Validating packer templates with GitHub Actions

Christopher Horrell

Mar 22, 2024 — 1 min read

I setup a GitHub Action for my packer-aws-windows-openssh project last month and it was working pretty well until a recent job failed with this:

Run packer init ./aws-windows-ssh.pkr.hcl
Failed getting the "github.com/hashicorp/amazon" plugin:
1 error occurred:
	* Plugin host rate limited the plugin getter. Try again in 43m44.793174231s.
HINT: Set the PACKER_GITHUB_API_TOKEN env var with a token to get more requests.
GET https://api.github.com/repos/hashicorp/packer-plugin-amazon/git/matching-refs/tags: 403 API rate limit exceeded for 172.183.131.31. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) [rate reset in 43m45s]

This happened during the packer init part of my GitHub action. The packer init command queries GitHub's public API, which rate limits requests per IP address. With GitHub actions, it's quite easy to hit this limit. The packer doc mentions setting PACKER_GITHUB_API_TOKEN but it doesn't get into specifics. Outside of GitHub actions, like running this from your local laptop, you'd probably not hit this issue at all

Fortunately, setting this up in an GitHub Action is fairly easy and you don't need to manually create token, you just set PACKER_GITHUB_API_TOKEN to ${{ secrets.GITHUB_TOKEN }} :

env:
  PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

GitHub automatically creates a token for you, called GITHUB_TOKEN, which you can use in your workflow. You would put the above two lines at the top of your action, right before jobs:. Here's a full example of my GitHub action so you can see it in context:

name: Validate packer templates

on:
  pull_request:

env:
  PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
  packer-validate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup `packer`
        uses: hashicorp/setup-packer@v3
        id: setup

      - name: Run `packer init`
        id: init
        run: "packer init ./aws-windows-ssh.pkr.hcl"

      - name: Run `packer validate`
        id: validate
        run: "packer validate ./aws-windows-ssh.pkr.hcl"

Once PACKER_GITHUB_API_TOKEN is set in your action, you shouldn't see the rate limit error anymore.

Running PSScriptAnalyzer in GitHub Actions

I was working on a project recently that has some PowerShell scripts and I wanted to add some kind of linting for PRs, as you do. The go-to for PowerShell seems to be PSScriptAnalyzer and it's something I've already setup in VS Code. Great! The next

Installing a specific version of CMake in a docker image

Sometime last year I needed to get a specific version of CMake (3.6.2) installed in a CentOS 7 Docker image. The Docker image (via a Dockerfile) was being used in a Jenkins declarative pipeline. The version of the CMake yum package for CentOS 7 is 2.8.12.

Install Docker on Ubuntu with Ansible

I like to use Docker as much as possible for Jenkins builds since it simplifies the agent infrastructure – the agents just need to have git, java (jdk or jre) and Docker installed. I typically install Docker on Ubuntu via the instructions on the Docker website. The instructions recommend using the

Recommendations for MSBuild in a Jenkins pipeline

MSBuild has a lot of command line options that are relevant when building in a Jenkins pipeline. A useful command argument to set is /nodeReuse:false. This ensures that MSBuild.exe exits after being called. The default is true and is meant to reduce the startup time for subsequent builds.

Read more

Running PSScriptAnalyzer in GitHub Actions

Installing a specific version of CMake in a docker image

Install Docker on Ubuntu with Ansible

Recommendations for MSBuild in a Jenkins pipeline