Labsco
hashicorp logo

push-to-registry

✓ Official697

by hashicorp · part of hashicorp/agent-skills

Push Packer build metadata to HCP Packer registry for image lifecycle tracking and governance. Registers build artifacts in HCP Packer with minimal overhead, storing metadata only (not actual images) and adding less than one minute to build time Supports bucket-level labels (updated per build) and immutable build-level labels (git SHA, timestamps) for version control and compliance tracking Integrates with Terraform via hcp_packer_artifact data source to query and deploy images across...

🔥🔥🔥✓ VerifiedFreeQuick setup
🧩 One of 7 skills in the hashicorp/agent-skills package — works on its own, and pairs well with its siblings.

Push Packer build metadata to HCP Packer registry for image lifecycle tracking and governance. Registers build artifacts in HCP Packer with minimal overhead, storing metadata only (not actual images) and adding less than one minute to build time Supports bucket-level labels (updated per build) and immutable build-level labels (git SHA, timestamps) for version control and compliance tracking Integrates with Terraform via hcp_packer_artifact data source to query and deploy images across...

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.


name: push-to-registry description: Push Packer build metadata to HCP Packer registry for tracking and managing image lifecycle. Use when integrating Packer builds with HCP Packer for version control and governance.

Push to HCP Packer Registry

Configure Packer templates to push build metadata to HCP Packer registry.

Reference: HCP Packer Registry

Note: HCP Packer is free for basic use. Builds push metadata only (not actual images), adding minimal overhead (<1 minute).

Authentication

Set environment variables before building:

Copy & paste — that's it
export HCP_CLIENT_ID="your-service-principal-client-id"
export HCP_CLIENT_SECRET="your-service-principal-secret"
export HCP_ORGANIZATION_ID="your-org-id"
export HCP_PROJECT_ID="your-project-id"

packer build .

Create HCP Service Principal

  1. Navigate to HCP → Access Control (IAM)
  2. Create Service Principal
  3. Grant "Contributor" role on project
  4. Generate client secret
  5. Save client ID and secret

CI/CD Integration

GitHub Actions

Copy & paste — that's it
name: Build and Push to HCP Packer

on:
  push:
    branches: [main]

env:
  HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }}
  HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }}
  HCP_ORGANIZATION_ID: ${{ secrets.HCP_ORGANIZATION_ID }}
  HCP_PROJECT_ID: ${{ secrets.HCP_PROJECT_ID }}

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: hashicorp/setup-packer@main

      - name: Build and push
        run: |
          packer init .
          packer build \
            -var "git_commit=${{ github.sha }}" \
            .

Querying in Terraform

Copy & paste — that's it
data "hcp_packer_artifact" "ubuntu" {
  bucket_name  = "web-server"
  channel_name = "production"
  platform     = "aws"
  region       = "us-west-2"
}

resource "aws_instance" "web" {
  ami           = data.hcp_packer_artifact.ubuntu.external_identifier
  instance_type = "t3.micro"

  tags = {
    PackerBucket = data.hcp_packer_artifact.ubuntu.bucket_name
  }
}

Best Practices

  • Consistent bucket names - Never change for same image type
  • Meaningful labels - Use for versions, teams, compliance
  • CI/CD automation - Automate builds and registry pushes
  • Immutable build labels - Put changing data (git SHA, date) in build_labels

References