ci: publish busybox binaries to GCS public builds bucket

[tomassrnka]

Summary

• Adds a publish job to the build workflow that uploads busybox binaries to the GCS public builds bucket (e2b-prod-public-builds/busybox/{arch}/busybox)
• Mirrors the pattern used by fc-kernels for GCS publishing
• Keeps the existing GitHub release unchanged

Why

The infra repo is moving busybox from a compile-time //go:embed to a runtime disk read (see e2b-dev/infra#2326). This requires busybox to be in the GCS public bucket so orchestrator hosts can mount it via gcsfuse/s3fs.

Prerequisites

• GCP_WORKLOAD_IDENTITY_PROVIDER and GCP_SERVICE_ACCOUNT_EMAIL secrets must be configured (same as fc-kernels)
• GCP_BUCKET_NAME variable must be set to e2b-prod-public-builds (same as fc-kernels)

Test plan

• Verify secrets/variables match fc-kernels configuration
• Push a test tag to trigger the workflow
• Verify binaries appear at gs://e2b-prod-public-builds/busybox/amd64/busybox and gs://e2b-prod-public-builds/busybox/arm64/busybox
• Verify GitHub release is still created correctly

🤖 Generated with Claude Code

[cursor]

PR Summary

Medium Risk
Adds new GitHub Actions OIDC-based GCP authentication and automated uploads of release artifacts to a GCS bucket, plus Terraform to provision the required IAM/secret wiring; misconfiguration could break releases or widen bucket access.

Overview
Extends the tag-based BusyBox build workflow with a new publish job that downloads build artifacts, restructures them into a versioned layout, generates per-arch busybox.sha256 sidecars, and uploads them to a configured GCS bucket using GitHub Actions OIDC (google-github-actions/auth). The GitHub Release step is retained, now running after the optional GCS upload.

Adds a terraform/ module (and supporting .env.template/Makefile/lockfile) to provision GCP Workload Identity Federation + a service account with GCS object upload permissions, and to automatically set the repo’s GCP_WORKLOAD_IDENTITY_PROVIDER, GCP_SERVICE_ACCOUNT_EMAIL secrets and GCP_BUCKET_NAME variable. Also updates .gitignore to exclude local Terraform/env artifacts.

^{Reviewed by Cursor Bugbot for commit dc8070c. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Autofix Details

Bugbot Autofix prepared fixes for both issues found in the latest run.

• ✅ Fixed: Deprecated v1 Google actions will fail on runner
  • Updated google-github-actions/auth and google-github-actions/upload-cloud-storage from @v1 to @V3 to use Node 24 which is supported on ubuntu-24.04 runners.
• ✅ Fixed: GCS failure blocks previously-working GitHub release creation
  • Added continue-on-error: true to both GCS steps so that failures will not block the subsequent GitHub release steps from executing.

Or push these changes by commenting:

@cursor push 3a8abe9bda

Preview (3a8abe9bda)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -71,13 +71,17 @@
           ls -laR gcs-upload/
 
       - name: Setup GCP auth
-        uses: google-github-actions/auth@v1
+        id: gcp-auth
+        uses: google-github-actions/auth@v3
+        continue-on-error: true
         with:
           workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
 
       - name: Upload to GCS
-        uses: google-github-actions/upload-cloud-storage@v1
+        if: steps.gcp-auth.outcome == 'success'
+        uses: google-github-actions/upload-cloud-storage@v3
+        continue-on-error: true
         with:
           path: gcs-upload
           destination: ${{ vars.GCP_BUCKET_NAME }}/busybox

_{This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.}

[tomassrnka]

bugbot run

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 47063d4. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit fe8115f. Configure here.}