Hello,
is there any way/mechanism which would allow me to let packer fail during the provisioning phase? Let’s say I want to include some sort of quality gate into the provisioning that checks the activity so far and if a specific condition is met I want to exit provisioning signalling that the complete build should fail. Is that possible?
The easiest way to do this is with a shell provisioner that fails, but any of the common provisioners can fail if they apply a quality gate that is not met
Examples I’ve used in the past are:
Inspec Provisioner – apply a compliance profile to the built image, if the image does not comply, the build fails
Shell provisioner to run trivy against the built image. If vulnerabilities are found, the build fails.
Yes, this is the easiest way. It depends somewhat from provisioner to provisioner, and you can also set valid exit codes to let the build continue even if the script exits with a code other than 0. However in general, if a provisioner fails, then the build fails.