Letting Packer fail during provision

is there any way/mechanism which would allow me to let packer fail during the provisioning phase? Let’s say I want to include some sort of quality gate into the provisioning that checks the activity so far and if a specific condition is met I want to exit provisioning signalling that the complete build should fail. Is that possible?


The easiest way to do this is with a shell provisioner that fails, but any of the common provisioners can fail if they apply a quality gate that is not met

Examples I’ve used in the past are:

  • Inspec Provisioner – apply a compliance profile to the built image, if the image does not comply, the build fails
  • Shell provisioner to run trivy against the built image. If vulnerabilities are found, the build fails.

Is this the kind of thing you were looking for?

1 Like

Probably yes. Is it in deed that trivial that one just need to exit from a shell provisioner with a result code different from 0 to let a build fail?

Yes, this is the easiest way. It depends somewhat from provisioner to provisioner, and you can also set valid exit codes to let the build continue even if the script exits with a code other than 0. However in general, if a provisioner fails, then the build fails.