Avoid rate limit when fetching Packer plugins by using GitHub API token or caching

Published on January 15, 2025 | Written by Andreas

Packer downloads plugins from GitHub. As GitHub is rate-limiting access to their API, this may result in an error occasionally when running a GitHub workflow executing the packer init command.

$ packer init demo.pkr.hcl
1 error occurred:
  * Plugin host rate limited the plugin getter. Try again in 53m20.327077s.
HINT: Set the PACKER_GITHUB_API_TOKEN env var with a token to get more requests.
GET https://api.github.com/repos/hashicorp/packer-plugin-amazon/git/matching-refs/tags: 403 API rate limit exceeded for 13.105.117.215. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) [rate reset in 53m20s]

There are two ways to solve the issue:

  1. Increase the rate limit by setting the PACKER_GITHUB_API_TOKEN environment variable.
  2. Add caching to avoid downloading Packer plugins on every job run.

Avoid rate limit when fetching Packer plugins by using a GitHub API token or caching

Increase the rate limit by setting the PACKER_GITHUB_API_TOKEN environment variable

First, create a fine-grained personal access token. Click the Generate token button and copy the token to your clipboard.

Create a fine-grained GitHub personal access token granted read access to public repositories

Second, add a secret named PACKER_GITHUB_API_TOKEN to the GitHub repository and paste the token from the previous step.

Third, edit the GitHub workflow. Ensure that the environment variable PACKER_GITHUB_API_TOKEN is set for the step that runs packer init.

---
name: 'packer'
on:
  push:
jobs:
  build:
    steps:
    - uses: actions/checkout@v4
    - uses: hashicorp/setup-packer@main
    - name: 'Build AMI'
      env:
        PACKER_GITHUB_API_TOKEN: ${{ secrets.PACKER_GITHUB_API_TOKEN }}
      run: |
        packer init demo.pkr.hcl
        packer build demo.pkr.hcl

Doing so increases the rate limit from 60 requests/hour for unauthenticated users to 5,000 requests/hour for authenticated users.

Add caching to avoid downloading Packer plugins on every job run

Additional or alternatively, you could also configure GitHub Actions to cache the Packer plugins. To do so, add a actions/cache@v4 step, as illustrated in the following code snippet.

---
name: 'packer'
on:
  push:
jobs:
  build:
    steps:
    - uses: actions/checkout@v4
    - uses: actions/cache@v4
      with:
        path: |
                    ~/.config/packer/plugins
        key: packer-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.pkr.hcl') }}
    - uses: hashicorp/setup-packer@main
    - name: 'Build AMI'
      run: |
        packer init demo.pkr.hcl
        packer build demo.pkr.hcl

The actions/cache@v4 fetches and stores the Packer plugins stored under ~/.config/packer/plugins. The cache key ensures the cached plugins are valid as long as the operating system and architecture stay the same and no changes are made to any *.pkr.hcl files in the repository.

Summary

Avoid running into rate limits when downloading Packer plugins by setting the PACKER_GITHUB_API_TOKEN or caching the plugins between jobs. It might even make sense to combine both approaches.

Are you struggling with GitHub Actions? Let me know about your problem. We woill find a solution together! andreas@hyperenv.com.