursor Bugbot for commit 2778415. Configure here.}