SECVULN: Update undici (#165)

* Bump axios in the npm_and_yarn group across 1 directory

Bumps the npm_and_yarn group with 1 update in the / directory: [axios](https://github.com/axios/axios).


Updates `axios` from 1.13.2 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.2...v1.13.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

* copy write fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kp2099 <karthik200499@gmail.com>

.copywrite.hcl

@@ -0,0 +1,14 @@
+# Copyright IBM Corp. 2020, 2026
+# SPDX-License-Identifier: Apache-2.0
+
+schema_version = 1
+
+project {
+    license          = "Apache-2.0"
+    copyright_year   = 2022
+
+    header_ignore = [
+        "dist/*",
+        "node_modules/",
+  ]
+}

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  # Dependabot only updates HashiCorp GHAs, external GHAs are managed by internal tooling (tsccr)
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "hashicorp/*"

.github/workflows/actions-self-test.yml

@@ -0,0 +1,53 @@
+---
+
+name: "GitHub Action: Self-Test"
+
+on:
+  push:
+
+env:
+  PRODUCT_VERSION: "1.10.0"
+
+jobs:
+  setup-packer:
+    name: Test `setup-packer`
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Setup `packer` (using local GitHub Action)
+        uses: "./"
+        id: setup
+        with:
+          version: ${{ env.PRODUCT_VERSION }}
+
+      - name: Print `$PATH` for `packer`
+        run: which packer
+
+      - name: Print `packer` version
+        run: packer version
+
+      - name: Validate `packer` version is accurate
+        run: "packer version | grep --silent 'Packer v${{ env.PRODUCT_VERSION }}'"
+
+      - name: Run `packer fmt`
+        run: packer fmt -check "./test/hello-world.pkr.hcl"
+
+      - name: Setup `packer` with an invalid version (using local GitHub Action)
+        uses: "./"
+        id: invalid_version
+        with:
+          version: "invalid_version"
+        continue-on-error: true
+
+      - name: Validate invalid version failed
+        if: steps.invalid_version.outcome == 'success'
+        run: echo "Installing an invalid version expected to fail but did not" && exit 1
+
+      - name: Setup `packer` with `latest` version (using local GitHub Action)
+        uses: "./"
+        id: latest_version
+
+      - name: Print `packer` version
+        run: packer version

.github/workflows/compliance.yml

@@ -0,0 +1,25 @@
+---
+
+name: "HashiCorp: Compliance"
+
+on:
+  push:
+
+permissions:
+  contents: read
+
+jobs:
+  copywrite:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3
+
+      - run: copywrite headers --plan
+
+      - run: copywrite license --plan

.github/workflows/snyk.yml

@@ -1,35 +0,0 @@
----
-name: "Security Scan: Snyk Code"
-
-on:
-  push:
-
-jobs:
-  snyk:
-    runs-on: ubuntu-latest
-
-    strategy:
-      # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast
-      fail-fast: false
-
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 1
-
-      # see https://github.com/snyk/actions/tree/master/node
-      - name: Lint Code with Snyk
-        uses: snyk/actions/node@master
-        env:
-          # see https://github.com/snyk/actions#getting-your-snyk-token
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          # see https://github.com/snyk/actions/tree/master/node#uploading-snyk-scan-results-to-github-code-scanning
-          args: --policy-path=.snyk --sarif-file-output=snyk.sarif --org=${{ secrets.SNYK_ORG }}
-
-#      # see https://github.com/github/codeql-action/tree/main/upload-sarif
-#      - name: Upload Snyk IaC results to GitHub Code Scanning
-#        uses: github/codeql-action/upload-sarif@v2
-#        with:
-#          sarif_file: snyk.sarif

.github/workflows/superlinter.yml

@@ -1,4 +1,5 @@
 ---
+
 name: "Code Quality: Super-Linter"
 
 on:
@@ -10,17 +11,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
 
       - name: Lint Code with Super-Linter
-        uses: github/super-linter@v4
+        uses: github/super-linter/slim@4e51915f4a812abf59fed160bb14595c0a38a9e7 # v6
         env:
           VALIDATE_ALL_CODEBASE: true
           DEFAULT_BRANCH: "main"
           DISABLE_ERRORS: false
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           JAVASCRIPT_DEFAULT_STYLE: "prettier"
           VALIDATE_JSON: true
           VALIDATE_MD: true

.github/workflows/test.yml

@@ -1,70 +0,0 @@
-name: test
-
-on:
-  push:
-    branches:
-      - main
-
-
-jobs:
-  setup-packer:
-    runs-on: ubuntu-latest
-    name: Test setup-packer
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      ## TODO: should use whatever current branch is, not hardcoded brnach
-      - name: Setup `packer` from renamed action
-        uses: hashicorp/setup-packer@main
-        id: setup
-        with:
-          version: "1.8.1"
-
-      - name: Print `$PATH`
-        run: which packer
-
-      - name: Print packer version
-        run: packer version
-
-      - name: Validate Packer version is latest (1.8.1)
-        run: if packer version | grep -q "Packer v1.8.1"; then echo "passed"; else exit 1; fi;
-
-      - name: Run `packer` init
-        run: packer init "${{ github.action_path }}./test/hello-world.pkr.hcl"
-
-      - name: Try to setup packer for an invalid verison
-        uses: hashicorp/setup-packer@main
-        id: ranch
-        with:
-          version: "ranch"
-        continue-on-error: true
-
-      - name: Validate invalid version failed
-        if: steps.ranch.outcome == 'success'
-        run: echo "Installing an invalid version expected to fail but did not" && exit 1
-
-      - name: Try to setup packer for a verison that has yet to be released
-        uses: hashicorp/setup-packer@main
-        id: packer3
-        with:
-          version: "3.0.0"
-        continue-on-error: true
-
-      - name: Validate invalid version failed
-        if: steps.packer3.outcome == 'success'
-        run: echo "Installing a non existant expected to fail but did not" && exit 1
-
-      - name: No version defaults to latest
-        uses: hashicorp/setup-packer@main
-        id: latest
-
-     ## TODO, don't hardcode version
-      - name: Validate Packer version is latest (currently hardcoded, need to refactor)
-        run: if packer version | grep -q "Packer v1.8.4"; then echo "passed"; else exit 1; fi;
-
-      - name: Print packer version
-        run: packer version
-
-      - name: Run `packer` init
-        run: packer init "${{ github.action_path }}./test/hello-world.pkr.hcl"

.github/workflows/typescript.yml

@@ -1,4 +1,5 @@
 ---
+
 name: "Code Quality: TypeScript"
 
 on:
@@ -9,27 +10,36 @@ jobs:
     name: Node.js
     runs-on: ubuntu-latest
 
+    env:
+      PACKAGES: "@vercel/ncc prettier"
+
     strategy:
       # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast
       fail-fast: false
       matrix:
         node-version:
-          - 18.x
+          - 20.x
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 1
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'
 
-      - name: Install NPM Packages
-        run: npm ci
+      - name: Install global NPM packages
+        run: npm install --global ${PACKAGES}
+
+      - name: Install Action-specific NPM Packages
+        run: npm install-clean
 
       - name: Build TypeScript code
-        run: npm run build
+        run: |
+          npm run-script fmt \
+          && \
+          npm run-script build

.gitignore

@@ -1,3 +1 @@
-# TODO: generate dist folder in CI 
-# dist/
 node_modules/

.release-it.json

@@ -1,34 +0,0 @@
-{
-  "git": {
-    "changelog": "git log --pretty=format:\"* %s (%h)\" ${from}...${to}",
-    "commit": true,
-    "commitArgs": ["-S"],
-    "commitMessage": "Release v${version}",
-    "requireBranch": false,
-    "requireCleanWorkingDir": true,
-    "requireCommits": true,
-    "requireUpstream": true,
-    "addUntrackedFiles": false,
-    "push": true,
-    "tag": true,
-    "tagAnnotation": "Release v${version}"
-  },
-
-  "github": {
-    "autoGenerate": true,
-    "draft": true,
-    "host": null,
-    "release": false,
-    "releaseName": "Release v${version}",
-    "releaseNotes": true,
-    "skipChecks": true,
-    "timeout": 0,
-    "web": true
-  },
-
-  "hooks": {},
-
-  "npm": {
-    "publish": false
-  }
-}

.snyk

@@ -1,19 +0,0 @@
-version: v1.25.0
-
-# see https://docs.snyk.io/snyk-cli/test-for-vulnerabilities/the-.snyk-file?q=
-ignore:
-  # see https://security.snyk.io/vuln/snyk:lic:npm:hashicorp:js-releases:MPL-2.0]
-  'snyk:lic:npm:hashicorp:js-releases:MPL-2.0':
-    - '@hashicorp/js-releases':
-        reason: acceptable license
-        expires: 2023-12-31T00:00:00.000Z
-        created: 2022-08-16T00:00:00.000Z
-
-  # see https://security.snyk.io/vuln/snyk:lic:npm:openpgp:LGPL-3.0
-  'snyk:lic:npm:openpgp:LGPL-3.0':
-    - '@hashicorp/js-releases > openpgp':
-        reason: acceptable license
-        expires: 2023-12-31T00:00:00.000Z
-        created: 2022-08-16T00:00:00.000Z
-
-patch: {}

CHANGELOG.md

@@ -1,15 +0,0 @@
-# `0.3.0` (UNRELEASED, 2022-08)
-
-* Update Dockerfile to point to packer version `1.8.2`
-* Change `target` default to `.` [#17](https://github.com/hashicorp/packer-github-actions/pull/17)
-* Mark `target` as not required [#17](https://github.com/hashicorp/packer-github-actions/pull/17)
-* Add support for working_directory [#11](https://github.com/operatehappy/packer-github-actions/pull/11)
-
-## `0.2.0` (2020-03-25)
-
-* Adds Packer action (#1) ([d80192d](https://github.com/ksatirli/packer-github-actions/commit/d80192d)), closes [#1](https://github.com/ksatirli/packer-github-actions/issues/1)
-* adds GitHub Actions for `code-quality` and `repository-management` ([2a0399e](https://github.com/ksatirli/packer-github-actions/commit/2a0399e))
-
-## `0.1.0` (2020-03-24)
-
-* adds base files ([6f7428a](https://github.com/ksatirli/packer-github-actions/commit/6f7428a))

CODEOWNERS

@@ -0,0 +1 @@
+* @hashicorp/github-actions-maintainers

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2020 HashiCorp, Inc.
+Copyright IBM Corp. 2022, 2026
 
                                  Apache License
                            Version 2.0, January 2004

README.md

@@ -1,33 +1,43 @@
-# GitHub Action: setup-packer
+# GitHub Action: `setup-packer`
 
-The `hashicorp/setup-packer` Action sets up the `packer` CLI in your GitHub Actions workflow by adding the binary to `PATH`.
+The `hashicorp/setup-packer` Action sets up the [Packer](https://www.packer.io) CLI in your GitHub Actions workflow by adding the `packer` binary to `PATH`.
+
+[![GitHub Action: Self-Test](https://github.com/hashicorp/setup-packer/actions/workflows/actions-self-test.yml/badge.svg?branch=main)](https://github.com/hashicorp/setup-packer/actions/workflows/actions-self-test.yml)
 
 ## Table of Contents
 
-- [GitHub Action: setup-packer](#github-action-setup-packer)
-  - [Table of Contents](#table-of-contents)
-  - [Requirements](#requirements)
-  - [Usage](#usage)
-  - [Author Information](#author-information)
-  - [License](#license)
+<!-- TOC -->
+* [GitHub Action: `setup-packer`](#github-action-setup-packer)
+  * [Table of Contents](#table-of-contents)
+  * [Requirements](#requirements)
+  * [Usage](#usage)
+  * [Inputs](#inputs)
+  * [Outputs](#outputs)
+  * [Integrating with HCP Packer](#integrating-with-hcp-packer)
+  * [Author Information](#author-information)
+  * [License](#license)
+<!-- TOC -->
 
 ## Requirements
 
 This GitHub Actions supports all commands that are available in the `packer` CLI.
 
-The [`build`](https://www.packer.io/docs/commands/build) command may require access to provider-specific credentials.
+The [`build`](https://developer.hashicorp.com/packer/docs/commands/build) command may require access to provider-specific credentials.
 
-Other [environment variables](https://www.packer.io/docs/commands#environment-variables) (such as `PACKER_LOG`) may be set as normal and will be picked up accordingly.
+Other [environment variables](https://developer.hashicorp.com/packer/docs/commands#environment-variables) (such as `PACKER_LOG`) may be set as normal and will be picked up accordingly.
 
 ## Usage
 
-1.) Create a GitHub Actions Workflow file (e.g.: `.github/workflows/packer.yml`):
+Create a GitHub Actions Workflow file (e.g.: `.github/workflows/packer.yml`):
 
 ```yaml
 name: packer
 
 on:
-  - push
+  push:
+
+env:
+  PRODUCT_VERSION: "1.10.0" # or: "latest"
 
 jobs:
   packer:
@@ -35,13 +45,13 @@ jobs:
     name: Run Packer
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup `packer`
         uses: hashicorp/setup-packer@main
         id: setup
         with:
-          version: "1.8.3" # or `latest`
+          version: ${{ env.PRODUCT_VERSION }}
 
       - name: Run `packer init`
         id: init
@@ -56,8 +66,8 @@ In the above example, the following definitions have been set.
 
 - The event trigger has been set to `push`. For a complete list, see [Events that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows).
 - The origin of this GitHub Action has been set as `hashicorp/setup-packer@main`. For newer versions, see the [Releases](https://github.com/hashicorp/setup-packer/releases).
-- The version of `packer` to set up has been set as `1.8.3`. For a complete list, see [releases.hashicorp.com](https://releases.hashicorp.com/packer/).
-- The Packer manifest to interact with has been set as `./image.pkr.hcl`
+- The version of `packer` to set up has been set as `1.10.0`. For a complete list, see [releases.hashicorp.com](https://releases.hashicorp.com/packer/).
+- The Packer manifest to interact with has been set as `./image.pkr.hcl`.
 
 These definitions may require updating to suit your deployment, such as specifying [self-hosted](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-self-hosted-runners) runners.
 
@@ -67,7 +77,10 @@ Additionally, you may configure [outputs](https://docs.github.com/en/actions/usi
 
 This section contains a list of all inputs that may be set for this Action.
 
-- `version` - (required) The version of `packer` to install. Defaults to `latest`.
+- `version` - The version of `packer` to install. Defaults to `latest` if unset.
+
+> [!NOTE]
+> To retrieve the `latest` version, this GitHub Action polls the HashiCorp [Releases API](https://api.releases.hashicorp.com/v1/releases/packer) and finds the latest released version of Packer that isn't marked as a pre-release (`is_prerelease`).
 
 ## Outputs
 
@@ -75,6 +88,52 @@ This section contains a list of all outputs that can be consumed from this Actio
 
 - `version` -  The version of `packer` that was installed.
 
+## Integrating with HCP Packer
+
+To integrate with HCP Packer, add your HCP Client ID and HCP Client secret as environment variables to the Packer build call.
+
+We add an `HCP_PACKER_BUILD_FINGERPRINT` in this example that is based on the workflow run ID, that way it is always unique
+
+We recommend storing these in [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) (as opposed to plain-text).
+
+For more information on using HCP Packer, see the [Getting Started tutorial](https://developer.hashicorp.com/packer/tutorials/hcp-get-started/hcp-push-image-metadata).
+
+```yaml
+name: hcp-packer
+
+on:
+  - push
+
+jobs:
+  hcp-packer:
+    runs-on: ubuntu-latest
+    name: Run Packer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: "latest"
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init ./image.pkr.hcl"
+
+      - name: Run `packer validate`
+        id: validate
+        run: "packer validate ./image.pkr.hcl"
+
+      - name: Build Artifact
+        run: packer build -color=false -on-error=abort ./image.pkr.hcl
+        env:
+          HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }}
+          HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }}
+          HCP_PACKER_BUILD_FINGERPRINT: "run.id.${{ github.run_id }}.run.attempt.${{ github.run_attempt }}"
+```
+
 ## Author Information
 
 This GitHub Action is maintained by the contributors listed on [GitHub](https://github.com/hashicorp/setup-packer/graphs/contributors).

action.yml

@@ -1,3 +1,6 @@
+# Copyright IBM Corp. 2022, 2026
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 
 name: "Setup HashiCorp Packer"
@@ -12,7 +15,7 @@ outputs:
   version:
     description: "The Packer version that was installed and added to PATH."
 runs:
-  using: "node16"
+  using: "node20"
   main: "dist/index.js"
 branding:
   icon: "package"

dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,mEAAqD;AAErD,SAAe,IAAI;;QACjB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QACxC,IAAI,OAAO,IAAI,IAAI,EAAE;YACnB,IAAI,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAA;YAClD,OAAM;SACP;QACD,IAAI;YACF,MAAM,EAAE,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;SACjD;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,KAAK,YAAY,KAAK,EAAE;gBAC1B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;aAC/B;SACF;IACH,CAAC;CAAA;AAED,IAAI,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,oDAAsC;AACtC,mEAAqD;AAExC,QAAA,OAAO,GAAG,QAAQ,CAAC;AAEhC,SAAe,IAAI;;QACjB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,mBAAmB,CAAC,eAAO,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;CAAA;AAED,IAAI,EAAE,CAAC"}

examples/hcp-packer.yml

@@ -0,0 +1,34 @@
+# Copyright IBM Corp. 2022, 2026
+# SPDX-License-Identifier: Apache-2.0
+
+name: hcp-packer
+on:
+  - push
+jobs:
+  hcp-packer:
+    runs-on: ubuntu-latest
+    name: Run Packer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: "latest"
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init ./image.pkr.hcl"
+
+      - name: Run `packer validate`
+        id: validate
+        run: "packer validate ./image.pkr.hcl"
+
+      - name: Build Artifact
+        run: "packer build -color=false -on-error=abort image.pkr.hcl"
+        env:
+          HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }}
+          HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }}
+          HCP_PACKER_BUILD_FINGERPRINT: run.id.${{ github.run_id }}.run.attempt.${{ github.run_attempt }}

examples/packer.yml

@@ -0,0 +1,29 @@
+# Copyright IBM Corp. 2022, 2026
+# SPDX-License-Identifier: Apache-2.0
+
+name: packer
+
+on:
+  - push
+
+jobs:
+  packer:
+    runs-on: ubuntu-latest
+    name: Run Packer
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: "1.10.0" # or latest
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init ./image.pkr.hcl"
+
+      - name: Run `packer validate`
+        id: validate
+        run: "packer validate ./image.pkr.hcl"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "setup-packer",
-  "version": "2.0.0",
+  "version": "3.1.0",
   "description": "A GitHub Action to install a specific version of HashiCorp Packer and add it to PATH.",
   "keywords": [
     "github-actions",
@@ -16,19 +16,20 @@
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc && ncc build --no-cache",
-    "fmt": "prettier --write 'src/*.ts'"
+    "fmt": "prettier --write 'src/*.ts'",
+    "copywrite": "copywrite headers && copywrite license"
   },
   "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@actions/io": "^1.1.2",
-    "@actions/tool-cache": "^2.0.1",
-    "@hashicorp/github-actions-core": "github:hashicorp/github-actions-core#v0.2.0",
-    "@vercel/ncc": "^0.36.0"
+    "@actions/core": "^2.0.3",
+    "@actions/http-client": "^3.0.2",
+    "@hashicorp/github-actions-core": "github:hashicorp/github-actions-core#v1.0.0"
   },
   "devDependencies": {
-    "@types/node": "^18.11.11",
-    "@types/semver": "^7.3.13",
-    "prettier": "^2.8.0",
-    "typescript": "^4.9.3"
+    "@types/node": "^22.5.0",
+    "@types/semver": "^7.5.8",
+    "typescript": "^5.5.4"
+  },
+  "overrides": {
+    "undici": "6.24.0"
   }
 }

src/index.ts

@@ -1,14 +1,21 @@
+/**
+ * Copyright IBM Corp. 2022, 2026
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
 import * as core from "@actions/core";
 import * as hc from "@hashicorp/github-actions-core";
 
+export const PRODUCT = "packer";
+
 async function main() {
-  const version = core.getInput("version")
+  const version = core.getInput("version");
   if (version == null) {
-    core.setFailed("Required field 'version' not set")
-    return
+    core.setFailed("Required field 'version' not set");
+    return;
   }
   try {
-    await hc.getHashicorpRelease("packer", version);
+    await hc.getHashicorpRelease(PRODUCT, version);
   } catch (error) {
     if (error instanceof Error) {
       core.setFailed(error.message);

test/hello-world.pkr.hcl

@@ -1,28 +1,42 @@
+# Copyright IBM Corp. 2022, 2026
+# SPDX-License-Identifier: Apache-2.0
+
+packer {
+  required_plugins {
+    # see https://github.com/hashicorp/packer-plugin-hashicups/releases/tag/v1.0.2
+    hashicups = {
+      version = ">= 1.0.0"
+      source  = "github.com/hashicorp/hashicups"
+    }
+  }
+}
+
 # file: builds.pkr.hcl
-source "file" "basic-example" {
+source "file" "basic_example" {
   content = "Lorem ipsum dolor sit amet"
-  target = "sample_artifact"
+  target  = "sample_artifact"
 }
 
 variable "bucket_name" {
-  type = string
+  type    = string
   default = "hello-world"
 }
 
 build {
-   hcp_packer_registry {
+  hcp_packer_registry {
     bucket_name = "${var.bucket_name}"
 
     description = <<EOT
 Some nice description about the image which artifact is being published to HCP Packer Registry. =D
     EOT
 
-    labels = {
-      "foo-version" = "3.4.0",
-      "foo" = "bar",
+    bucket_labels = {
+      "version" = "1.2.3",
+      "foo"     = "bar",
     }
   }
 
-  sources = ["sources.file.basic-example"]
+  sources = [
+    "sources.file.basic_example"
+  ]
 }
-