hashicorp / push-to-registry
Install for your project team
Run this command in your project directory to install the skill for your entire team:
mkdir -p .claude/skills/push-to-registry && curl -L -o skill.zip "https://fastmcp.me/Skills/Download/3701" && unzip -o skill.zip -d .claude/skills/push-to-registry && rm skill.zipProject Skills
This skill will be saved in .claude/skills/push-to-registry/ and checked into git. All team members will have access to it automatically.
Important: Please verify the skill by reviewing its instructions before using it.
Push Packer build metadata to HCP Packer registry for tracking and managing image lifecycle. Use when integrating Packer builds with HCP Packer for version control and governance.
0 views
0 installs
Skill Content
---
name: push-to-registry
description: Push Packer build metadata to HCP Packer registry for tracking and managing image lifecycle. Use when integrating Packer builds with HCP Packer for version control and governance.
---
# Push to HCP Packer Registry
Configure Packer templates to push build metadata to HCP Packer registry.
**Reference:** [HCP Packer Registry](https://developer.hashicorp.com/hcp/docs/packer)
> **Note:** HCP Packer is free for basic use. Builds push metadata only (not actual images), adding minimal overhead (<1 minute).
## Basic Registry Configuration
```hcl
packer {
required_version = ">= 1.7.7"
}
variable "image_name" {
type = string
default = "web-server"
}
locals {
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}
source "amazon-ebs" "ubuntu" {
region = "us-west-2"
instance_type = "t3.micro"
source_ami_filter {
filters = {
name = "ubuntu/images/*ubuntu-jammy-22.04-amd64-server-*"
}
most_recent = true
owners = ["099720109477"]
}
ssh_username = "ubuntu"
ami_name = "${var.image_name}-${local.timestamp}"
}
build {
sources = ["source.amazon-ebs.ubuntu"]
hcp_packer_registry {
bucket_name = var.image_name
description = "Ubuntu 22.04 base image for web servers"
bucket_labels = {
"os" = "ubuntu"
"team" = "platform"
}
build_labels = {
"build-time" = local.timestamp
}
}
provisioner "shell" {
inline = [
"sudo apt-get update",
"sudo apt-get upgrade -y",
]
}
}
```
## Authentication
Set environment variables before building:
```bash
export HCP_CLIENT_ID="your-service-principal-client-id"
export HCP_CLIENT_SECRET="your-service-principal-secret"
export HCP_ORGANIZATION_ID="your-org-id"
export HCP_PROJECT_ID="your-project-id"
packer build .
```
### Create HCP Service Principal
1. Navigate to HCP → Access Control (IAM)
2. Create Service Principal
3. Grant "Contributor" role on project
4. Generate client secret
5. Save client ID and secret
## Registry Configuration Options
### bucket_name (required)
The image identifier. Must stay consistent across builds!
```hcl
bucket_name = "web-server" # Keep this constant
```
### bucket_labels (optional)
Metadata at bucket level. Updates with each build.
```hcl
bucket_labels = {
"os" = "ubuntu"
"team" = "platform"
"component" = "web"
}
```
### build_labels (optional)
Metadata for each iteration. Immutable after build completes.
```hcl
build_labels = {
"build-time" = local.timestamp
"git-commit" = var.git_commit
}
```
## CI/CD Integration
### GitHub Actions
```yaml
name: Build and Push to HCP Packer
on:
push:
branches: [main]
env:
HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }}
HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }}
HCP_ORGANIZATION_ID: ${{ secrets.HCP_ORGANIZATION_ID }}
HCP_PROJECT_ID: ${{ secrets.HCP_PROJECT_ID }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-packer@main
- name: Build and push
run: |
packer init .
packer build \
-var "git_commit=${{ github.sha }}" \
.
```
## Querying in Terraform
```hcl
data "hcp_packer_artifact" "ubuntu" {
bucket_name = "web-server"
channel_name = "production"
platform = "aws"
region = "us-west-2"
}
resource "aws_instance" "web" {
ami = data.hcp_packer_artifact.ubuntu.external_identifier
instance_type = "t3.micro"
tags = {
PackerBucket = data.hcp_packer_artifact.ubuntu.bucket_name
}
}
```
## Common Issues
**Authentication Failed**
- Verify HCP_CLIENT_ID and HCP_CLIENT_SECRET
- Ensure service principal has Contributor role
- Check organization and project IDs
**Bucket Name Mismatch**
- Keep `bucket_name` consistent across builds
- Don't include timestamps in bucket_name
- Creates new bucket if name changes
**Build Fails**
- Packer fails immediately if can't push metadata
- Prevents drift between artifacts and registry
- Check network connectivity to HCP API
## Best Practices
- **Consistent bucket names** - Never change for same image type
- **Meaningful labels** - Use for versions, teams, compliance
- **CI/CD automation** - Automate builds and registry pushes
- **Immutable build labels** - Put changing data (git SHA, date) in build_labels
## References
- [HCP Packer Documentation](https://developer.hashicorp.com/hcp/docs/packer)
- [hcp_packer_registry Block](https://developer.hashicorp.com/packer/docs/templates/hcl_templates/blocks/build/hcp_packer_registry)
- [HCP Terraform Provider](https://registry.terraform.io/providers/hashicorp/hcp/latest/docs/data-sources/packer_artifact)