From 8ef1cd6b7e43808e1c358a7dab8d34dd77669556 Mon Sep 17 00:00:00 2001 From: Mish Ushakov <10400064+mishushakov@users.noreply.github.com> Date: Mon, 8 Jun 2026 11:43:51 +0200 Subject: [PATCH 1/5] ci: build base template via e2b CLI in addition to DockerHub push Add a buildTemplate job that installs @e2b/cli from npm and runs `e2b template create base --memory-mb 512`, alongside the existing DockerHub image build. Drop the now-unused e2b.toml config. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/templates.yml | 28 ++++++++++++++++++++++++++-- templates/base/e2b.Dockerfile | 3 +-- templates/base/e2b.toml | 17 ----------------- 3 files changed, 27 insertions(+), 21 deletions(-) delete mode 100644 templates/base/e2b.toml diff --git a/.github/workflows/templates.yml b/.github/workflows/templates.yml index f4981a4f41..43c5d13657 100644 --- a/.github/workflows/templates.yml +++ b/.github/workflows/templates.yml @@ -12,12 +12,12 @@ permissions: contents: read jobs: - buildAndPublish: + buildAndPushImage: defaults: run: working-directory: ./templates/base - name: Build and Push Images + name: Build and Push Image to DockerHub runs-on: ubuntu-22.04 steps: - name: Checkout repository @@ -39,3 +39,27 @@ jobs: --platform linux/amd64,linux/arm64 \ --push \ --tag ${{ secrets.DOCKERHUB_USERNAME }}/base:latest . + + buildTemplate: + name: Build and Publish E2B Template + runs-on: ubuntu-22.04 + env: + E2B_API_KEY: ${{ secrets.E2B_API_KEY }} + # The published @e2b/cli still requires an access token for `template create`. + # Remove this once a CLI version without that gate is released. + E2B_ACCESS_TOKEN: ${{ secrets.E2B_ACCESS_TOKEN }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: 20 + + - name: Install E2B CLI + run: npm install -g @e2b/cli + + - name: Build and publish base template + working-directory: ./templates/base + run: e2b template create base --memory-mb 512 diff --git a/templates/base/e2b.Dockerfile b/templates/base/e2b.Dockerfile index 367b156b33..befa44d4f4 100644 --- a/templates/base/e2b.Dockerfile +++ b/templates/base/e2b.Dockerfile @@ -7,8 +7,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ gh; \ rm -rf /var/lib/apt/lists/* -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node +RUN groupadd -r node && useradd -r -g node -s /bin/bash -m node ENV NODE_VERSION=20.9.0 diff --git a/templates/base/e2b.toml b/templates/base/e2b.toml deleted file mode 100644 index 065b509fc6..0000000000 --- a/templates/base/e2b.toml +++ /dev/null @@ -1,17 +0,0 @@ -# This is a config for E2B sandbox template. -# You can use template ID (rki5dems9wqfm4r03t7g) or template name (base) to create a sandbox: - -# Python SDK -# from e2b import Sandbox, AsyncSandbox -# sandbox = Sandbox("base") # Sync sandbox -# sandbox = await AsyncSandbox.create("base") # Async sandbox - -# JS SDK -# import { Sandbox } from 'e2b' -# const sandbox = await Sandbox.create('base') - -team_id = "460355b3-4f64-48f9-9a16-4442817f79f5" -memory_mb = 512 -dockerfile = "e2b.Dockerfile" -template_name = "base" -template_id = "rki5dems9wqfm4r03t7g" From ee86f027baefe8854d29934a813d15ae6aba8416 Mon Sep 17 00:00:00 2001 From: Mish Ushakov <10400064+mishushakov@users.noreply.github.com> Date: Mon, 8 Jun 2026 12:22:00 +0200 Subject: [PATCH 2/5] ci: build e2b CLI from source for template build Build the CLI locally from the repo rather than installing the published @e2b/cli package, so the template build runs trusted code. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/templates.yml | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/.github/workflows/templates.yml b/.github/workflows/templates.yml index 43c5d13657..04dce23760 100644 --- a/.github/workflows/templates.yml +++ b/.github/workflows/templates.yml @@ -45,21 +45,43 @@ jobs: runs-on: ubuntu-22.04 env: E2B_API_KEY: ${{ secrets.E2B_API_KEY }} - # The published @e2b/cli still requires an access token for `template create`. + # The CLI still requires an access token for `template create`. # Remove this once a CLI version without that gate is released. E2B_ACCESS_TOKEN: ${{ secrets.E2B_ACCESS_TOKEN }} steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Parse .tool-versions + uses: wistia/parse-tool-versions@v2.1.1 + with: + filename: '.tool-versions' + uppercase: 'true' + prefix: 'tool_version_' + + - name: Install pnpm + uses: pnpm/action-setup@v4 + with: + version: '${{ env.TOOL_VERSION_PNPM }}' + - name: Setup Node uses: actions/setup-node@v3 with: - node-version: 20 + node-version: '${{ env.TOOL_VERSION_NODEJS }}' + cache: pnpm + cache-dependency-path: pnpm-lock.yaml + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build the SDK (pre-requisite for the CLI) + run: pnpm build + working-directory: ./packages/js-sdk - - name: Install E2B CLI - run: npm install -g @e2b/cli + - name: Build the CLI + run: pnpm build + working-directory: ./packages/cli - name: Build and publish base template working-directory: ./templates/base - run: e2b template create base --memory-mb 512 + run: node "$GITHUB_WORKSPACE/packages/cli/dist/index.js" template create base --memory-mb 512 From 7f29aeb27eba53e6e5a914bb05971c7aa9cc1bec Mon Sep 17 00:00:00 2001 From: Mish Ushakov <10400064+mishushakov@users.noreply.github.com> Date: Mon, 8 Jun 2026 12:23:56 +0200 Subject: [PATCH 3/5] ci: extract CLI build into shared composite action Move the build-from-source + global install of the e2b CLI into a reusable composite action at .github/actions/build-cli so it can be shared across workflows. Co-Authored-By: Claude Opus 4.8 --- .github/actions/build-cli/action.yml | 46 ++++++++++++++++++++++++++++ .github/workflows/templates.yml | 33 ++------------------ 2 files changed, 49 insertions(+), 30 deletions(-) create mode 100644 .github/actions/build-cli/action.yml diff --git a/.github/actions/build-cli/action.yml b/.github/actions/build-cli/action.yml new file mode 100644 index 0000000000..70efa6ef0e --- /dev/null +++ b/.github/actions/build-cli/action.yml @@ -0,0 +1,46 @@ +name: 'Build and install E2B CLI' +description: >- + Builds the e2b CLI (and its js-sdk dependency) from source in this repo and + installs it globally so the `e2b` command is available on PATH. Assumes the + repository has already been checked out. + +runs: + using: 'composite' + steps: + - name: Parse .tool-versions + uses: wistia/parse-tool-versions@v2.1.1 + with: + filename: '.tool-versions' + uppercase: 'true' + prefix: 'tool_version_' + + - name: Install pnpm + uses: pnpm/action-setup@v4 + with: + version: '${{ env.TOOL_VERSION_PNPM }}' + + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: '${{ env.TOOL_VERSION_NODEJS }}' + cache: pnpm + cache-dependency-path: pnpm-lock.yaml + + - name: Install dependencies + shell: bash + run: pnpm install --frozen-lockfile + + - name: Build the SDK (pre-requisite for the CLI) + shell: bash + run: pnpm build + working-directory: ./packages/js-sdk + + - name: Build the CLI + shell: bash + run: pnpm build + working-directory: ./packages/cli + + - name: Install the CLI globally + shell: bash + run: npm install -g . + working-directory: ./packages/cli diff --git a/.github/workflows/templates.yml b/.github/workflows/templates.yml index 04dce23760..76e5e1eed8 100644 --- a/.github/workflows/templates.yml +++ b/.github/workflows/templates.yml @@ -52,36 +52,9 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Parse .tool-versions - uses: wistia/parse-tool-versions@v2.1.1 - with: - filename: '.tool-versions' - uppercase: 'true' - prefix: 'tool_version_' - - - name: Install pnpm - uses: pnpm/action-setup@v4 - with: - version: '${{ env.TOOL_VERSION_PNPM }}' - - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version: '${{ env.TOOL_VERSION_NODEJS }}' - cache: pnpm - cache-dependency-path: pnpm-lock.yaml - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Build the SDK (pre-requisite for the CLI) - run: pnpm build - working-directory: ./packages/js-sdk - - - name: Build the CLI - run: pnpm build - working-directory: ./packages/cli + - name: Build and install E2B CLI + uses: ./.github/actions/build-cli - name: Build and publish base template working-directory: ./templates/base - run: node "$GITHUB_WORKSPACE/packages/cli/dist/index.js" template create base --memory-mb 512 + run: e2b template create base --memory-mb 512 From d7a777658ba9f9affb51c6cd9797fed2711ee5ea Mon Sep 17 00:00:00 2001 From: Mish Ushakov <10400064+mishushakov@users.noreply.github.com> Date: Mon, 8 Jun 2026 20:24:06 +0200 Subject: [PATCH 4/5] ci: drop E2B_ACCESS_TOKEN from template build The CLI no longer gates `template create` on an access token, so the E2B_API_KEY is sufficient. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/templates.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/templates.yml b/.github/workflows/templates.yml index 76e5e1eed8..b874682de3 100644 --- a/.github/workflows/templates.yml +++ b/.github/workflows/templates.yml @@ -45,9 +45,6 @@ jobs: runs-on: ubuntu-22.04 env: E2B_API_KEY: ${{ secrets.E2B_API_KEY }} - # The CLI still requires an access token for `template create`. - # Remove this once a CLI version without that gate is released. - E2B_ACCESS_TOKEN: ${{ secrets.E2B_ACCESS_TOKEN }} steps: - name: Checkout repository uses: actions/checkout@v4 From fbe63046529fd4a40897183e71421d2955410ce7 Mon Sep 17 00:00:00 2001 From: Mish Ushakov <10400064+mishushakov@users.noreply.github.com> Date: Tue, 9 Jun 2026 22:19:04 +0200 Subject: [PATCH 5/5] ci: drop redundant SDK build from build-cli action link-workspace-packages is disabled, so the CLI resolves its `e2b` dependency from the published registry package (which ships a prebuilt dist) rather than the workspace source. Building packages/js-sdk first had no effect on the CLI build. Co-Authored-By: Claude Opus 4.8 --- .github/actions/build-cli/action.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/actions/build-cli/action.yml b/.github/actions/build-cli/action.yml index 70efa6ef0e..1a5cc6f91b 100644 --- a/.github/actions/build-cli/action.yml +++ b/.github/actions/build-cli/action.yml @@ -1,8 +1,8 @@ name: 'Build and install E2B CLI' description: >- - Builds the e2b CLI (and its js-sdk dependency) from source in this repo and - installs it globally so the `e2b` command is available on PATH. Assumes the - repository has already been checked out. + Builds the e2b CLI from source in this repo and installs it globally so the + `e2b` command is available on PATH. Assumes the repository has already been + checked out. runs: using: 'composite' @@ -30,11 +30,6 @@ runs: shell: bash run: pnpm install --frozen-lockfile - - name: Build the SDK (pre-requisite for the CLI) - shell: bash - run: pnpm build - working-directory: ./packages/js-sdk - - name: Build the CLI shell: bash run: pnpm build