Add --tls-verify and extra-args input for buildah from command (#95)

Signed-off-by: divyansh42 <diagrawa@redhat.com>

README.md

@@ -30,12 +30,13 @@ After building your image, use [push-to-registry](https://github.com/redhat-acti
 | build-args | Build arguments to pass to the Docker build using `--build-arg`, if using a Containerfile that requires ARGs. Use the form `arg_name=arg_value`, and separate arguments with newlines. | None
 | context | Path to directory to use as the build context. | `.`
 | containerfiles\* | The list of Containerfile paths to perform a build using docker instructions. Separate filenames by newline. | **Required**
-| extra-args | Extra args to be passed to buildah bud. Separate arguments by newline. Do not use quotes. | None
+| extra-args | Extra args to be passed to `buildah bud`. Separate arguments by newline. Do not use quotes. | None
 | image | Name to give to the output image. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | **Required** - unless all `tags` include image name
 | layers | Set to true to cache intermediate layers during the build process. | None
 | oci | Build the image using the OCI metadata format, instead of the Docker format. | `false`
 | tags | One or more tags to give the new image. Separate by whitespace. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | `latest`
 | labels | One or more labels to give the new image. Separate by newline. | None
+| tls-verify | Require HTTPS and verify certificates when accessing the registry. Set to `false` to skip the verification | `true`
 
 > \* The `containerfiles` input was previously `dockerfiles`. Refer to [this issue](https://github.com/redhat-actions/buildah-build/issues/57).
 
@@ -56,6 +57,8 @@ After building your image, use [push-to-registry](https://github.com/redhat-acti
 | tags | One or more tags to give the new image. Separate by whitespace. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | `latest`
 | labels | One or more labels to give the new image. Separate by newline. | None
 | workdir | The working directory to use within the container. | None
+| extra-args | Extra args to be passed to `buildah from`. Separate arguments by newline. Do not use quotes. | None
+| tls-verify | Require HTTPS and verify certificates when accessing the registry. Set to `false` to skip the verification. This will be used with `buildah from` command. | `true`
 
 <a id="image-tag-inputs"></a>
 ### Image and Tags Inputs

action.yml

@@ -74,9 +74,14 @@ inputs:
     required: false
   extra-args:
     description: |
-      Extra args to be passed to buildah bud.
+      Extra args to be passed to buildah bud and buildah from.
       Separate arguments by newline. Do not use quotes - @actions/exec will do the quoting for you.
     required: false
+  tls-verify:
+    description: |
+      Require HTTPS and verify certificates when accessing the registry. Defaults to true.
+    required: false
+    default: 'true'
 outputs:
   image:
     description: 'Name of the image built'

src/buildah.ts

@@ -22,9 +22,9 @@ interface Buildah {
     buildUsingDocker(
         image: string, context: string, containerFiles: string[], buildArgs: string[],
         useOCI: boolean, labels: string[], layers: string,
-        extraArgs: string[], arch?: string, platform?: string,
+        extraArgs: string[], tlsVerify: boolean, arch?: string, platform?: string,
     ): Promise<CommandResult>;
-    from(baseImage: string): Promise<CommandResult>;
+    from(baseImage: string, tlsVerify: boolean, extraArgs: string[]): Promise<CommandResult>;
     config(container: string, setting: BuildahConfigSettings): Promise<CommandResult>;
     copy(container: string, contentToCopy: string[]): Promise<CommandResult | undefined>;
     commit(container: string, newImageName: string, useOCI: boolean): Promise<CommandResult>;
@@ -68,7 +68,7 @@ export class BuildahCli implements Buildah {
     async buildUsingDocker(
         image: string, context: string, containerFiles: string[], buildArgs: string[],
         useOCI: boolean, labels: string[], layers: string,
-        extraArgs: string[], arch?: string, platform?: string
+        extraArgs: string[], tlsVerify: boolean, arch?: string, platform?: string
     ): Promise<CommandResult> {
         const args: string[] = [ "bud" ];
         if (arch) {
@@ -92,6 +92,7 @@ export class BuildahCli implements Buildah {
             args.push(buildArg);
         });
         args.push(...BuildahCli.getImageFormatOption(useOCI));
+        args.push(`--tls-verify=${tlsVerify}`);
         if (layers) {
             args.push(`--layers=${layers}`);
         }
@@ -104,8 +105,14 @@ export class BuildahCli implements Buildah {
         return this.execute(args);
     }
 
-    async from(baseImage: string): Promise<CommandResult> {
+    async from(baseImage: string, tlsVerify: boolean, extraArgs: string[]): Promise<CommandResult> {
-        return this.execute([ "from", baseImage ]);
+        const args: string[] = [ "from" ];
+        args.push(`--tls-verify=${tlsVerify}`);
+        if (extraArgs.length > 0) {
+            args.push(...extraArgs);
+        }
+        args.push(baseImage);
+        return this.execute(args);
     }
 
     async copy(container: string, contentToCopy: string[], contentPath?: string): Promise<CommandResult | undefined> {

src/generated/inputs-outputs.ts

@@ -62,7 +62,7 @@ export enum Inputs {
      */
     ENVS = "envs",
     /**
-     * Extra args to be passed to buildah bud.
+     * Extra args to be passed to buildah bud and buildah from.
      * Separate arguments by newline. Do not use quotes - @actions/exec will do the quoting for you.
      * Required: false
      * Default: None.
@@ -118,6 +118,12 @@ export enum Inputs {
      * Default: "latest"
      */
     TAGS = "tags",
+    /**
+     * Require HTTPS and verify certificates when accessing the registry. Defaults to true.
+     * Required: false
+     * Default: "true"
+     */
+    TLS_VERIFY = "tls-verify",
     /**
      * The working directory to use within the container
      * Required: false

src/index.ts

@@ -57,6 +57,15 @@ export async function run(): Promise<void> {
         tagsList.push(DEFAULT_TAG);
     }
 
+    const inputExtraArgsStr = core.getInput(Inputs.EXTRA_ARGS);
+    let buildahExtraArgs: string[] = [];
+    if (inputExtraArgsStr) {
+        // transform the array of lines into an array of arguments
+        // by splitting over lines, then over spaces, then trimming.
+        const lines = splitByNewline(inputExtraArgsStr);
+        buildahExtraArgs = lines.flatMap((line) => line.split(" ")).map((arg) => arg.trim());
+    }
+
     // check if all tags provided are in `image:tag` format
     const isFullImageNameTag = isFullImageName(normalizedTagsList[0]);
     if (normalizedTagsList.some((tag) => isFullImageName(tag) !== isFullImageNameTag)) {
@@ -79,13 +88,13 @@ export async function run(): Promise<void> {
     const builtImage = [];
     if (containerFiles.length !== 0) {
         builtImage.push(...await doBuildUsingContainerFiles(cli, newImage, workspace, containerFiles, useOCI,
-            archs, platforms, labelsList));
+            archs, platforms, labelsList, buildahExtraArgs));
     }
     else {
         if (platforms.length > 0) {
             throw new Error("The --platform option is not supported for builds without containerfiles.");
         }
-        builtImage.push(...await doBuildFromScratch(cli, newImage, useOCI, archs, labelsList));
+        builtImage.push(...await doBuildFromScratch(cli, newImage, useOCI, archs, labelsList, buildahExtraArgs));
     }
 
     if ((archs.length > 1) || (platforms.length > 1)) {
@@ -125,7 +134,7 @@ export async function run(): Promise<void> {
 
 async function doBuildUsingContainerFiles(
     cli: BuildahCli, newImage: string, workspace: string, containerFiles: string[], useOCI: boolean, archs: string[],
-    platforms: string[], labels: string[],
+    platforms: string[], labels: string[], extraArgs: string[]
 ): Promise<string[]> {
     if (containerFiles.length === 1) {
         core.info(`Performing build from Containerfile`);
@@ -138,15 +147,8 @@ async function doBuildUsingContainerFiles(
     const buildArgs = getInputList(Inputs.BUILD_ARGS);
     const containerFileAbsPaths = containerFiles.map((file) => path.join(workspace, file));
     const layers = core.getInput(Inputs.LAYERS);
+    const tlsVerify = core.getInput(Inputs.TLS_VERIFY) === "true";
 
-    const inputExtraArgsStr = core.getInput(Inputs.EXTRA_ARGS);
-    let buildahBudExtraArgs: string[] = [];
-    if (inputExtraArgsStr) {
-        // transform the array of lines into an array of arguments
-        // by splitting over lines, then over spaces, then trimming.
-        const lines = splitByNewline(inputExtraArgsStr);
-        buildahBudExtraArgs = lines.flatMap((line) => line.split(" ")).map((arg) => arg.trim());
-    }
     const builtImage = [];
     // since multi arch image can not have same tag
     // therefore, appending arch/platform in the tag
@@ -160,7 +162,7 @@ async function doBuildUsingContainerFiles(
             }
             await cli.buildUsingDocker(
                 `${newImage}${tagSuffix}`, context, containerFileAbsPaths, buildArgs,
-                useOCI, labels, layers, buildahBudExtraArgs, arch, undefined
+                useOCI, labels, layers, extraArgs, tlsVerify, arch, undefined
             );
             builtImage.push(`${newImage}${tagSuffix}`);
         }
@@ -172,7 +174,7 @@ async function doBuildUsingContainerFiles(
             }
             await cli.buildUsingDocker(
                 `${newImage}${tagSuffix}`, context, containerFileAbsPaths, buildArgs,
-                useOCI, labels, layers, buildahBudExtraArgs, undefined, platform
+                useOCI, labels, layers, extraArgs, tlsVerify, undefined, platform
             );
             builtImage.push(`${newImage}${tagSuffix}`);
         }
@@ -181,14 +183,14 @@ async function doBuildUsingContainerFiles(
     else if (archs.length === 1 || platforms.length === 1) {
         await cli.buildUsingDocker(
             newImage, context, containerFileAbsPaths, buildArgs,
-            useOCI, labels, layers, buildahBudExtraArgs, archs[0], platforms[0]
+            useOCI, labels, layers, extraArgs, tlsVerify, archs[0], platforms[0]
         );
         builtImage.push(newImage);
     }
     else {
         await cli.buildUsingDocker(
             newImage, context, containerFileAbsPaths, buildArgs,
-            useOCI, labels, layers, buildahBudExtraArgs
+            useOCI, labels, layers, extraArgs, tlsVerify
         );
         builtImage.push(newImage);
     }
@@ -197,7 +199,7 @@ async function doBuildUsingContainerFiles(
 }
 
 async function doBuildFromScratch(
-    cli: BuildahCli, newImage: string, useOCI: boolean, archs: string[], labels: string[],
+    cli: BuildahCli, newImage: string, useOCI: boolean, archs: string[], labels: string[], extraArgs: string[]
 ): Promise<string[]> {
     core.info(`Performing build from scratch`);
 
@@ -207,8 +209,9 @@ async function doBuildFromScratch(
     const port = core.getInput(Inputs.PORT);
     const workingDir = core.getInput(Inputs.WORKDIR);
     const envs = getInputList(Inputs.ENVS);
+    const tlsVerify = core.getInput(Inputs.TLS_VERIFY) === "true";
 
-    const container = await cli.from(baseImage);
+    const container = await cli.from(baseImage, tlsVerify, extraArgs);
     const containerId = container.output.replace("\n", "");
 
     const builtImage = [];