e2b-dev
diff --git a/‎.github/actions/deploy-setup/action.yml‎
Lines changed: 23 additions & 14 deletions b/‎.github/actions/deploy-setup/action.yml‎
Lines changed: 23 additions & 14 deletions
diff --git a/‎.github/workflows/build-and-upload-job.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-and-upload-job.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/deploy-infra.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/deploy-infra.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/deploy-job.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/deploy-job.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/pr-tests-arm64.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/pr-tests-arm64.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/pr-tests.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/pr-tests.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.golangci.yml‎
Lines changed: 3 additions & 0 deletions b/‎.golangci.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎iac/modules/job-api/main.tf‎
Lines changed: 9 additions & 1 deletion b/‎iac/modules/job-api/main.tf‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎packages/api/go.mod‎
Lines changed: 27 additions & 22 deletions b/‎packages/api/go.mod‎
Lines changed: 27 additions & 22 deletions
@@ -4,38 +4,38 @@ inputs:
   environment:
     description: "Target environment for deployment, e.g. staging"
     required: true
-  infisical_client_id:
-    description: "Infisical client ID for accessing secrets"
-    required: true
-  infisical_client_secret:
-    description: "Infisical client secret for accessing secrets"
-    required: true
   install_gcloud:
     description: "Whether to install the gcloud CLI (needed for gsutil/docker auth)"
     required: false
     default: "false"
+  infisical_machine_identity_id:
+    description: "Infisical machine identity ID for accessing secrets"
+    required: true
 
 runs:
   using: "composite"
   steps:
-    - uses: Infisical/secrets-action@v1.0.9
+    - name: Pull infisical secrets into temporary file
+      uses: Infisical/secrets-action@v1.0.15
       with:
-        client-id: ${{ inputs.infisical_client_id }}
-        client-secret: ${{ inputs.infisical_client_secret }}
-        env-slug: ${{ inputs.environment }}
+        method: "oidc"
+        identity-id: ${{ inputs.infisical_machine_identity_id }}
         project-slug: "infra-deployment"
+        env-slug: ${{ inputs.environment }}
         export-type: "file"
         file-output-path: "/.env.infisical"
 
-    - name: Load Environment Variables
+    - name: Transform infisical secrets into make include file, load a few as environment variables
       id: load-env
+      env:
+        ENVIRONMENT: ${{ inputs.environment }}
       run: |
-        echo ${{ inputs.environment }} > .last_used_env
-        cat .env.infisical | sed "s/='\(.*\)'$/=\1/g" > .env.${{ inputs.environment }}
+        echo "${ENVIRONMENT}" > .last_used_env
+        cat .env.infisical | sed "s/='\(.*\)'$/=\1/g" > ".env.${ENVIRONMENT}"
 
         # Load environment variables from .env
         set -a
-        . .env.${{ inputs.environment }}
+        . ".env.${ENVIRONMENT}"
         set +a
 
         echo "GCP_REGION=${GCP_REGION}" >> $GITHUB_ENV
@@ -44,6 +44,15 @@ runs:
         echo "GH_WORKLOAD_IDENTITY_PROVIDER=${GH_WORKLOAD_IDENTITY_PROVIDER}" >> $GITHUB_ENV
       shell: bash
 
+    - name: Load environment variables from Infisical
+      uses: Infisical/secrets-action@v1.0.15
+      with:
+        method: "oidc"
+        identity-id: ${{ inputs.infisical_machine_identity_id }}
+        project-slug: "infra-deployment-env"
+        env-slug: ${{ inputs.environment }}
+        export-type: "env"
+
     - name: Setup Service Account
       uses: google-github-actions/auth@v2
       with:
 
@@ -31,6 +31,7 @@ jobs:
   deploy:
     name: Build and upload job to the ${{ inputs.environment }} environment
     runs-on: ci-builder
+    environment: ${{ inputs.environment }}
     permissions:
       contents: read
       id-token: write
@@ -45,9 +46,8 @@ jobs:
         uses: ./.github/actions/deploy-setup
         with:
           environment: ${{ inputs.environment }}
-          infisical_client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          infisical_client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
           install_gcloud: "true"
+          infisical_machine_identity_id: ${{ vars.INFISICAL_MACHINE_IDENTITY_ID }}
 
       - name: Set up Docker
         env:
 
@@ -29,6 +29,7 @@ jobs:
   deploy:
     name: Deploy Infra to the ${{ inputs.environment }} environment
     runs-on: ubuntu-22.04
+    environment: ${{ inputs.environment }}
     permissions:
       contents: read
       id-token: write
@@ -43,9 +44,8 @@ jobs:
         uses: ./.github/actions/deploy-setup
         with:
           environment: ${{ inputs.environment }}
-          infisical_client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          infisical_client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
           install_gcloud: "true"
+          infisical_machine_identity_id: ${{ vars.INFISICAL_MACHINE_IDENTITY_ID }}
 
       - name: Run Terraform state migrations
         if: inputs.plan_only == 'false'
 
@@ -32,6 +32,7 @@ jobs:
   deploy:
     name: Deploy job to the ${{ inputs.environment }} environment
     runs-on: ubuntu-22.04
+    environment: ${{ inputs.environment }}
     permissions:
       contents: read
       id-token: write
@@ -46,8 +47,7 @@ jobs:
         uses: ./.github/actions/deploy-setup
         with:
           environment: ${{ inputs.environment }}
-          infisical_client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          infisical_client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
+          infisical_machine_identity_id: ${{ vars.INFISICAL_MACHINE_IDENTITY_ID }}
 
       - name: Run Terraform state migrations
         if: inputs.plan_only == 'false'
 
@@ -44,6 +44,8 @@ jobs:
     name: ARM64 tests for ${{ matrix.package }}
     runs-on: ubuntu-24.04-arm
     timeout-minutes: 30
+    env:
+      GIN_MODE: test
     strategy:
       matrix:
         include:
 
@@ -9,6 +9,8 @@ jobs:
   run-tests:
     name: Run tests for ${{ matrix.package }}
     runs-on: infra-tests
+    env:
+      GIN_MODE: test
     strategy:
       matrix:
         include:
 
@@ -95,6 +95,9 @@ linters:
         - pattern: '^retryablehttp\.NewRequest$'
           pkg: ^github\.com/hashicorp/go-retryablehttp$
           msg: "Use github.com/hashicorp/go-retryablehttp.NewRequestWithContext instead of retryablehttp.NewRequest"
+        - pattern: 'gin\.SetMode'
+          pkg: '^github\.com/gin-gonic/gin$'
+          msg: "Do not use gin.SetMode(gin.TestMode) - it causes race conditions. GIN_MODE=test is set in CI workflows."
       analyze-types: true
 
     depguard:
 
@@ -1,3 +1,11 @@
+locals {
+  default_job_env_vars = {
+    GIN_MODE : "release"
+  }
+
+  job_env_vars = merge(local.default_job_env_vars, var.job_env_vars)
+}
+
 resource "nomad_job" "api" {
   jobspec = templatefile("${path.module}/jobs/api.hcl", {
     update_stanza      = var.update_stanza
@@ -40,6 +48,6 @@ resource "nomad_job" "api" {
     db_migrator_docker_image                = var.db_migrator_docker_image
     launch_darkly_api_key                   = trimspace(var.launch_darkly_api_key)
     default_persistent_volume_type          = var.default_persistent_volume_type
-    job_env_vars                            = var.job_env_vars
+    job_env_vars                            = local.job_env_vars
   })
 }
@@ -27,7 +27,7 @@ require (
 	github.com/getkin/kin-openapi v0.133.0
 	github.com/gin-contrib/cors v1.7.6
 	github.com/gin-contrib/size v1.0.2
-	github.com/gin-gonic/gin v1.10.1
+	github.com/gin-gonic/gin v1.12.0
 	github.com/go-redis/redis_rate/v10 v10.0.1
 	github.com/gogo/status v1.1.1
 	github.com/golang-jwt/jwt/v5 v5.3.1
@@ -45,15 +45,14 @@ require (
 	github.com/posthog/posthog-go v0.0.0-20230801140217-d607812dee69
 	github.com/redis/go-redis/v9 v9.17.3
 	github.com/stretchr/testify v1.11.1
-	go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.57.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0
-	go.opentelemetry.io/otel v1.41.0
+	go.opentelemetry.io/otel v1.43.0
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0
-	go.opentelemetry.io/otel/metric v1.41.0
-	go.opentelemetry.io/otel/sdk/metric v1.41.0
-	go.opentelemetry.io/otel/trace v1.41.0
+	go.opentelemetry.io/otel/metric v1.43.0
+	go.opentelemetry.io/otel/sdk/metric v1.43.0
+	go.opentelemetry.io/otel/trace v1.43.0
 	go.uber.org/zap v1.27.1
-	golang.org/x/net v0.50.0
+	golang.org/x/net v0.52.0
 	golang.org/x/sync v0.20.0
 	google.golang.org/grpc v1.79.3
 	google.golang.org/protobuf v1.36.11
@@ -104,14 +103,15 @@ require (
 	github.com/bep/golibsass v1.2.0 // indirect
 	github.com/bits-and-blooms/bitset v1.22.0 // indirect
 	github.com/bits-and-blooms/bloom/v3 v3.7.0 // indirect
-	github.com/bytedance/sonic v1.13.3 // indirect
-	github.com/bytedance/sonic/loader v0.2.4 // indirect
+	github.com/bytedance/gopkg v0.1.4 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.1 // indirect
 	github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cli/safeexec v1.0.1 // indirect
-	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
@@ -139,9 +139,9 @@ require (
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
 	github.com/gaissmai/extnetip v0.3.3 // indirect
-	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/gin-contrib/sse v1.1.1 // indirect
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
 	github.com/go-kit/log v0.2.1 // indirect
@@ -171,10 +171,11 @@ require (
 	github.com/go-openapi/validate v0.25.1 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.26.0 // indirect
+	github.com/go-playground/validator/v10 v10.30.2 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-json v0.10.6 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/gohugoio/hugo v0.139.4 // indirect
@@ -226,7 +227,7 @@ require (
 	github.com/julienschmidt/httprouter v1.3.0 // indirect
 	github.com/kamstrup/intmap v0.5.1 // indirect
 	github.com/klauspost/compress v1.18.2 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.11 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/knadh/koanf/maps v0.1.2 // indirect
 	github.com/knadh/koanf/providers/confmap v1.0.0 // indirect
 	github.com/knadh/koanf/v2 v2.3.2 // indirect
@@ -286,7 +287,7 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/paulmach/orb v0.11.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/pelletier/go-toml/v2 v2.3.0 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
 	github.com/pires/go-proxyproto v0.7.0 // indirect
@@ -305,6 +306,8 @@ require (
 	github.com/prometheus/prometheus v0.309.1 // indirect
 	github.com/prometheus/sigv4 v0.3.0 // indirect
 	github.com/puzpuzpuz/xsync/v3 v3.5.1 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.17.3 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.17.3 // indirect
 	github.com/rs/zerolog v1.34.0 // indirect
@@ -330,14 +333,15 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect
 	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
-	github.com/ugorji/go/codec v1.3.0 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
 	github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
 	github.com/woodsbury/decimal128 v1.3.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.etcd.io/etcd/api/v3 v3.6.6 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.10 // indirect
 	go.mongodb.org/mongo-driver v1.17.6 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/collector/component v1.48.0 // indirect
 	go.opentelemetry.io/collector/confmap v1.48.0 // indirect
@@ -351,6 +355,7 @@ require (
 	go.opentelemetry.io/contrib/bridges/otelzap v0.14.0 // indirect
 	go.opentelemetry.io/contrib/bridges/prometheus v0.61.0 // indirect
 	go.opentelemetry.io/contrib/exporters/autoexport v0.61.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.68.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.64.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/runtime v0.66.0 // indirect
@@ -366,9 +371,9 @@ require (
 	go.opentelemetry.io/otel/exporters/prometheus v0.58.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.15.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.39.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0 // indirect
 	go.opentelemetry.io/otel/log v0.15.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.41.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.43.0 // indirect
 	go.opentelemetry.io/otel/sdk/log v0.15.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
@@ -377,13 +382,13 @@ require (
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	go4.org/netipx v0.0.0-20230125063823-8449b0a6169f // indirect
-	golang.org/x/arch v0.18.0 // indirect
-	golang.org/x/crypto v0.48.0 // indirect
+	golang.org/x/arch v0.25.0 // indirect
+	golang.org/x/crypto v0.49.0 // indirect
 	golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a // indirect
 	golang.org/x/image v0.38.0 // indirect
 	golang.org/x/mod v0.33.0 // indirect
 	golang.org/x/oauth2 v0.34.0 // indirect
-	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
 	golang.org/x/text v0.35.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	golang.org/x/tools v0.42.0 // indirect