Add: Packer

[Taegost]

• Added Packer for image creation
• Tweaked unzip for TF so it only unpacks the binary and not any extraneous files (like the LICENSE.txt)

Summary by CodeRabbit

• Chores

  • Added pinned Packer v1.15.3 to the development environment, with automated system-wide bash completion and tightened installation for image-building tooling.
  • Refined Terraform installation to extract only the required binary.

• Documentation

  • Updated tooling inventory to include Packer and its purpose (machine image building).

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds HashiCorp Packer to the project: pins a PACKER_VERSION in env example, installs and verifies Packer (with bash completion) in the Dockerfile, adds Packer to README, and introduces a .gitattributes file to enforce LF line endings and mark common binaries.

Changes

Cohort / File(s)	Summary
Environment & Configuration ./.env.example	Added PACKER_VERSION=1.15.3 variable declaration.
Build Setup ./Dockerfile	Added ARG PACKER_VERSION=1.15.3; download, verify (SHA256), extract only packer into /usr/local/bin, run packer version, and install system-wide bash completion. Also tightened Terraform unzip to extract only terraform.
Documentation ./README.md	Added Packer row to "What's Inside" table with version link to ./Dockerfile and purpose "Machine image building".
Repo Settings ./.gitattributes	New file enforcing LF line endings for text and marking common archives/binaries as binary to avoid text transformations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble bytes and stitch release streams bright,
Packer joins the burrow—images take flight!
Version pinned, checksums hum, completions in sight,
A hop, a build, and everything's just right.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add: Packer' directly reflects the main objective of adding Packer support to the toolbox, which is the primary change across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add_packer

---

_{Review rate limit: 2/3 reviews remaining, refill in 20 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.env.example:
- Line 46: Reorder the environment keys so PACKER_VERSION appears before
TERRAFORM_VERSION in .env.example to satisfy dotenv-linter's UnorderedKey rule;
locate the PACKER_VERSION entry and move that line so it precedes the
TERRAFORM_VERSION line, preserving the existing value "1.15.3" and surrounding
formatting.

In `@Dockerfile`:
- Around line 433-438: The Dockerfile's RUN packer -autocomplete-install
modifies root's shell RC but not system-wide completions; replace or supplement
that step by installing the completion file under /etc/bash_completion.d so all
users (including VSCode devcontainers) get it. Update the Dockerfile step that
currently runs "packer -autocomplete-install" to produce or copy the completion
output into /etc/bash_completion.d/packer and set appropriate ownership/mode
(root:root, 644); you can still run the install command if needed but ensure the
final artifact lives at /etc/bash_completion.d/packer rather than only in root's
~/.bash_profile.
- Around line 161-167: Add SHA256 checksum verification before unzipping the
downloaded Packer binary: after downloading the
packer_${PACKER_VERSION}_linux_${TARGETARCH}.zip to /tmp/packer.zip, also
download the corresponding SHA256SUMS file from HashiCorp releases for
${PACKER_VERSION}, extract the checksum line that matches
packer_${PACKER_VERSION}_linux_${TARGETARCH}.zip, verify the checksum of
/tmp/packer.zip (e.g., using sha256sum -c or by comparing computed sha256sum)
and fail the build if the checksum does not match; only then proceed to unzip
/tmp/packer.zip to /usr/local/bin/ and run packer version. Ensure you reference
PACKER_VERSION and TARGETARCH variables and /tmp/packer.zip in the verification
step so the Dockerfile aborts on mismatch.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: d9c6dbd9-08ac-4c3e-a77b-eb35cdffb644

📥 Commits

Reviewing files that changed from the base of the PR and between 98758e0 and 4ddade5.

📒 Files selected for processing (3)

• .env.example
• Dockerfile
• README.md

📜 Review details

🧰 Additional context used

🪛 dotenv-linter (4.0.0)

.env.example

[warning] 46-46: [UnorderedKey] The PACKER_VERSION key should go before the TERRAFORM_VERSION key

(UnorderedKey)

🔇 Additional comments (3)

.env.example (1)

18-18: Good addition to version reference links.
This keeps .env.example aligned with the new Packer install flow.

Dockerfile (1)

147-147: Nice fix: Terraform unzip now extracts only the binary.
This avoids unpacking extra archive files into the image.

README.md (1)

17-17: README tool inventory update looks good.
The new Packer entry is clear and consistent with the implementation changes.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile`:
- Around line 167-168: The checksum logic currently pipes the EXPECTED value
into sha256sum -c which can silently fail; modify the block that computes
EXPECTED (from /tmp/packer_SHA256SUMS using PACKER_VERSION and TARGETARCH) to
validate that EXPECTED is non-empty and matches a hex SHA256 pattern, then write
a one-line checksum file like "<EXPECTED>  /tmp/packer.zip" and invoke sha256sum
-c against that file (instead of using a pipe); ensure the build exits non‑zero
if EXPECTED is empty or the checksum verification fails (affecting
variables/symbols PACKER_VERSION, TARGETARCH, EXPECTED, /tmp/packer_SHA256SUMS,
/tmp/packer.zip, and the sha256sum -c invocation).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 7747c17b-4ebd-4c11-914b-347e64d83d38

📥 Commits

Reviewing files that changed from the base of the PR and between 4ddade5 and 1168844.

📒 Files selected for processing (10)

• .devcontainer/example/devcontainer.json
• .env.example
• .gitattributes
• .github/ISSUE_TEMPLATE/bug_report.md
• .github/ISSUE_TEMPLATE/feature_request.md
• .github/workflows/build-and-push.yml
• Dockerfile
• README.md
• dependencies/ansible-requirements.yml
• dependencies/python-ansible-requirements.txt

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Push

🧰 Additional context used

🪛 dotenv-linter (4.0.0)

.env.example

[warning] 46-46: [UnorderedKey] The PACKER_VERSION key should go before the TERRAFORM_VERSION key

(UnorderedKey)

🪛 Hadolint (2.14.0)

Dockerfile

[warning] 161-161: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check

(DL4006)

🔇 Additional comments (5)

.env.example (1)

46-46: PACKER_VERSION ordering warning is still present.

Line 46 is still below TERRAFORM_VERSION (Line 45), so the existing dotenv-linter UnorderedKey finding remains unresolved.

.gitattributes (1)

4-14: LF normalization and binary declarations look correct.

This is a solid baseline for avoiding cross-platform line-ending breakage while protecting binary assets from text conversion.

README.md (1)

17-17: Packer documentation entry is clear and correctly linked.

Good addition to keep the “What’s Inside” matrix aligned with the image contents.

Dockerfile (2)

147-149: Terraform extraction scope is improved.

Limiting unzip to the terraform binary is the right behavior and avoids shipping extraneous archive contents.

---

438-445: System-wide Packer completion installation is a good fix.

Writing completion under /etc/bash_completion.d correctly makes it available to non-root interactive sessions.