Letting Packer fail during provision

tfoks · September 28, 2022, 11:25am

Hello,
is there any way/mechanism which would allow me to let packer fail during the provisioning phase? Let’s say I want to include some sort of quality gate into the provisioning that checks the activity so far and if a specific condition is met I want to exit provisioning signalling that the complete build should fail. Is that possible?

Regards

brucellino1 · September 28, 2022, 4:28pm

The easiest way to do this is with a shell provisioner that fails, but any of the common provisioners can fail if they apply a quality gate that is not met

Examples I’ve used in the past are:

Inspec Provisioner – apply a compliance profile to the built image, if the image does not comply, the build fails
Shell provisioner to run trivy against the built image. If vulnerabilities are found, the build fails.

Is this the kind of thing you were looking for?

tfoks · September 30, 2022, 10:36am

Probably yes. Is it in deed that trivial that one just need to exit from a shell provisioner with a result code different from 0 to let a build fail?

brucellino1 · October 1, 2022, 5:43am

Yes, this is the easiest way. It depends somewhat from provisioner to provisioner, and you can also set valid exit codes to let the build continue even if the script exits with a code other than 0. However in general, if a provisioner fails, then the build fails.