packer init tries to fetch versions if their release pipelines are strill running

[hluaces]

Overview of the Issue

packer init tries to fetch releases of the plugin when a new version is published but its github release action has not finished. As the artifacts are not present as a GitHub release, packer init returns a 404 error when trying to fetch them.

E.g.: when 1.2.5 was being built (see: https://github.com/hashicorp/packer-plugin-amazon/actions/runs/4862838453/jobs/8669730242) our packer workflows failed because we are just pinning the major version (version = "~> 1.0"):

Failed getting the "github.com/hashicorp/amazon" plugin:
2023/05/02 17:45:07 [INFO] (telemetry) Finalizing.
2 errors occurred:
	* could not get sha256 checksum file for github.com/hashicorp/amazon version 1.2.5. Is the file present on the release and correctly named ? GET https://github.com/hashicorp/packer-plugin-amazon/releases/download/v1.2.5/packer-plugin-amazon_v1.2.5_SHA256SUMS: 404  []
	* could not install any compatible version of plugin "github.com/hashicorp/amazon"


2023/05/02 17:45:08 waiting for all plugin processes to complete...

Reproduction Steps

Hard to reproduce, but:

1. Use a version pin such as "~> 1.0"
2. Wait for a new minor release of packer-plugin-amazon (I don't know if this is a problem with this particular plugin or with packer itself)
3. While the release GH action is running, try to run packer init and see how it 404s when trying to fetch the new version

Plugin and Packer version

packer version
2023/05/02 17:48:10 [INFO] Packer version: 1.8.6 [go1.18.9 linux amd64]
2023/05/02 17:48:10 [TRACE] discovering plugins in /usr/bin
2023/05/02 17:48:10 [TRACE] discovering plugins in /home/hector/.config/packer/plugins
2023/05/02 17:48:10 [DEBUG] Discovered plugin: amazon = /home/hector/.config/packer/plugins/github.com/hashicorp/amazon/packer-plugin-amazon_v1.2.1_x5.0_linux_amd64
2023/05/02 17:48:10 [DEBUG] Discovered plugin: amazon = /home/hector/.config/packer/plugins/github.com/hashicorp/amazon/packer-plugin-amazon_v1.2.4_x5.0_linux_amd64
2023/05/02 17:48:10 [INFO] found external [chroot ebs ebssurrogate ebsvolume instance] builders from amazon plugin
2023/05/02 17:48:10 [INFO] found external [import] post-processors from amazon plugin
2023/05/02 17:48:10 found external [ami parameterstore secretsmanager] datasource from amazon plugin
2023/05/02 17:48:10 [TRACE] discovering plugins in .
2023/05/02 17:48:10 [INFO] PACKER_CONFIG env var not set; checking the default config file path
2023/05/02 17:48:10 [INFO] PACKER_CONFIG env var set; attempting to open config file: /home/hector/.packerconfig
2023/05/02 17:48:10 [WARN] Config file doesn't exist: /home/hector/.packerconfig
2023/05/02 17:48:10 [INFO] Setting cache directory: /home/hector/.cache/packer
2023/05/02 17:48:10 machine readable: version []string{"1.8.6"}
2023/05/02 17:48:10 machine readable: version-prelease []string{""}
2023/05/02 17:48:10 machine readable: version-commit []string{"7c133022"}
2023/05/02 17:48:10 [INFO] (telemetry) Finalizing.
Packer v1.8.6
2023/05/02 17:48:11 waiting for all plugin processes to complete...

Simplified Packer Buildfile

I'm omitting most of the buildfile as this is the relevant bit. Let me know if I need to improve upon this:

 packer {
   required_plugins {
     amazon = {
       version = "~> 1.1"
       source  = "github.com/hashicorp/amazon"
     }
   }
 }

Operating system and Environment details

Happens in my local machine (Ubuntu 20, amd64) and while running in GitHub actions with a ubuntu-latest executor

Log Fragments and crash.log files

2023/05/02 17:45:06 [INFO] Packer version: 1.8.6 [go1.18.9 linux amd64]
2023/05/02 17:45:06 [TRACE] discovering plugins in /usr/bin
2023/05/02 17:45:06 [TRACE] discovering plugins in /home/hector/.config/packer/plugins
2023/05/02 17:45:06 [DEBUG] Discovered plugin: amazon = /home/hector/.config/packer/plugins/github.com/hashicorp/amazon/packer-plugin-amazon_v1.2.1_x5.0_linux_amd64
2023/05/02 17:45:06 [DEBUG] Discovered plugin: amazon = /home/hector/.config/packer/plugins/github.com/hashicorp/amazon/packer-plugin-amazon_v1.2.4_x5.0_linux_amd64
2023/05/02 17:45:07 [INFO] found external [chroot ebs ebssurrogate ebsvolume instance] builders from amazon plugin
2023/05/02 17:45:07 [INFO] found external [import] post-processors from amazon plugin
2023/05/02 17:45:07 found external [ami parameterstore secretsmanager] datasource from amazon plugin
2023/05/02 17:45:07 [TRACE] discovering plugins in .
2023/05/02 17:45:07 [INFO] PACKER_CONFIG env var not set; checking the default config file path
2023/05/02 17:45:07 [INFO] PACKER_CONFIG env var set; attempting to open config file: /home/hector/.packerconfig
2023/05/02 17:45:07 [WARN] Config file doesn't exist: /home/hector/.packerconfig
2023/05/02 17:45:07 [INFO] Setting cache directory: /home/hector/.cache/packer
2023/05/02 17:45:07 [TRACE] init: plugingetter.ListInstallationsOptions{FromFolders:[]string{"/usr/bin/packer", ".", "/home/hector/.config/packer/plugins"}, BinaryInstallationOptions:plugingetter.BinaryInstallationOptions{APIVersionMajor:"5", APIVersionMinor:"0", OS:"linux", ARCH:"amd64", Ext:"", Checksummers:[]plugingetter.Checksummer{plugingetter.Checksummer{Type:"sha256", Hash:(*sha256.digest)(0xc0005c5480)}}}}
2023/05/02 17:45:07 [TRACE] listing potential installations for "github.com/hashicorp/amazon" that match "~> 1.2.5". plugingetter.ListInstallationsOptions{FromFolders:[]string{"/usr/bin/packer", ".", "/home/hector/.config/packer/plugins"}, BinaryInstallationOptions:plugingetter.BinaryInstallationOptions{APIVersionMajor:"5", APIVersionMinor:"0", OS:"linux", ARCH:"amd64", Ext:"", Checksummers:[]plugingetter.Checksummer{plugingetter.Checksummer{Type:"sha256", Hash:(*sha256.digest)(0xc0005c5480)}}}}
2023/05/02 17:45:07 [TRACE] version "v1.2.1" of file "/home/hector/.config/packer/plugins/github.com/hashicorp/amazon/packer-plugin-amazon_v1.2.1_x5.0_linux_amd64" does not match constraint "~> 1.2.5"
2023/05/02 17:45:07 [TRACE] version "v1.2.4" of file "/home/hector/.config/packer/plugins/github.com/hashicorp/amazon/packer-plugin-amazon_v1.2.4_x5.0_linux_amd64" does not match constraint "~> 1.2.5"
2023/05/02 17:45:07 [TRACE] for plugin github.com/hashicorp/amazon found 0 matching installation(s)
2023/05/02 17:45:07 [TRACE] getting available versions for the github.com/hashicorp/amazon plugin
2023/05/02 17:45:07 [WARNING] github-getter: no GitHub token set, if you intend to install plugins often, please set the PACKER_GITHUB_API_TOKEN env var
2023/05/02 17:45:07 [DEBUG] github-getter: getting "https://api.github.com/repos/hashicorp/packer-plugin-amazon/git/matching-refs/tags"
2023/05/02 17:45:07 [DEBUG] will try to install: [1.2.5]
2023/05/02 17:45:07 [TRACE] fetching checksums file for the "1.2.5" version of the github.com/hashicorp/amazon plugin in "/home/hector/.config/packer/plugins/github.com/hashicorp/amazon"...
2023/05/02 17:45:07 [DEBUG] github-getter: getting "https://github.com/hashicorp/packer-plugin-amazon/releases/download/v1.2.5/packer-plugin-amazon_v1.2.5_SHA256SUMS"
2023/05/02 17:45:07 [TRACE] failed requesting: *github.ErrorResponse. GET https://github.com/hashicorp/packer-plugin-amazon/releases/download/v1.2.5/packer-plugin-amazon_v1.2.5_SHA256SUMS: 404  []
2023/05/02 17:45:07 [TRACE] could not get sha256 checksum file for github.com/hashicorp/amazon version 1.2.5. Is the file present on the release and correctly named ? GET https://github.com/hashicorp/packer-plugin-amazon/releases/download/v1.2.5/packer-plugin-amazon_v1.2.5_SHA256SUMS: 404  []
	* could not get sha256 checksum file for github.com/hashicorp/amazon version 1.2.5. Is the file present on the release and correctly named ? GET https://github.com/hashicorp/packer-plugin-amazon/releases/download/v1.2.5/packer-plugin-amazon_v1.2.5_SHA256SUMS: 404  []
	* could not install any compatible version of plugin "github.com/hashicorp/amazon"

Failed getting the "github.com/hashicorp/amazon" plugin:
2023/05/02 17:45:07 [INFO] (telemetry) Finalizing.
2 errors occurred:
	* could not get sha256 checksum file for github.com/hashicorp/amazon version 1.2.5. Is the file present on the release and correctly named ? GET https://github.com/hashicorp/packer-plugin-amazon/releases/download/v1.2.5/packer-plugin-amazon_v1.2.5_SHA256SUMS: 404  []
	* could not install any compatible version of plugin "github.com/hashicorp/amazon"


2023/05/02 17:45:08 waiting for all plugin processes to complete...

[MatthewPugliese]

This and this issue are essentially the same

[lbajolet-hashicorp]

Hi @hluaces,

As pointed out by @MatthewPugliese, this issue should now be fixed since v1.2.5 of the plugin is available.
However, this is still probably a bug with Packer, I remember fixing something similar a while back, but maybe there's something else that needs to be addressed for your case.

I'll transfer this issue over to Packer, since this is where the code that manages plugin installations lives, we'll see to fix it later.

Thanks for submitting this issue!

[lbajolet-hashicorp]

Hi @hluaces,

Out of curiosity, is the template that runs the build generated? I see that in your logs there's the following:
listing potential installations for "github.com/hashicorp/amazon" that match "~> 1.2.5".

This line hints at a version constraint of ~> 1.2.5, hence why in this instance, as 1.2.5 was not available yet, this failed.

Running packer init on a block such as the one you shared gives me this line in the logs:
listing potential installations for "github.com/hashicorp/amazon" that match "~> 1.1".

In this case,we have multiple candidates (for example in logs I had will try to install: [1.2.5 1.2.4 1.2.3 1.2.2 1.2.1 1.2.0 1.1.6 1.1.5 1.1.4 1.1.3 1.1.2 1.1.1 1.1.0]), and Packer will attempt to install them one-by-one, until the first one in this list succeeds, in the order shown in the logs.

I tested this both on the current dev version, and 1.8.6, and this seems consistent between these two versions.

Could you confirm if that's the case?

[hluaces]

This line hints at a version constraint of ~> 1.2.5, hence why in this instance, as 1.2.5 was not available yet, this failed.

I apologize, that was probably me playing around and sending the wrong log 🤦‍♂️ Our pin was version = "~> 1.1" when our actions failed, I probably used a different one without realizing when trying to open the issue.

Unfortunately our actions run without PACKER_LOGS so I'm afraid those are lost now, apologies again.

Nevertheless, I can confirm that:

• Our actions failed several times with a version = "~> 1.1" pin
• We are not using cache in our actions
• packer init template.pkr.hcl failed with the 404 error above
• At that moment in time the latest release in the repo was 1.2.4. No 1.2.5 release, draft release or tag
• At that moment the gorelease was still running

When our actions failed for the third time I tried to reproduce the issue locally, which led me to start moving the pin around to confirm my suspicions. Once I did, I unlocked my actions by using a 1.2.4 pin and then I went to opening the issue. Upon trying to fill the information in the issue template I might have used the wrong pin.

[lbajolet-hashicorp]

Hi @hluaces,

Thanks for the update!

In the current state it'll be hard to confirm there's a problem on Packer since I'm unable to reproduce the error, so in case that happens again, could you add PACKER_LOG=1 in your CI configs? I realise this will produce more verbose logs, but in the event it happens again, we'll have something to work with.

Also, since you're pinning on version ~> 1.1 in the CI environment, could you make sure the CI runs version 1.8.6?
In previous versions the missing checksum would indeed make packer fail, but this was solved with commit 9d9f6d3, which was part of the 1.8.5 release, so any Packer version >= 1.8.5 should fix this problem, so long as more than one candidate is picked.

For transparence, Packer bases itself on the tags to get the list of versions available, so even if the release is incomplete, by default, it will attempt to get 1.8.5 in this example, and fallback to a previous version, so long as you're running a version of Packer that had the missing checksum fixed.

Hope that helps! We'll keep this issue open in case the problem manifests itself again in the future, please feel free to update it if that happens again, or with any other information you may encounter.

[hluaces]

Thanks, I'll make sure to do that. If I experience further issues I'll let you know, so feel free to close the issue if you don't want it lingering around 👍

Thanks for everything 🙏

[lbajolet-hashicorp]

Hi there @hluaces,

This issue has it would seem become stale, so I'll close it now, but please feel free to reopen it if you encounter the problem again in the future, thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.