Validating packer templates with GitHub Actions
I setup a GitHub Action for my packer-aws-windows-openssh project last month and it was working pretty well until a recent job failed with this:
Run packer init ./aws-windows-ssh.pkr.hcl
Failed getting the "github.com/hashicorp/amazon" plugin:
1 error occurred:
* Plugin host rate limited the plugin getter. Try again in 43m44.793174231s.
HINT: Set the PACKER_GITHUB_API_TOKEN env var with a token to get more requests.
GET https://api.github.com/repos/hashicorp/packer-plugin-amazon/git/matching-refs/tags: 403 API rate limit exceeded for 172.183.131.31. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) [rate reset in 43m45s]
This happened during the packer init
part of my GitHub action. The packer init
command queries GitHub's public API, which rate limits requests per IP address. With GitHub actions, it's quite easy to hit this limit. The packer doc mentions setting PACKER_GITHUB_API_TOKEN but it doesn't get into specifics. Outside of GitHub actions, like running this from your local laptop, you'd probably not hit this issue at all
Fortunately, setting this up in an GitHub Action is fairly easy and you don't need to manually create token, you just set PACKER_GITHUB_API_TOKEN
to ${{ secrets.GITHUB_TOKEN }}
:
env:
PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GitHub automatically creates a token for you, called GITHUB_TOKEN
, which you can use in your workflow. You would put the above two lines at the top of your action, right before jobs:
. Here's a full example of my GitHub action so you can see it in context:
name: Validate packer templates
on:
pull_request:
env:
PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
packer-validate:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup `packer`
uses: hashicorp/setup-packer@v3
id: setup
- name: Run `packer init`
id: init
run: "packer init ./aws-windows-ssh.pkr.hcl"
- name: Run `packer validate`
id: validate
run: "packer validate ./aws-windows-ssh.pkr.hcl"
Once PACKER_GITHUB_API_TOKEN
is set in your action, you shouldn't see the rate limit error anymore.