Packer templates allow you to define machine images as code, allowing you to set up a version control repository as a source of truthful information for the image content. This allows you to apply code reviews to detect changes and use automated builds to keep your images up to date. HCP Packer further simplifies image creation and deployment by providing a central image registry for development and operations teams. By integrating Packer and HCP Packer into continuous integration (CI) pipelines, you can automatically trigger image builds on changes in your version control repository.
In this tutorial, you set up a complete GitHub Actions workflow to automatically create and manage different versions of a machine image. Each time you make changes to the designated branches (Headmaster,Development,staging) or create a new Git tag, the workflow triggers a Packer build, sends the build metadata to HCP Packer, and sets the appropriate HCP Packer channel for the build iteration. Along the way, you'll learn how to automate and scale Packer builds across your organization.
This tutorial assumes that you are familiar with the standard Packer and HCPPacker workflows. If you are new to Packer, fill this outStartfirst tutorials. If you are new to HCP Packer please fill this outIntroduction to HP Packerfirst tutorials.
For this tutorial you will need:
- AGithub-Konto
- Likehcp-Konto
- LikeHCP Wrapper RegistrationmiHCP-Servicemanager
- Likeaws-KontomiAWS Credentials
monitoring This tutorial provides resources that qualify under the requirementsAWS Free Tier. If your account does not qualify for the AWS Free Tier, we are not responsible for any fees that may apply.
Configure the GitHub action
tenorGet to know Packer GitHub Actionsrepository. This repository contains files that define the Packer build and the GitHubActions workflow.
At that timeforkedRepository, go toIdeas,secrets, SoBehave. create the followingRepository Secretsand set them to their respective values. The GitHub Action workflow for this repository uses these credentials to provision your resources and send metadata to HCP Packer.
Advice To get your HCP organization and project ID, log in to HCP and select the appropriate organization. The URL of the overview page contains the organization and project IDs:https://portal.cloud.hashicorp.com/orgs/ORGANIZATION_ID/projects/PROJECT_ID
| secret name | bravery |
|---|---|
AWS_ACCESS_KEY_ID | Your AWS Access Key ID |
AWS_SECRET_ACCESS_KEY | Your AWS secret key |
HCP_CLIENT_ID | Your HCP Service Master ID |
HCP_CLIENTE_SECRET | The secret of your HCP service manager |
HCP_ORGANIZATION_ID | Your HCP Organization ID |
HCP_PROJECT_ID | Your HCP project ID |
After completion is thetrade secretsPage shows the six mysteries.
Navigate toBehaveand activate the preconfigured workflow defined in the repository.github/workflowsClick DirectoryI understand my workflows, move on and enable them.
Then clone your fork repository to your local machine. If you're using the CLI, replaceUSERNAMEwith your GitHub username.
p.s gitClone https://github.com/USERNAME/learn-packer-github-actionsIn this section, you'll look at the Packer template file and the GitHub Actions workflow to understand how GitHub Actions will automate your image builds.
Check the packer template
Openbuild.pkr.hcl. This file contains Packer HCL code to generate a HashiCups machine image. HashiCups is a demo app that allows you to view and order HashiCorp branded custom coffee. The HashiCups app consists of a frontend React app and several backend services.
Öamazon-ebs.ubuntu-ltsThe source block pulls an Ubuntu 22.04 imagewe-west-1Region to use as the base image.
build.pkr.hcl
fuente"amazon-ebs" "ubuntu-lts" { Region = "us-west-1" source_ami_filter { Filter = { virtualization type = "the sum" Name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-servidor-*" root device type = "ebs" } the owner = ["099720109477"] newer = TRUE } instance type = "t2.small" ssh_username = "ubuntu" ssh_agent_authorization = INCORRECT name_ami = "hashicups_{{timestamp}}" ami_regions = ["us-west-1"]}Withinbuildblock thathcp_packer_registryThe block configures the packer to send image metadata to the HCP packer registry.
build.pkr.hcl
build { hcp_packer_registry { cube name = "learn-packer-github-actions" Description = <<FINThis is an image for HashiCups.weekend cube_labels = { "hashicorp-learn" = "learn-packer-github-actions", } } ##...}Öamazon-ebs.ubuntu-ltsThe block gets the build source. The file provider copies aSystemUnit file for the HashiCups service. The shell provider runs thesetup-deps-hashicups.shScript to install and configure the service.
build.pkr.hcl
build { ##... fuentes = [ "fuente.amazon-ebs.ubuntu-lts", ] # systemd unit for HashiCups service commissions"Archive"{ fuente = "hashicups.service" determination = "/tmp/hashicups.servicio" } # Configure HashiCups commissions"Concha"{ scripts = [ "setup-deps-hashicups.sh" ] } ##...}After building the image, Packer stores the iteration ID in a file namedpacker_manifest.json. The GitHub action gets the iteration ID of this file and updates the appropriate channel to point to it. In the next section, you'll see how the GitHub action uses this value.
build.pkr.hcl
build { ##...post processor"Manifest" { Salida = "packer_manifest.json" strip_route = TRUE custom_data = { Iterations-ID =packer.iterationID } }}The image created by the packer is now fully configured to run the HashiCups application. When a server using this image starts, systemd starts HashiCups.
Review Actions Workflow
Ö.githubThe directory contains the GitHub Actions workflow and a helper script.
Open.github/workflows/build_and_deploy.yamlto review the GitHub Actions workflow. The first line defines a name for the workflow.
.github/workflows/build_and_deploy.yml
Name:build and deployThen theoneThe block limits this workflow to new tags that are compliantsemantic versionor squeezeDevelopment,staging, ÖHeadmasterbranches.
.github/workflows/build_and_deploy.yml
one: press: label: ["v[0-9].[0-9]+.[0-9]+"] branches: - "Development" - "staging" - "Headmaster"ÖSurroundingsThe section defines environment variables that all tasks and steps in the workflow have access to. The workflow usesHCP_CLIENT_IDmiHCP_CLIENTE_SECRETto authenticate and send build metadata to HCP Packer. The helper script uses the remaining environment variables to create and update the HCP Packer channels using the HCP PackerAPI.
.github/workflows/build_and_deploy.yml
Surroundings: HCP_CLIENT_ID:p.s{{segredos.HCP_CLIENT_ID}} HCP_CLIENTE_SECRET:p.s{{segredos.HCP_CLIENT_SECRET}} HCP_PROJECT_ID:p.s{{secretos.HCP_PROJECT_ID}} HCP_ORGANIZATION_ID:p.s{{segredos.HCP_ORGANIZATION_ID}} HCP_BUCKET_NAME: "learn-packer-github-actions"Finally, the configuration defines two jobs. EITHERconstruction imageThe job uses Packer to build the image and theChannel HCP packer updateThe job updates the HCPPacker channel to point to the newly created image.
Both jobs are done atubuntu ultimateimage containing the packer binary.
.github/workflows/build_and_deploy.yml
jobs: construction image: Name:Build shrink:Ubuntu-newer ##... Channel HCP packer update: Name:Update Channel HCP Packer shrink:Ubuntu-newer ##...Öconstruction imageThe job has the following steps:
check overclone the GitHub repository to get the current configuration. EITHER
EUThe argument defines the Docker image to run the step and uses the GitHub methodActions/Payment@v3Action..github/workflows/build_and_deploy.yml
(Video) Secure GitOps Workflows with GitHub Actions and HashiCorp Vault- Name:check over EU:Actions/Payment@v3Configure AWS credentialscreates environment variables with values retrieved from GitHub secrets and sets the AWS Region
we-west-1..github/workflows/build_and_deploy.yml
- Name:Configure AWS credentials EU:aws-Actions/Configure-aws-Credentials@v1 com: aws-access-key-id:p.s{{segredos.AWS_ACCESS_KEY_ID}} aws-secret-acceso-clave:p.s{{secretos.AWS_SECRET_ACCESS_KEY}} aws-region:us-west-1wrapper initializationinitializes the packer model by installing any plugins referenced in the model.
.github/workflows/build_and_deploy.yml
- Name:wrapper initialization run:init des Packers.Packer-Build - Ramoscreates the machine images defined in the root directory. EITHER
github.refcontains the name of the branch or tag that triggered the workflow; However, this step is only executed if the workflow is triggered by a push to a branch..github/workflows/build_and_deploy.yml
- Name:packer compilation-branches con: "comienzaCon(github.ref, 'refs/heads/')" run:Packerbau.Packer construction - labelscreates the machine images defined in the root directory for new semantically versioned tags. Because HCPPacker build fingerprints must be unique, this job sets the build fingerprint to the runtime stamp. This ensures that builds marked as committed do not have the same fingerprint as builds in the
Headmaster,Development, mistagingbranches..github/workflows/build_and_deploy.yml
- Name:packer compilation-label con:starts with (github.ref,'refs/tags/v') run:HCP_PACKER_BUILD_FINGERPRINT=$(data +'%m%d%YT%H%M%S') Erstellung des Packers.Get the HCP packer iteration id from the packer manifestgets the iteration id of the
packer_manifest.jsonFile generated by Packer build post processor. This step exports the iteration ID so that theChannel HCP packer updatethe job can use it to update the HCP packer channel.Advice
GitHub generates a new SHA commit when it creates a pull request (PR). If your version control system does not create new commit SHAs for PR, you must create a unique fingerprint for the packer build when merging PR.
.github/workflows/build_and_deploy.yml
- Name:Get the HCP packer iteration id from the packer manifest I wanted:hp run: |last_run_uuid=$(jq -r '.last_run_uuid' "./packer_manifest.json")build=$(jq -r '.builds[] | select(.packer_run_uuid == "'"$last_run_uuid"'")' "./packer_manifest.json")iteration_id=$(echo "$construir" | jq -r '.custom_data.iteration_id')echo "::set-output name=iteration_id::$iteration_id"
once theconstruction imagethe job is complete triggers the action workflowChannel HCP packer updatework. This work has two phases:
check overclone the current configuration.
.github/workflows/build_and_deploy.yml
(Video) Automate your Docker Build/Test/Deploy pipelines!- Name:check over EU:Actions/Payment@v3Create and define channelupdates the HCP Packer channel for the branch or label to serve the new iteration. This step determines the name of the channel with the
github.ref_nameand replaces all periods in the tags with dashes to create a valid channel name (e.g.:v1.0.0becomesv1-0-0). Then run thecreate_channel_iteration.shScript with channel name and iteration id fromconstruction imagework..github/workflows/build_and_deploy.yml
- Name:Create and define channel working directory:.github/scripts run: |nombre_canal=$( echo ${{github.ref_name}} | sed 's/\./-/g')./create_channel_iteration.sh $HCP_BUCKET_NAME $channel_name "${{ need.build-image.outputs.iteration_id }}"
open this.github/scripts/create_channel_iteration.shArchive. This script authenticates with HCP, creates the HCP Packer channel if it doesn't exist, and updates the channel to point to the specified iteration. EITHERHeadmasterthe branch is dedicated to HCP Packerreleasechannel to show how you can decouple branch names from channel names.
.github/script/create_channel_iteration.sh
# If you are on the main branch, set the channel to Releasecon["$channel_name" == "Principal"]; Sochannel_name="Start"fiCreate development build
create a new oneDevelopmentFork in your fork repository.
p.s gitoutput -b'Development'change thatHASHICUPS_VERSIONvariable onesetup-deps-hashicups.shforv1.0.0.
setup-deps-hashicups.sh
# Get HashiCups configurationgit-Clone https://github.com/hashicorp-demoapp/hashicups-setupscd hashicups-setups/docker-compose-deploymentGit payment serverHASHICUPS_VERSION="v1.0.0"sed -i 's/Copas Hashi/Copas Hashi - ${HASHICUPS_VERSION}/g' docker-compose.yaml# Use `compose create` to get data from the container without running the containercreate sudo docker composeOrganize your changes.
p.s git add to setup-deps-hashicups.shConfirm the changes with a message.
p.s gitcometer-m'Update HashiCups footer message with version'[dev aba0bd5] Update HashiCups footer message with version1 file modified, 1 insertion (+), 1 deletion (-)Press the changes.
p.s gitpush --set-develop from the upstream sourceCheck the development build
Click on your fork repositoryBehaveand then click the running workflow.
click noBuildwork. Note that the image is built usingPacker-Build - RamosStage.
Once the workflow is complete, proceed to the HCP Packer registration. Click on thatLearn Packer GitHub Actionsbucket, and then clickThe iteration. Packer shows the full build and the build fingerprint matches the SHA of the git commit.
click onchannels. watchUpdate Channel HCP Packerthe created workflow step aDevelopmentand set it to the iteration triggered by theDevelopmentchildlike.
change thatHASHICUPS_VERSIONvariable onesetup-deps-hashicups.shforv1.1.0.
setup-deps-hashicups.sh
# Get HashiCups configurationgit-Clone https://github.com/hashicorp-demoapp/hashicups-setupscd hashicups-setups/docker-compose-deploymentGit payment serverHASHICUPS_VERSION="v1.1.0"sed -i 's/Copas Hashi/Copas Hashi - ${HASHICUPS_VERSION}/g' docker-compose.yaml# Use `compose create` to get data from the container without running the containercreate sudo docker composeOrganize your changes.
p.s git add to setup-deps-hashicups.shConfirm the changes with a message.
p.s gitcometer-m'Update HashiCups footer message with a new version'[dev a9724f9] Update HashiCups footer message with new version1 file modified, 1 insertion (+), 1 deletion (-)Press the changes.
p.s gitpressThe push triggered a new workflow in your fork repositoryBehave.
After the workflow is complete, switch toLearn Packer GitHub Actionsfrom the bucketchannelsbook page. Notice that the workflow updated theDevelopmentChannel to refer to the second iteration, the latest build-inDevelopmentSubsidiary. This workflow does thatDevelopmentGitHub Branch is the source of truth for theDevelopmentChannel.
Create and merge a pull request
Create a pull request for in your fork repository on GitHubDevelopmentSubsidiary. NOBasis-RepositorySelect drop down listYour fork repositoryIt is inHeadmasterSubsidiary. then clickCreate receipt request.
Merge the pull request. don't delete themDevelopmentchildlike.
ÖBehaveThe tab shows that the pull request triggered a workflow for theHeadmasterchildlike.
After the workflow is complete, switch toLearn Packer GitHub Actionsfrom the bucketchannelsbook page. Notice that the workflow created a channel namedreleaseand configure it to merge the for the triggered buildHeadmasterSubsidiary. That makes themHeadmasterGitHub Branch is the source of truth for thereleaseChannel.
You can use Git tags to control the version of your changes. By tagging specific commits, you can support multiple image build versions. This allows post-image consumers to query specific build versions outside ofDevelopment,staging, miProductionchannels
Check theHeadmasterchildlike.
p.s gitmain cartonSwitched to the main branchYour branch will be updated with 'source/main'.Get the latest changes fromHeadmaster.
p.s gitthrowCreate a new Git tag.
p.s gitTag v1.1.0Press the label.
p.s gitpush --labelsCheck the highlighted build
Go to your fork repositoryBehaveto locate the new workflow execution. Note the SHA obligation for theHeadmasterbranch and thev1.1.0labels are the same. To ensure HCP Packer build fingerprints are unique, theCreate Image - TagsThe step sets the fingerprint to the current timestamp instead of the commit SHA.
After the workflow is complete, switch toLearn Packer GitHub Actionsfrom the bucketchannelsPage on HCP Packer. Notice that the workflow created a channel namedv1-1-0and set it to be activated byv1.1.0Qualification. That makes themv1.1.0Git marks the source of truth for thev1-1-0Channel.
destroy resources
Before proceeding, destroy the AMIs created during this tutorial and their snapshots to avoid additional costs.consola AMI parawe-west-1Select the AMIs and click the buttonBehavebutton and thecancel registrationPossibility. delete thosesnapshotsSelect the snapshots and then click the buttonBehavebutton and theExtinguishPossibility.
In this tutorial, you set up a GitHub Actions workflow to automatically create and manage different versions of a computer image. You then triggered the builds by sending commits to theDevelopmentmiHeadmasterBranch and create a new Git tag. You can customize this Actions workflow to automate and scale Packer builds across your organization.
For more information on the topics covered in this tutorial, see the following resources.
- Watch themCreate images on CI/CDPacker documentation for more guidance on automating Packer builds.
- complete onePlan to revoke image iteration for complianceTutorial to learn how to undo image iterations to ensure your images are compliant and secure.
- read thisBuild a golden imaging pipeline with HCP PackerTutorial to create a build pipeline for base images and application images.
- Watch themAutomating imaging pipelines with HCP PackerIntroducing HashiTalks to learn how HashiCorp uses HCP Packer and GitHub Actions in production to automate our image build, test, and deployment pipeline.