core/hcp: add support for updating HCP Packer registry channels and bucket log UI metadata. GH-13532
build: update Go to 1.24.12. GH-13553
docker: remove vmware and vsphere from the packer full image. GH-13442
docs: add comments to packer docs. GH-13534
compliance: update copyright and license headers. GH-13540 GH-13543 GH-13545 GH-13544
datasource/http: update acceptance test URL to avoid rate limiting. GH-13480
provisioner/powershell: ensure LASTEXITCODE is set before checking its value in tests.
GH-13539
core/hcp: added cicd metadata support for BitBucket and Jenkins pipelines. GH-13513 GH-13505
core: bump github.com/hashicorp/packer-plugin-sdk to 0.6.4 GH-13494
docs: fix typos and linguistic errors in documentation. GH-13496
HCP Certificate Authentication Support – by @JenGoldstrich (#13435)
Adds support for the HCP_CRED_FILE environment variable and removes restrictions on HCP_CLIENT_ID and HCP_CLIENT_SECRET when connecting builds to an HCP Packer registry.
Upgrade Node.js to v22 – by @LeahMarieBush (#13450)
Updates the Node.js version used for Packer website builds.
$result variable from the wrapper string.PACKER_ACC_BUILDERS for acceptance tests – by @kp2099 (#13444)hcl2template error messages – by @sbraz (#13453)github.com/ulikunitz/xz from 0.5.10 → 0.5.14 – by @dependabot (#13459)golang.org/x/oauth2 from 0.13.0 → 0.27.0 – by @dependabot (#13460)github.com/ulikunitz/xz from 0.5.10 → 0.5.15 – by @kp2099 (#13461)github.com/hashicorp/packer-plugin-sdk from 0.6.2 → 0.6.3 – by @kp2099 (#13462)core: Changes to pull official packer plugins binaries from official site (releases.hashicorp.com). This change allows Packer to automatically download and install official plugins from the HashiCorp official release site. This change standardizes our release process and ensures a more secure and reliable pipeline for plugin delivery. GH-13431
core: Updated the docs related to packer provisioners GH-13412
core/HCP: This change corrects the example docs to move the registry block to the top level of the template file GH-13427
core: This update adds a new section explaining conditional expressions in HCL, including syntax, usage examples, and best practices for clarity and maintainability. The documentation covers how to use conditionals for default values, dynamic argument omission, and recommends using locals for complex logic. GH-13429
Fixed issues with powershell script execution by ensuring environment variables are correctly set, appending newline characters to prevent formatting-related errors, and updating acceptance tests to use regex matching for more reliable assertions.
Starting with Packer v1.13.1, the way PowerShell commands are executed has changed. Packer now uses the -File operator to run PowerShell scripts by default. As part of this update, Packer prepends certain preamble logic to the script before adding your script content.
The default command now looks like:
powershell -executionpolicy <execution_policy> -file {{.Path}}
Here, {{.Path}} refers to the path of the temporary script file generated by Packer. When using the script or scripts block, Packer injects the preamble logic at the top of this script file.
If your script relies on specific PowerShell constructs (such as module imports, parameter declarations, or function definitions) that must appear at the top of the script, we recommend wrapping your script content inside a function and invoking it. This helps avoid any conflicts or ordering issues introduced by the preamble logic.
core: Enhanced the existing inline field in the shell provisioner to support any script with its own shebang (#!). Allows users to provide scripts directly in the inline field, making it possible to use scripts generated by functions like templatefile. Ensures that the shell provisioner executes the given script as intended, honoring the script's shebang line. GH-13313
core: Added new built-in functions to Packer: sum startswith endswith These new functions expand the capabilities for template logic and variable handling in Packer builds. GH-13349
hcl2: Added the ability for the packer fmt command to format multiple HCL files at once. This enhancement allows users to format several files in a single command invocation. GH-13362
hcl2: Added top level hcp_packer_registry block (this configuration was previously nested inside the build block and is still valid but deprecated) GH-13314
core: Updated the documentation to explicitly state that a trailing slash is required when uploading directories, regardless of the guest OS. This clarification is intended to ensure consistent behavior and prevent confusion, especially for Windows users. GH-13309
core: Fixed an error occurring when using the --use-sequential-evaluation flag with packer console. Updated the FlagSets to correctly include this flag, resolving the error. GH-13316
core: added a wrapper around inline PowerShell commands executed by the provisioner to catch errors and ensure the Packer build fails if any command results in an error. https://github.com/hashicorp/packer/pull/13334
hcl2: Ensures that Packer now preserves the user-defined order of variable files as input by the user. This change maintains the intended precedence of variables, honoring the order specified on the command line. GH-13350
core: add support for a DAG-based evaluation on locals and datasources.
A long-standing odditiy of Packer has been the order of evaluation for
locals and data sources. In previous versions of Packer, the
data sources were evaluated first, then the local variables were, making
it impossible to have a datasource that referenced a local variable as
part of its configuration.
This change introduces a Directed Acyclic Graph (DAG) to evaluate those
resources, instead of the phased approach of old, which makes the order
of evaluation not dependent on the type of resource, but instead of the
detected dependencies between them.
Note: While we are confident this should be robust enough for general
use, we do recognise that it is possible some users might encounter issues.
To give those users a way to continue using the old evaluation method, we
introduced a -use-sequential-evaluation command-line flag to the build,
validate, console and inspect subcommands, to force using the sequential
evaluation approach for those entities.
GH-13155
core/hcp: support for uploading SBOMs to HCP Packer. Software Bill of Materials (SBOM) are a standardised way to export the various software packages linked to an artifact. As some users have expressed a need to produce and access those for images they build, we now add the feature to Packer itself. While the generation of the SBOM itself is not done directly by Packer, instead we recommend using known scanners to produce them, we add the capacity to upload this SBOM file to HCP Packer, and link it to a build artifact. GH-13171
core: support for alternate serialisation formats for plugin communication.
Packer relies on plugins to do most of the actual workload related to
building and provisioing artifacts, while Packer is mostly an orchestrator
for those plugins to perform their work.
This separation of concerns implies that both entities have to
communicate on multiple occasions during the course of a build.
Before v1.12.0 of Packer, and v0.6.0 of the plugin SDK, we used Gob to
do most of the serialisation for those steps.
This is however a bit of a problem recently, as go-cty, the library we
use for dynamic objects lifted from HCL templates, dropped support for
this a while back.
Therefore now, we introduce an alternative: protobuf/msgpack, which are
both usable and maintained by the projects around Packer, so we can begin
our transition away from gob with this change.
Note: as with the introduction of the DAG for locals/datasources, this
is a feature that we are reasonably confident you will not encounter bugs
with, however we cannot rule-out this possibility, therefore we introduce
a new environment variable: PACKER_FORCE_GOB, which if set to '1', forces
the use of Gob instead of protobuf/msgpack.
GH-13120
aws_secretsmanager_raw funcion.
When using the AWS secretsmanager function with a non-text secret, one could
only get a secret once at a time.
This could get cumbersome if wanting to get multiple through one request,
which led people to encode their JSON/Object secrets as a big base64
encoded string that they could get once, and then manipulate through JSON
functions.
While the workaround works, it is one extra layer of manipulations to do so,
therefore a new function to always get the raw textual version of a secret
is now added to Packer.
GH-13242alltrue and anytrue functions.
As with Terraform, Packer now supports the HCL functions alltrue and
anytrue, which returns whether or not a collection only consists of
true values, or if any is.
GH-13237strcontains function.
As with Terraform, Packer now supports the HCL function strcontains,
which returns whether or not a string contains a substring within it.
GH-13217
GH-13222base64gzip function.
In some cases, small blobs may need to be kept in memory, and injected in
a template somewhere else, but if the blob needs to be minimised, the
base64gzip function can be invoked to compress the blob and expose it
as a valid HCL2 string for use later.
GH-13142A LICENSE.txt file has been added to the Packer release artifacts. GH-12931 GH-12940
Breaking Change: Support for loading single-component plugins has been removed from Packer. GH-12785
Breaking Change: Support for loading plugin binaries following the naming convention of packer-plugin-name has been dropped. Packer will now only load plugins stored under the Packer plugin directory using the expected namespaced directory and CHECKSUM files. This change drops support for loading plugin binaries in Packer's executable directory or a template's current working directory. GH-12828
/Users/dev/.packer.d/plugins
└── github.com
└── hashicorp
└── happycloud
├── packer-plugin-happycloud_v0.0.1_x5.0_darwin_arm64
└── packer-plugin-happycloud_v0.0.1_x5.0_darwin_arm64_SHA256SUM-ignore-prerelease-plugins flag to disable the use of development
plugin binaries for the build and validate commands development plugin
binaries. GH-12828
GH-12882packer plugin command to packer execute to avoid user confusion with
the plugins subcommand.
GH-12865required_plugins
block. GH-12828packer plugins remove
command. This addition makes it possible to pipe commands like
packer plugins installed with it for speedy cleanup of installed plugins.
GH-12886required_plugins block to
support the installation of local plugin binary using a custom or internal
source address (e.g. mycompany.com/plugins/happyorg/happycloud). Remote
installation using packer init or packer plugins install does not
support non-GitHub source URIs. Users using alternative hosts must
install plugins manually using packer plugins install --path.
GH-12911, [GH-12962] (https://github.com/hashicorp/packer/pull/12962)packer init and packer plugin install have been updated to reject installation of such plugins.
1.0.0-dev). Users are encouraged to notify plugin maintainers of any
version mismatches.
GH-12915, GH-12953, GH-12972: or ; (depending on the platform), we
are explicitly erroring when this is discovered, with suggestions as to how
to fix the problem.
GH-12967Given the specified version constraint only versions greater than or equal to 1.1.0 will be considered.
amazon = {
source = "github.com/hashicorp/amazon"
version = ">= 1.1.0"
}
If a development binary is installed, Packer will use it if:
/Users/dev/.packer.d/plugins
└─ github.com
└─ hashicorp
└── amazon
├── packer-plugin-amazon_v1.1.0_x5.0_darwin_arm64
├── packer-plugin-amazon_v1.1.0_x5.0_darwin_arm64_SHA256SUM
├── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64
└── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64_SHA256SUMVersion 1.1.1-dev of the Amazon plugin will match the specified version constraint and be used for executing the Packer build.
If, however, a 1.1.1 release version of the plugin is available, it will have precedence over the development binary.
/Users/dev/.packer.d/plugins
└─ github.com
└─ hashicorp
└── amazon
├── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64
├── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64_SHA256SUM
├── packer-plugin-amazon_v1.1.1_x5.0_darwin_arm64
└── packer-plugin-amazon_v1.1.1_x5.0_darwin_arm64_SHA256SUM1.0.9 > 1.0.10 lexicographically, but semantically
1.0.10 > 1.0.9fmt fails due to HCL2
parsing error. GH-12870plugins install --path, this
release extends support to development plugin binaries - binaries that
report "dev" as part of their plugin version. Instead of manually placing a
downloaded binary into the executable or current working directory we
encourage you to run the command packer plugins install –path <path-to- downloaded-extracted-binary> github.com/hashicorp/happycloud to install
the binary into a Packer compatible path.
GH-12855packer plugins install.
GH-12855hcp_packer_registry block.
GH-12820hcp-packer-image data source has been deprecated, please use HCP Packer
Artifact data source instead.
GH-12794hcp-packer-iteration data source has been deprecated, please use HCP
Packer Version data source instead.
GH-12794packer.iterationID has been deprecated, please use
the new contextual variable packer.versionFingerprint. The iterationID
represents the HCP Packer iteration that build metadata has been publish
to, with this release an Iteration is now referred to as a Version and the
ID has been replaced by the Version Fingerprint.
GH-12803hcp-packer-artifact The HCP Packer Artifact Data Source
retrieves information about an artifact from the HCP Packer Registry.
GH-12794hcp-packer-version The HCP Packer Version Data Source
retrieves information about HCP Packer Version from the HCP Packer.
Registry. GH-12794This release contains breaking changes for practitioner relying on plugins
previously bundled into Packer. As specified in the Bundled Plugins Removal announcement
HashiCorp maintained plugins will no longer be shipped with Packer.
Users are encouraged to use packer init or packer plugins [...] when managing required plugins
needed for executing their builds.
GH-12660
The affected plugins include:
required_plugins block to use the new plugin source address.
required_plugins {
parallels = {
source = "github.com/hetznercloud/hcloud"
version = "~> 1"
}
}
packer init on configuration templates with a
missing required_plugins blocks.
GH-12638--path flag to packer plugins install subcommand to
support installation of plugins from a local binary rather than from
GitHub. GH-12643packer -v and packer --version to match
packer version.
GH-12569packer plugin installed to show all installed plugin
binaries, including any duplicate versions or binaries copied from a
different source URI.
GH-12731