Update changelog

Signed-off-by: divyansh42 <diagrawa@redhat.com>

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+tab_width = 4
+indent_size = 4
+end_of_line = lf
+indent_style = space
+max_line_length = 120
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{yml,yaml}]
+tab_width = 2
+indent_size = 2

.github/install_latest_buildah.sh

@@ -0,0 +1,3 @@
+sudo apt-key add - < Release.key
+sudo apt-get update -qq
+sudo apt-get -qq -y install buildah

.github/workflows/check-lowercase.yaml

@@ -0,0 +1,66 @@
+# This workflow will perform a test whenever there
+# is some change in code done to ensure that the changes
+# are not buggy and we are getting the desired output.
+name: Check Case Normalization
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'  # every day at midnight
+
+env:
+  IMAGE_NAME: ImageCaseTest
+  IMAGE_TAGS: v1 TagCaseTest
+
+jobs:
+  build:
+    name: Build image using Buildah
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
+    steps:
+
+      # Checkout buildah action github repository
+      - name: Checkout Buildah action
+        uses: actions/checkout@v4
+        with:
+          path: "buildah-build"
+
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
+      - name: Create Dockerfile
+        run: |
+          cat > Containerfile<<EOF
+          FROM busybox
+          RUN echo "hello world"
+          EOF
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: ./buildah-build/
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          layers: false
+          tags: ${{ env.IMAGE_TAGS }}
+          containerfiles: |
+            ./Containerfile
+          extra-args: |
+            --pull
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image.outputs.image }}"
+          echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
+
+      # Check if image is build
+      - name: Check images created
+        run: buildah images

.github/workflows/ci.yml

@@ -6,21 +6,21 @@ on:
 jobs:
   lint:
     name: Run ESLint
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - run: npm ci
       - run: npm run lint
-  
+
   check-dist:
     name: Check Distribution
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     env:
       BUNDLE_FILE: "dist/index.js"
       BUNDLE_COMMAND: "npm run bundle"
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Install
         run: npm ci
@@ -30,18 +30,18 @@ jobs:
         with:
           bundle_file: ${{ env.BUNDLE_FILE }}
           bundle_command: ${{ env.BUNDLE_COMMAND }}
-  
+
   check-inputs-outputs:
     name: Check Input and Output enums
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     env:
       IO_FILE: ./src/generated/inputs-outputs.ts
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Install dependencies
         run: npm ci
-    
+
       - name: Verify Input and Output enums
         uses: redhat-actions/common/action-io-generator@v1
         with:

.github/workflows/containerfile_build.yml

@@ -1,7 +1,7 @@
 # This workflow will perform a test whenever there
 # is some change in code done to ensure that the changes
 # are not buggy and we are getting the desired output.
-name: Build from dockerfile
+name: Build from containerfile
 on:
   push:
   pull_request:
@@ -15,18 +15,28 @@ env:
 jobs:
   build:
     name: Build image using Buildah
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
     steps:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
       - name: Create Dockerfile
         run: |
-          cat > Dockerfile<<EOF
+          cat > Containerfile<<EOF
           FROM busybox
           RUN echo "hello world"
           EOF
@@ -39,8 +49,8 @@ jobs:
           image: ${{ env.IMAGE_NAME }}
           layers: false
           tags: 'latest ${{ github.sha }}'
-          dockerfiles: |
-            ./Dockerfile
+          containerfiles: |
+            ./Containerfile
           extra-args: |
             --pull
 
@@ -48,6 +58,7 @@ jobs:
         run: |
           echo "Image: ${{ steps.build_image.outputs.image }}"
           echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
 
       # Check if image is build
       - name: Check images created

.github/workflows/docker_metadata_action.yml

@@ -0,0 +1,185 @@
+# This workflow will perform a test whenever there
+# is some change in code done to ensure that the changes
+# are not buggy and we are getting the desired output.
+name: Build with docker/metadata-action
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'  # every day at midnight
+
+jobs:
+  build-containerfile:
+    name: Build image with Containerfile
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
+    env:
+      IMAGE_NAME: "hello-world"
+
+    steps:
+
+      # Checkout buildah action github repository
+      - name: Checkout Buildah action
+        uses: actions/checkout@v4
+
+      - name: Docker Metadata
+        id: docker-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+          tags: |
+            type=edge
+            type=sha
+            type=ref,event=branch
+            type=ref,event=pr
+            type=schedule
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
+
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash .github/install_latest_buildah.sh
+
+      - name: Create Dockerfile
+        run: |
+          cat > Containerfile<<EOF
+          FROM busybox
+          RUN echo "hello world"
+          EOF
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: ./
+        with:
+          layers: false
+          tags: ${{ steps.docker-metadata.outputs.tags }}
+          labels: ${{ steps.docker-metadata.outputs.labels }}
+          containerfiles: |
+            ./Containerfile
+          extra-args: |
+            --pull
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image.outputs.image }}"
+          echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
+
+      # Check if image is build
+      - name: Check images created
+        run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+      - name: Check image metadata
+        run: |
+          set -x
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.OCIv1.config.Labels."org.opencontainers.image.title"'
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.OCIv1.config.Labels."org.opencontainers.image.description"'
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.Docker.config.Labels."org.opencontainers.image.title"'
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.Docker.config.Labels."org.opencontainers.image.description"'
+
+  build-scratch:
+    name: Build image without Containerfile
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
+    env:
+      PROJECT_DIR: spring-petclinic
+      IMAGE_NAME: spring-petclinic
+      MVN_REPO_DIR: ~/.m2/repository
+
+    steps:
+
+      # Checkout buildah action github repository
+      - name: Checkout Buildah action
+        uses: actions/checkout@v4
+
+      - name: Docker Metadata
+        id: docker-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+          tags: |
+            type=edge
+            type=sha
+            type=ref,event=branch
+            type=ref,event=pr
+            type=schedule
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
+
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash .github/install_latest_buildah.sh
+
+      # Checkout spring-petclinic github repository
+      - name: Checkout spring-petclinic project
+        uses: actions/checkout@v4
+        with:
+          repository: "spring-projects/spring-petclinic"
+          path: ${{ env.PROJECT_DIR }}
+
+      # Setup java.
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
+
+      # Run maven to build the project
+      - name: Maven
+        working-directory: ${{ env.PROJECT_DIR }}
+        run: |
+          mvn package -ntp -B
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: ./
+        with:
+          tags: ${{ steps.docker-metadata.outputs.tags }}
+          labels: ${{ steps.docker-metadata.outputs.labels }}
+          base-image: 'registry.access.redhat.com/openjdk/openjdk-11-rhel7'
+          # To avoid hardcoding a particular version of the binary.
+          content: |
+            ./spring-petclinic/target/spring-petclinic-*.jar
+          entrypoint: |
+            java
+            -jar
+            spring-petclinic-*.jar
+          port: 8080
+          arch: amd64
+          workdir: "."
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image.outputs.image }}"
+          echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
+
+      # Check if image is build
+      - name: Check images created
+        run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+      - name: Check image metadata
+        run: |
+          set -x
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.OCIv1.config.Labels."org.opencontainers.image.title"'
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.OCIv1.config.Labels."org.opencontainers.image.description"'
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.Docker.config.Labels."org.opencontainers.image.title"'
+          buildah inspect ${{ steps.build_image.outputs.image-with-tag }} | jq '.Docker.config.Labels."org.opencontainers.image.description"'

.github/workflows/link_check.yml

@@ -12,9 +12,9 @@ on:
 jobs:
   markdown-link-check:
     name: Check links in markdown
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: gaurav-nelson/github-action-markdown-link-check@v1
         with:
           use-verbose-mode: true

.github/workflows/multiarch.yml

@@ -7,36 +7,44 @@ on:
     - cron: '0 0 * * *'  # every day at midnight
 
 env:
-  IMAGE_NAME: hello-world-multiarch
+  PROJECT_DIR: spring-petclinic
+  MVN_REPO_DIR: ~/.m2/repository
   IMAGE_TAG: latest
 
 jobs:
-  build:
-    name: Build image using Buildah
-    runs-on: ubuntu-20.04
+  build-multiarch-containerfile:
+    name: Build multi-architecture image using Containerfile
+    env:
+      IMAGE_NAME: hello-world-multiarch
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
-        arch: [ amd64, i386, arm64v8 ]
+        install_latest: [ true, false ]
+
     steps:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
       - name: Install qemu dependency
         run: |
           sudo apt-get update
           sudo apt-get install -y qemu-user-static
 
-      - name: Create Dockerfile
+      - name: Create Containerfile
         run: |
-          cat > Dockerfile<<EOF
+          cat > Containerfile<<EOF
 
-          ARG ARCH
-          FROM docker.io/\${ARCH}/alpine:3.14
+          FROM docker.io/alpine:3.14
 
           RUN echo "hello world"
 
@@ -44,20 +52,20 @@ jobs:
           EOF
 
       - name: Build Image
-        id: build_image
+        id: build_image_multiarch
         uses: ./buildah-build/
         with:
           image: ${{ env.IMAGE_NAME }}
-          tags: ${{ env.IMAGE_TAG }}
-          arch: ${{ matrix.arch }}
-          build-args: ARCH=${{ matrix.arch }}
-          dockerfiles: |
-            ./Dockerfile
+          tags: latest v1
+          archs: amd64                    # Single arch testcase
+          containerfiles: |
+            ./Containerfile
 
       - name: Echo Outputs
         run: |
-          echo "Image: ${{ steps.build_image.outputs.image }}"
-          echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Image: ${{ steps.build_image_multiarch.outputs.image }}"
+          echo "Tags: ${{ steps.build_image_multiarch.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image_multiarch.outputs.image-with-tag }}"
 
       - name: Check images created
         run: buildah images | grep '${{ env.IMAGE_NAME }}'
@@ -65,9 +73,157 @@ jobs:
       - name: Check image metadata
         run: |
           set -x
-          buildah inspect ${{ steps.build_image.outputs.image }}:${{ env.IMAGE_TAG }} | jq ".OCIv1.architecture"
-          buildah inspect ${{ steps.build_image.outputs.image }}:${{ env.IMAGE_TAG }} | jq ".Docker.architecture"
+          buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.IMAGE_TAG }} | jq ".OCIv1.architecture"
+          buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.IMAGE_TAG }} | jq ".Docker.architecture"
 
       - name: Run image
         run: |
-          podman run --rm ${{ steps.build_image.outputs.image }}:${{ env.IMAGE_TAG }}
+          podman run --rm ${{ steps.build_image_multiarch.outputs.image }}:${{ env.IMAGE_TAG }}
+
+  build-multiplatform-containerfile:
+    name: Build multi-platform image using Containerfile
+    env:
+      IMAGE_NAME: hello-world-multiplatform
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
+    steps:
+
+      # Checkout buildah action github repository
+      - name: Checkout Buildah action
+        uses: actions/checkout@v4
+        with:
+          path: "buildah-build"
+
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
+      - name: Install qemu dependency
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+
+      - name: Create Containerfile
+        run: |
+          cat > Containerfile<<EOF
+
+          FROM docker.io/alpine:3.16
+
+          RUN echo "hello world"
+
+          ENTRYPOINT [ "sh", "-c", "echo -n 'Machine: ' && uname -m && echo -n 'Bits: ' && getconf LONG_BIT && echo 'goodbye world'" ]
+          EOF
+
+      - name: Build Image
+        id: build_image_multiplatform
+        uses: ./buildah-build/
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAG }}
+          platforms: linux/amd64, linux/ppc64le
+          containerfiles: |
+            ./Containerfile
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image_multiplatform.outputs.image }}"
+          echo "Tags: ${{ steps.build_image_multiplatform.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image_multiplatform.outputs.image-with-tag }}"
+
+      - name: Check images created
+        run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+      - name: Check manifest
+        run: |
+          set -x
+          buildah manifest inspect ${{ steps.build_image_multiplatform.outputs.image }}:${{ env.IMAGE_TAG }}
+
+      - name: Run image
+        run: |
+          podman run --rm ${{ steps.build_image_multiplatform.outputs.image }}:${{ env.IMAGE_TAG }}
+
+  build-multiarch-scratch:
+    name: Build multi-architecture image from scratch
+    env:
+      IMAGE_NAME: spring-petclinic-multiarch
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
+    steps:
+
+      # Checkout buildah action github repository
+      - name: Checkout Buildah action
+        uses: actions/checkout@v4
+        with:
+          path: "buildah-build"
+
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
+      - name: Install qemu dependency
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+
+      # Checkout spring-petclinic github repository
+      - name: Checkout spring-petclinic project
+        uses: actions/checkout@v4
+        with:
+          repository: "spring-projects/spring-petclinic"
+          path: ${{ env.PROJECT_DIR }}
+
+      # Setup java.
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
+
+      # Run maven to build the project
+      - name: Maven
+        working-directory: ${{ env.PROJECT_DIR }}
+        run: |
+          mvn package -ntp -B
+
+      - name: Build Image
+        id: build_image_multiarch
+        uses: ./buildah-build/
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAG }}
+          base-image: 'registry.access.redhat.com/openjdk/openjdk-11-rhel7'
+          archs: amd64, i386, ppc64le
+          # To avoid hardcoding a particular version of the binary.
+          content: |
+            ./spring-petclinic/target/spring-petclinic-*.jar
+          entrypoint: |
+            java
+            -jar
+            spring-petclinic-*.jar
+          port: 8080
+          workdir: "."
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image_multiarch.outputs.image }}"
+          echo "Tags: ${{ steps.build_image_multiarch.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image_multiarch.outputs.image-with-tag }}"
+
+      - name: Check images created
+        run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+      - name: Check manifest
+        run: |
+          set -x
+          buildah manifest inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.IMAGE_TAG }}

.github/workflows/scratch_build.yml

@@ -17,42 +17,39 @@ env:
 jobs:
   build:
     name: Build image using Buildah
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
     steps:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
       # Checkout spring-petclinic github repository
       - name: Checkout spring-petclinic project
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           repository: "spring-projects/spring-petclinic"
           path: ${{ env.PROJECT_DIR }}
 
-      # If none of these files has changed, we assume that the contents of
-      # .m2/repository can be fetched from the cache.
-      - name: Hash Maven files
-        working-directory: ${{ env.PROJECT_DIR }}
-        run: |
-          echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV
-
-      # Download the m2 repository from the cache to speed up the build.
-      - name: Check for Maven cache
-        id: check-mvn-cache
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Setup java.
       - name: Setup Java
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
 
       # Run maven to build the project
       - name: Maven
@@ -60,14 +57,6 @@ jobs:
         run: |
           mvn package -ntp -B
 
-       # If there was no cache hit above, store the output into the cache now.
-      - name: Save Maven repo into cache
-        if: ${{ steps.check-mvn-cache.outputs.cache-hit }} != 'true'
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Build image using Buildah action
       - name: Build Image
         id: build_image
@@ -91,6 +80,7 @@ jobs:
         run: |
           echo "Image: ${{ steps.build_image.outputs.image }}"
           echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
 
       # Check if image is build
       - name: Check images created

.github/workflows/security_scan.yml

@@ -0,0 +1,36 @@
+name: Vulnerability Scan with CRDA
+on:
+  # push:
+  workflow_dispatch:
+  # pull_request_target:
+  #   types: [ assigned, opened, synchronize, reopened, labeled, edited ]
+  # schedule:
+  #   - cron: '0 0 * * *'  # every day at midnight
+
+jobs:
+  crda-scan:
+    runs-on: ubuntu-22.04
+    name: Scan project vulnerability with CRDA
+    steps:
+
+      - uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install CRDA
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          source: github
+          github_pat: ${{ github.token }}
+          crda: "latest"
+
+      - name: CRDA Scan
+        id: scan
+        uses: redhat-actions/crda@v1
+        with:
+          crda_key: ${{ secrets.CRDA_KEY }}
+          fail_on: never

.gitignore

@@ -1,2 +1,3 @@
 node_modules/
-out/
+out/
+.idea/

CHANGELOG.md

@@ -1,5 +1,32 @@
 # buildah-build Changelog
 
+## v2.13
+- Update action to run on Node20. https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/
+
+## v2.12
+- Forcibly remove existing manifest before creating a new one. [#103](https://github.com/redhat-actions/buildah-build/pull/103)
+
+## v2.11 
+- Update action to run on Node16. https://github.blog/changelog/2022-05-20-actions-can-now-run-in-a-node-js-16-runtime/
+
+## v2.10
+- Make image and tag in lowercase, if found in uppercase. https://github.com/redhat-actions/buildah-build/issues/89
+- Add `--tls-verify` and `extra-args` input for `buildah from` command. https://github.com/redhat-actions/buildah-build/issues/92
+- Remove kubic packages from test workflows. https://github.com/redhat-actions/buildah-build/issues/93
+
+## v2.9
+- Add support for multiple archs and platforms.
+- Allow building image manifest if multi arch or platform is provided.
+
+## v2.8
+- Allow fully qualified image names in `tags` input, for compatibility with [docker/metadata-action`](https://github.com/docker/metadata-action). [#74](https://github.com/redhat-actions/buildah-build/issues/74)
+- Support for `--platform` argument [#65](https://github.com/redhat-actions/buildah-build/issues/65)
+
+## v2.7
+- Add output `image-with-tag` which provides image name and its corresponding first tag present.
+- Replace input `dockerfiles` with `containerfiles`. Input `dockerfiles` will be present as alias of `containerfiles`.
+- Add matrix to install latest buildah. (Internal)
+
 ## v2.6.2
 - Run `buildah config` command before `buildah copy` command to use `workingDir` for copying
 

README.md

@@ -1,7 +1,7 @@
 # buildah-build
 [![CI checks](https://github.com/redhat-actions/buildah-build/workflows/CI%20checks/badge.svg)](https://github.com/redhat-actions/buildah-build/actions?query=workflow%3A%22CI+checks%22)
 [![Build](https://github.com/redhat-actions/buildah-build/workflows/Build/badge.svg)](https://github.com/redhat-actions/buildah-build/actions?query=workflow%3ABuild)
-[![Build from dockerfile](https://github.com/redhat-actions/buildah-build/workflows/Build%20from%20dockerfile/badge.svg)](https://github.com/redhat-actions/buildah-build/actions?query=workflow%3A%22Build+from+dockerfile%22)
+[![Build from containerfile](https://github.com/redhat-actions/buildah-build/workflows/Build%20from%20containerfile/badge.svg)](https://github.com/redhat-actions/buildah-build/actions?query=workflow%3A%22Build+from+containerfile%22)
 [![Link checker](https://github.com/redhat-actions/buildah-build/workflows/Link%20checker/badge.svg)](https://github.com/redhat-actions/buildah-build/actions?query=workflow%3A%22Link+checker%22)
 <br>
 <br>
@@ -21,63 +21,103 @@ After building your image, use [push-to-registry](https://github.com/redhat-acti
 
 <a id="dockerfile-build-inputs"></a>
 
-### [Inputs for build from dockerfile](https://github.com/containers/buildah/blob/main/docs/buildah-build.md)
+### [Inputs for build from containerfile](https://github.com/containers/buildah/blob/main/docs/buildah-build.1.md)
 
 | Input Name | Description | Default |
 | ---------- | ----------- | ------- |
-| arch | Label the image with this architecture, instead of defaulting to the host architecture. Refer to [Multi arch builds](#multi-arch-builds) for more information. | None (host architecture)
-| build-args | Build arguments to pass to the Docker build using `--build-arg`, if using a Dockerfile that requires ARGs. Use the form `arg_name=arg_value`, and separate arguments with newlines. | None
+| archs | Label the image with this architecture, instead of defaulting to the host architecture. Refer to [Multi arch builds](#multi-arch-builds) for more information. For multiple architectures, seperate them by a comma | None (host architecture)
+| platforms | Label the image with this platform, instead of defaulting to the host platform. Refer to [Multi arch builds](#multi-arch-builds) for more information. For multiple platforms, seperate them by a comma | None (host platform)
+| build-args | Build arguments to pass to the Docker build using `--build-arg`, if using a Containerfile that requires ARGs. Use the form `arg_name=arg_value`, and separate arguments with newlines. | None
 | context | Path to directory to use as the build context. | `.`
-| dockerfiles | The list of Dockerfile paths to perform a build using docker instructions. This is a multiline input to allow multiple Dockerfiles. | **Must be provided**
-| extra-args | Extra args to be passed to buildah bud. Separate arguments by newline. Do not use quotes. | None
-| image | Name to give to the output image. | **Must be provided**
+| containerfiles\* | The list of Containerfile paths to perform a build using docker instructions. Separate filenames by newline. | **Required**
+| extra-args | Extra args to be passed to `buildah bud`. Separate arguments by newline. Do not use quotes. | None
+| image | Name to give to the output image. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | **Required** - unless all `tags` include image name
 | layers | Set to true to cache intermediate layers during the build process. | None
-| oci | Build the image using the OCI format, instead of the Docker format. By default, this is `false`, because images built using the OCI format have issues when published to Dockerhub. | `false`
-| tags | The tags of the image to build. For multiple tags, separate by a space. For example, `latest ${{ github.sha }}` | `latest`
+| oci | Build the image using the OCI metadata format, instead of the Docker format. | `false`
+| tags | One or more tags to give the new image. Separate by whitespace. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | `latest`
+| labels | One or more labels to give the new image. Separate by newline. | None
+| tls-verify | Require HTTPS and verify certificates when accessing the registry. Set to `false` to skip the verification | `true`
+
+> \* The `containerfiles` input was previously `dockerfiles`. Refer to [this issue](https://github.com/redhat-actions/buildah-build/issues/57).
 
 <a id="scratch-build-inputs"></a>
 
-### [Inputs for build without dockerfile](https://github.com/containers/buildah/blob/master/docs/buildah-config.md)
+### [Inputs for build without containerfile](https://github.com/containers/buildah/blob/main/docs/buildah-config.1.md)
 
 | Input Name | Description | Default |
 | ---------- | ----------- | ------- |
-| arch | Label the image with this architecture, instead of defaulting to the host architecture. Refer to [Multi arch builds](#multi-arch-builds) for more information. | None (host architecture)
-| base-image | The base image to use for the container. | **Must be provided**
+| archs | Label the image with this architecture, instead of defaulting to the host architecture. Refer to [Multi arch builds](#multi-arch-builds) for more information. For multiple architectures, seperate them by a comma | None (host architecture)
+| base-image | The base image to use for the container. | **Required**
 | content | Paths to files or directories to copy inside the container to create the file image. This is a multiline input to allow you to copy multiple files/directories.| None
-| entrypoint | The entry point to set for the container. This is a multiline input; split arguments across lines. | None
-| envs | The environment variables to be set when running the container. This is a multiline input to add multiple environment variables. | None
-| image | Name to give to the output image. | **Must be provided**
-| oci | Build the image using the OCI format, instead of the Docker format. By default, this is `false`, because images built using the OCI format have issues when published to Dockerhub. | `false`
+| entrypoint | The entry point to set for the container. Separate arguments by newline. | None
+| envs | The environment variables to be set when running the container. Separate key=value pairs by newline. | None
+| image | Name to give to the output image. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | **Required** - unless all tags include image name
+| oci | Build the image using the OCI metadata format, instead of the Docker format. | `false`
 | port | The port to expose when running the container. | None
-| tags | The tags of the image to build. For multiple tags, separate by a space. For example, `latest ${{ github.sha }}` | `latest`
+| tags | One or more tags to give the new image. Separate by whitespace. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | `latest`
+| labels | One or more labels to give the new image. Separate by newline. | None
 | workdir | The working directory to use within the container. | None
+| extra-args | Extra args to be passed to `buildah from`. Separate arguments by newline. Do not use quotes. | None
+| tls-verify | Require HTTPS and verify certificates when accessing the registry. Set to `false` to skip the verification. This will be used with `buildah from` command. | `true`
+
+<a id="image-tag-inputs"></a>
+### Image and Tags Inputs
+The `image` and `tags` inputs can be provided in one of two forms.
+
+At least one tag must always be provided in `tags`. Multiple tags are separated by whitespace.
+
+**Option 1**: Provide both `image` and `tags` inputs. The image will be built, and then tagged in the form `${image}:${tag}` for each tag.
+
+For example:
+```yaml
+image: quay.io/my-namespace/my-image
+tags: v1 v1.0.0
+```
+will create the image and apply two tags: `quay.io/my-namespace/my-image:v1` and `quay.io/my-namespace/my-image:v1.0.0`.
+
+**Option 2**: Provide only the `tags` input, including the image name in each tag. The image will be built, and then tagged with each `tag`. In this case, the `image` input is ignored.
+
+For example:
+```yaml
+# 'image' input is not set
+tags: quay.io/my-namespace/my-image:v1 quay.io/my-namespace/my-image:v1.0.0
+```
+will also apply two tags: `quay.io/my-namespace/my-image:v1` and `quay.io/my-namespace/my-image:v1.0.0`.
+
+If the `tags` input does not have image names in the `${name}:${tag}` form, then the `image` input must be set.
 
 <a id="outputs"></a>
 
 ## Action Outputs
 
-`image`: The name of the built image.<br>
-For example, `spring-image`.
+`image`: The name of the image as it was input.<br>
+`tags`: A space-separated list of the tags that were applied to the new image.<br>
+`image-with-tag`: The name of the image, tagged with the first tag.<br>
 
-`tags`: A list of the tags that were created, separated by spaces.<br>
-For example, `latest ${{ github.sha }}`.
+For example:
+
+``` yml
+image: "spring-image"
+tags: "latest ${{ github.sha }}"
+image-with-tag: "spring-image:latest"
+```
 
 <a id="build-types"></a>
 
 ## Build Types
 
-You can configure the `buildah` action to build your image using one or more Dockerfiles, or none at all.
+You can configure the `buildah` action to build your image using one or more Containerfiles, or none at all.
 
 <a id="build-using-dockerfile"></a>
 
-### Building using Dockerfiles
+### Building using Containerfiles
 
-If you have been building your images with an existing Dockerfile, `buildah` can reuse your Dockerfile.
+If you have been building your images with an existing Containerfile, `buildah` can reuse your Containerfile.
 
-In this case the inputs needed are `image` and `dockerfiles`. `tag` is also recommended. If your Dockerfile requires ARGs, these can be passed using `build-arg`.
+In this case the inputs needed are `image` and `containerfiles`. `tag` is also recommended. If your Containerfile requires ARGs, these can be passed using `build-arg`.
 
 ```yaml
-name: Build Image using Dockerfile
+name: Build Image using Containerfile
 on: [push]
 
 jobs:
@@ -86,33 +126,33 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - name: Buildah Action
       uses: redhat-actions/buildah-build@v2
       with:
         image: my-new-image
         tags: v1 ${{ github.sha }}
-        dockerfiles: |
-          ./Dockerfile
+        containerfiles: |
+          ./Containerfile
         build-args: |
           some_arg=some_value
 ```
 <a id="scratch-build"></a>
 
-### Building without a Dockerfile
+### Building without a Containerfile
 
-Building without a Dockerfile requires additional inputs, that would normally be specified in the Dockerfile.
+Building without a Containerfile requires additional inputs, that would normally be specified in the Containerfile.
 
-Do not set `dockerfiles` if you are doing a build from scratch. Otherwise those Dockerfiles will be used, and the inputs below will be ignored.
+Do not set `containerfiles` if you are doing a build from scratch. Otherwise those Containerfiles will be used, and the inputs below will be ignored.
 
 - An output `image` name and usually a `tag`.
 - `base-image`
-  - In a Dockerfile, this would be the `FROM` directive.
+  - In a Containerfile, this would be the `FROM` directive.
 - `content` to copy into the new image
-  - In a Dockerfile, this would be `COPY` directives.
+  - In a Containerfile, this would be `COPY` directives.
 - `entrypoint` so the container knows what command to run.
-  - In a Dockerfile, this would be the `ENTRYPOINT`.
+  - In a Containerfile, this would be the `ENTRYPOINT`.
 - All other optional configuration inputs, such as `port`, `envs`, and `workdir`.
 
 Example of building a Spring Boot Java app image:
@@ -122,11 +162,11 @@ on: [push]
 
 jobs:
   build-image:
-    name: Build image without Dockerfile
+    name: Build image without Containerfile
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - run: mvn package
 
@@ -150,7 +190,7 @@ Refer to the [multi-arch example](./.github/workflows/multiarch.yml).
 
 ### Emulating RUN instructions
 
-Cross-architecture builds from dockerfiles containing `RUN` instructions require `qemu-user-static` emulation registered in the Linux kernel.
+Cross-architecture builds from containerfiles containing `RUN` instructions require `qemu-user-static` emulation registered in the Linux kernel.
 
 For example, run `sudo apt install qemu-user-static` on Debian hosts, or `sudo dnf install qemu-user-static` on Fedora.
 
@@ -160,17 +200,26 @@ sudo podman run --rm --privileged docker.io/tonistiigi/binfmt --install all
 ```
 This registration remains active until the host reboots.
 
-### The `arch` input
-The `arch` argument overrides the Architecture label in the output image. It does not actually affect the architectures the output image will run on. The image must still be built for the required architecture.
+### The `archs` and `platforms` inputs
+
+The `archs` and `platforms` arguments override the Architecture and Platform labels in the output image, respectively. They do not actually affect the architectures and platforms the output image will run on. The image must still be built for the required architecture or platform.
 
 There is a simple example [in this issue](https://github.com/redhat-actions/buildah-build/issues/60#issuecomment-876552452).
 
 ### Creating a Multi-Arch Image List
-Use the [buildah manifest](https://github.com/containers/buildah/blob/main/docs/buildah-manifest.md) command to bundle images into an image list, so multiple image can be referenced by the same repository tag.
 
-There are examples and explanations of the `manifest` command [in this issue](https://github.com/containers/buildah/issues/1590).
+Input `archs` and `platforms` is provided to build the multi architecture images. If one of these input is provided with the multiple archs or platforms then a [manifest](https://github.com/containers/buildah/blob/main/docs/buildah-manifest.1.md) is built with the multiple architecture images. Name of the manifest is taken from the inputs `image` and `tags`.
+Incase multiple tags are provided then multiple manifest is created based on the provided tags.
 
-This action does not support the `manifest` command at this time, but there is [an issue open](https://github.com/redhat-actions/buildah-build/issues/61).
+Use the `archs` and `platforms` inputs to build multi-architecture images. The name of the manifest is determined by the image and tags inputs.
+
+If multiple tags are provided, multiple equivalent manifests will be created with the given tags.
+
+[`push-to-registry`](https://github.com/redhat-actions/push-to-registry) action can be used to push the generated image manifest.
+
+## Build with docker/metadata-action
+
+Refer to the [docker/metadata-action example](./.github/workflows/docker_metadata_action.yml).
 
 ## Using private images
 

action.yml

@@ -1,5 +1,5 @@
 name: 'Buildah Build'
-description: 'Build a container image, with or without a Dockerfile'
+description: 'Build a container image, with or without a Containerfile'
 author: 'Red Hat'
 branding:
   icon: circle
@@ -7,16 +7,22 @@ branding:
 inputs:
   image:
     description: 'The name (reference) of the image to build'
-    required: true
+    required: false
   tags:
-    description: 'The tags of the image to build. For multiple tags, seperate by a space. For example, "latest v1".'
+    description: 'The tags of the image to build. For multiple tags, seperate by whitespace. For example, "latest v1".'
     required: false
     default: latest
+  labels:
+    description: 'The labels of the image to build. Seperate by newline. For example, "io.containers.capabilities=sys_admin,mknod".'
+    required: false
   base-image:
     description: 'The base image to use to create a new container image'
     required: false
+  containerfiles:
+    description: 'List of Containerfile paths (eg: ./Containerfile)'
+    required: false
   dockerfiles:
-    description: 'List of Dockerfile paths (eg: ./Dockerfile)'
+    description: 'Alias for "containerfiles". "containerfiles" takes precedence if both are set.'
     required: false
   context:
     description: 'Path of the directory to use as context (default: .)'
@@ -48,21 +54,41 @@ inputs:
     default: 'false'
     required: false
   arch:
-    description: 'Label the image with this ARCH, instead of defaulting to the host architecture.'
+    description:
+      'Label the image with this ARCH, instead of defaulting to the host architecture'
     required: false
   archs:
-    description: 'Alias for "arch". "arch" takes precedence if both are set.'
+    description: |
+      'Same as input 'arch', use this for multiple architectures.
+      Seperate them by a comma'
+    required: false
+  platform:
+    description: |
+      Label the image with this PLATFORM, instead of defaulting to the host platform.
+      Only supported for containerfile builds.
+    required: false
+  platforms:
+    description: |
+      'Same as input 'platform', use this for multiple platforms.
+      Seperate them by a comma'
     required: false
   extra-args:
     description: |
-      Extra args to be passed to buildah bud.
+      Extra args to be passed to buildah bud and buildah from.
       Separate arguments by newline. Do not use quotes - @actions/exec will do the quoting for you.
     required: false
+  tls-verify:
+    description: |
+      Require HTTPS and verify certificates when accessing the registry. Defaults to true.
+    required: false
+    default: 'true'
 outputs:
   image:
     description: 'Name of the image built'
   tags:
     description: 'List of the tags that were created, separated by spaces'
+  image-with-tag:
+    description: 'Name of the image tagged with the first tag present'
 runs:
-  using: 'node12'
+  using: 'node20'
   main: 'dist/index.js'

package.json

@@ -1,8 +1,8 @@
 {
   "name": "buildah-build",
-  "version": "1.0.0",
+  "version": "3.0",
   "engines": {
-    "node": "12"
+    "node": "20"
   },
   "description": "Action for building OCI-compatible images using buildah",
   "repository": {
@@ -14,27 +14,28 @@
     "compile": "tsc -p .",
     "bundle": "ncc build src/index.ts --source-map --minify",
     "clean": "rm -rf out/ dist/",
-    "lint": "eslint . --max-warnings=0"
+    "lint": "eslint . --max-warnings=0",
+    "generate-ios": "npx action-io-generator -w -o ./src/generated/inputs-outputs.ts"
   },
   "keywords": [],
   "author": "Red Hat",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.2.6",
-    "@actions/exec": "^1.0.4",
-    "@actions/io": "^1.0.2",
-    "ini": "^2.0.0"
+    "@actions/core": "1.10.1",
+    "@actions/exec": "1.1.1",
+    "@actions/io": "1.1.3",
+    "ini": "4.1.1"
   },
   "devDependencies": {
-    "@redhat-actions/action-io-generator": "^1.5.0",
-    "@redhat-actions/eslint-config": "^1.3.2",
-    "@redhat-actions/tsconfig": "^1.1.1",
-    "@types/ini": "^1.3.30",
-    "@types/node": "^12",
-    "@typescript-eslint/eslint-plugin": "^4.28.2",
-    "@typescript-eslint/parser": "^4.28.2",
-    "@vercel/ncc": "^0.25.1",
-    "eslint": "^7.30.0",
-    "typescript": "^4.3.5"
+    "@redhat-actions/action-io-generator": "1.5.0",
+    "@redhat-actions/eslint-config": "1.3.2",
+    "@redhat-actions/tsconfig": "1.2.0",
+    "@types/ini": "1.3.31",
+    "@types/node": "^20.0",
+    "@typescript-eslint/eslint-plugin": "6.7.3",
+    "@typescript-eslint/parser": "6.7.3",
+    "@vercel/ncc": "0.38.0",
+    "eslint": "8.50.0",
+    "typescript": "5.2.2"
   }
 }

src/buildah.ts

@@ -7,7 +7,7 @@ import * as core from "@actions/core";
 import * as exec from "@actions/exec";
 import * as path from "path";
 import CommandResult from "./types";
-import { isStorageDriverOverlay, findFuseOverlayfsPath } from "./utils";
+import { isStorageDriverOverlay, findFuseOverlayfsPath, getFullImageName } from "./utils";
 
 export interface BuildahConfigSettings {
     entrypoint?: string[];
@@ -15,17 +15,21 @@ export interface BuildahConfigSettings {
     port?: string;
     workingdir?: string;
     arch?: string;
+    labels?: string[];
 }
 
 interface Buildah {
     buildUsingDocker(
-        image: string, context: string, dockerFiles: string[], buildArgs: string[],
-        useOCI: boolean, arch: string, layers: string, extraArgs: string[]
+        image: string, context: string, containerFiles: string[], buildArgs: string[],
+        useOCI: boolean, labels: string[], layers: string,
+        extraArgs: string[], tlsVerify: boolean, arch?: string, platform?: string,
     ): Promise<CommandResult>;
-    from(baseImage: string): Promise<CommandResult>;
+    from(baseImage: string, tlsVerify: boolean, extraArgs: string[]): Promise<CommandResult>;
     config(container: string, setting: BuildahConfigSettings): Promise<CommandResult>;
     copy(container: string, contentToCopy: string[]): Promise<CommandResult | undefined>;
     commit(container: string, newImageName: string, useOCI: boolean): Promise<CommandResult>;
+    manifestCreate(manifest: string): Promise<void>;
+    manifestAdd(manifest: string, imageName: string, tags: string[]): Promise<void>;
 }
 
 export class BuildahCli implements Buildah {
@@ -62,23 +66,41 @@ export class BuildahCli implements Buildah {
     }
 
     async buildUsingDocker(
-        image: string, context: string, dockerFiles: string[], buildArgs: string[],
-        useOCI: boolean, arch: string, layers: string, extraArgs: string[]
+        image: string,
+        context: string,
+        containerFiles: string[],
+        buildArgs: string[],
+        useOCI: boolean,
+        labels: string[],
+        layers: string,
+        extraArgs: string[],
+        tlsVerify: boolean,
+        arch?: string,
+        platform?: string
     ): Promise<CommandResult> {
         const args: string[] = [ "bud" ];
         if (arch) {
             args.push("--arch");
             args.push(arch);
         }
-        dockerFiles.forEach((file) => {
+        if (platform) {
+            args.push("--platform");
+            args.push(platform);
+        }
+        containerFiles.forEach((file) => {
             args.push("-f");
             args.push(file);
         });
+        labels.forEach((label) => {
+            args.push("--label");
+            args.push(label);
+        });
         buildArgs.forEach((buildArg) => {
             args.push("--build-arg");
             args.push(buildArg);
         });
         args.push(...BuildahCli.getImageFormatOption(useOCI));
+        args.push(`--tls-verify=${tlsVerify}`);
         if (layers) {
             args.push(`--layers=${layers}`);
         }
@@ -91,8 +113,14 @@ export class BuildahCli implements Buildah {
         return this.execute(args);
     }
 
-    async from(baseImage: string): Promise<CommandResult> {
-        return this.execute([ "from", baseImage ]);
+    async from(baseImage: string, tlsVerify: boolean, extraArgs: string[]): Promise<CommandResult> {
+        const args: string[] = [ "from" ];
+        args.push(`--tls-verify=${tlsVerify}`);
+        if (extraArgs.length > 0) {
+            args.push(...extraArgs);
+        }
+        args.push(baseImage);
+        return this.execute(args);
     }
 
     async copy(container: string, contentToCopy: string[], contentPath?: string): Promise<CommandResult | undefined> {
@@ -102,8 +130,9 @@ export class BuildahCli implements Buildah {
 
         core.debug("copy");
         core.debug(container);
-        for (const content of contentToCopy) {
-            const args: string[] = [ "copy", container, content ];
+        core.debug("content: " + contentToCopy.join(" "));
+        if (contentToCopy.length > 0) {
+            const args: string[] = [ "copy", container ].concat(contentToCopy);
             if (contentPath) {
                 args.push(contentPath);
             }
@@ -139,6 +168,12 @@ export class BuildahCli implements Buildah {
             args.push("--workingdir");
             args.push(settings.workingdir);
         }
+        if (settings.labels) {
+            settings.labels.forEach((label) => {
+                args.push("--label");
+                args.push(label);
+            });
+        }
         args.push(container);
         return this.execute(args);
     }
@@ -154,13 +189,51 @@ export class BuildahCli implements Buildah {
         return this.execute(args);
     }
 
-    async tag(imageName: string, tags: string[]): Promise<CommandResult> {
+    async tag(imageName: string, tags: string[]): Promise<void> {
         const args: string[] = [ "tag" ];
+        const builtImage = [];
         for (const tag of tags) {
-            args.push(`${imageName}:${tag}`);
+            args.push(getFullImageName(imageName, tag));
+            builtImage.push(getFullImageName(imageName, tag));
         }
         core.info(`Tagging the built image with tags ${tags.toString()}`);
-        return this.execute(args);
+        await this.execute(args);
+        core.info(`✅ Successfully built image${builtImage.length !== 1 ? "s" : ""} "${builtImage.join(", ")}"`);
+    }
+
+    // Unfortunately buildah doesn't support the exists command yet
+    // https://github.com/containers/buildah/issues/4217
+
+    // async manifestExists(manifest: string): Promise<boolean> {
+    //     const args: string[] = [ "manifest", "exists" ];
+    //     args.push(manifest);
+    //     const execOptions: exec.ExecOptions = {ignoreReturnCode: true};
+    //     core.info(`Checking if manifest ${manifest} exists`);
+    //     const {exitCode} = await this.execute(args, execOptions);
+    //     return exitCode ? false : true;
+    // }
+
+    async manifestRm(manifest: string): Promise<void> {
+        const execOptions: exec.ExecOptions = { ignoreReturnCode: true };
+        const args: string[] = [ "manifest", "rm" ];
+        args.push(manifest);
+        core.info(`Removing existing manifest ${manifest}`);
+        await this.execute(args, execOptions);
+    }
+
+    async manifestCreate(manifest: string): Promise<void> {
+        const args: string[] = [ "manifest", "create" ];
+        args.push(manifest);
+        core.info(`Creating manifest ${manifest}`);
+        await this.execute(args);
+    }
+
+    async manifestAdd(manifest: string, image: string): Promise<void> {
+        const args: string[] = [ "manifest", "add" ];
+        args.push(manifest);
+        args.push(image);
+        core.info(`Adding image "${image}" to the manifest.`);
+        await this.execute(args);
     }
 
     private static convertArrayToStringArg(args: string[]): string {

src/generated/inputs-outputs.ts

@@ -1,13 +1,14 @@
 // This file was auto-generated by action-io-generator. Do not edit by hand!
 export enum Inputs {
     /**
-     * Label the image with this ARCH, instead of defaulting to the host architecture.
+     * Label the image with this ARCH, instead of defaulting to the host architecture
      * Required: false
      * Default: None.
      */
     ARCH = "arch",
     /**
-     * Alias for "arch". "arch" takes precedence if both are set.
+     * 'Same as input 'arch', use this for multiple architectures.
+     * Seperate them by a comma'
      * Required: false
      * Default: None.
      */
@@ -24,6 +25,12 @@ export enum Inputs {
      * Default: None.
      */
     BUILD_ARGS = "build-args",
+    /**
+     * List of Containerfile paths (eg: ./Containerfile)
+     * Required: false
+     * Default: None.
+     */
+    CONTAINERFILES = "containerfiles",
     /**
      * List of files/directories to copy inside the base image
      * Required: false
@@ -37,7 +44,7 @@ export enum Inputs {
      */
     CONTEXT = "context",
     /**
-     * List of Dockerfile paths (eg: ./Dockerfile)
+     * Alias for "containerfiles". "containerfiles" takes precedence if both are set.
      * Required: false
      * Default: None.
      */
@@ -55,7 +62,7 @@ export enum Inputs {
      */
     ENVS = "envs",
     /**
-     * Extra args to be passed to buildah bud.
+     * Extra args to be passed to buildah bud and buildah from.
      * Separate arguments by newline. Do not use quotes - @actions/exec will do the quoting for you.
      * Required: false
      * Default: None.
@@ -63,10 +70,16 @@ export enum Inputs {
     EXTRA_ARGS = "extra-args",
     /**
      * The name (reference) of the image to build
-     * Required: true
+     * Required: false
      * Default: None.
      */
     IMAGE = "image",
+    /**
+     * The labels of the image to build. Seperate by newline. For example, "io.containers.capabilities=sys_admin,mknod".
+     * Required: false
+     * Default: None.
+     */
+    LABELS = "labels",
     /**
      * Set to true to cache intermediate layers during build process
      * Required: false
@@ -79,6 +92,20 @@ export enum Inputs {
      * Default: "false"
      */
     OCI = "oci",
+    /**
+     * Label the image with this PLATFORM, instead of defaulting to the host platform.
+     * Only supported for containerfile builds.
+     * Required: false
+     * Default: None.
+     */
+    PLATFORM = "platform",
+    /**
+     * 'Same as input 'platform', use this for multiple platforms.
+     * Seperate them by a comma'
+     * Required: false
+     * Default: None.
+     */
+    PLATFORMS = "platforms",
     /**
      * The port to expose when running containers based on image
      * Required: false
@@ -86,11 +113,17 @@ export enum Inputs {
      */
     PORT = "port",
     /**
-     * The tags of the image to build. For multiple tags, seperate by a space. For example, "latest v1".
+     * The tags of the image to build. For multiple tags, seperate by whitespace. For example, "latest v1".
      * Required: false
      * Default: "latest"
      */
     TAGS = "tags",
+    /**
+     * Require HTTPS and verify certificates when accessing the registry. Defaults to true.
+     * Required: false
+     * Default: "true"
+     */
+    TLS_VERIFY = "tls-verify",
     /**
      * The working directory to use within the container
      * Required: false
@@ -106,6 +139,12 @@ export enum Outputs {
      * Default: None.
      */
     IMAGE = "image",
+    /**
+     * Name of the image tagged with the first tag present
+     * Required: false
+     * Default: None.
+     */
+    IMAGE_WITH_TAG = "image-with-tag",
     /**
      * List of the tags that were created, separated by spaces
      * Required: false

src/index.ts

@@ -8,7 +8,10 @@ import * as io from "@actions/io";
 import * as path from "path";
 import { Inputs, Outputs } from "./generated/inputs-outputs";
 import { BuildahCli, BuildahConfigSettings } from "./buildah";
-import { splitByNewline } from "./utils";
+import {
+    getArch, getPlatform, getContainerfiles, getInputList, splitByNewline,
+    isFullImageName, getFullImageName, removeIllegalCharacters,
+} from "./utils";
 
 export async function run(): Promise<void> {
     if (process.env.RUNNER_OS !== "Linux") {
@@ -27,66 +30,233 @@ export async function run(): Promise<void> {
 
     const DEFAULT_TAG = "latest";
     const workspace = process.env.GITHUB_WORKSPACE || process.cwd();
-    const dockerFiles = getInputList(Inputs.DOCKERFILES);
-    const image = core.getInput(Inputs.IMAGE, { required: true });
+    const containerFiles = getContainerfiles();
+    const image = core.getInput(Inputs.IMAGE);
     const tags = core.getInput(Inputs.TAGS);
-    const tagsList: string[] = tags.split(" ");
+    const tagsList: string[] = tags.trim().split(/\s+/);
+    const labels = core.getInput(Inputs.LABELS);
+    const labelsList: string[] = labels ? splitByNewline(labels) : [];
+
+    const normalizedTagsList: string[] = [];
+    let isNormalized = false;
+    for (const tag of tagsList) {
+        normalizedTagsList.push(tag.toLowerCase());
+        if (tag.toLowerCase() !== tag) {
+            isNormalized = true;
+        }
+    }
+    const normalizedImage = image.toLowerCase();
+    if (isNormalized || image !== normalizedImage) {
+        core.warning(`Reference to image and/or tag must be lowercase.`
+        + ` Reference has been converted to be compliant with standard.`);
+    }
 
     // info message if user doesn't provides any tag
     if (tagsList.length === 0) {
         core.info(`Input "${Inputs.TAGS}" is not provided, using default tag "${DEFAULT_TAG}"`);
         tagsList.push(DEFAULT_TAG);
     }
-    const newImage = `${image}:${tagsList[0]}`;
-    const useOCI = core.getInput(Inputs.OCI) === "true";
-
-    const arch = getArch();
-
-    if (dockerFiles.length !== 0) {
-        await doBuildUsingDockerFiles(cli, newImage, workspace, dockerFiles, useOCI, arch);
-    }
-    else {
-        await doBuildFromScratch(cli, newImage, useOCI, arch);
-    }
-
-    if (tagsList.length > 1) {
-        await cli.tag(image, tagsList);
-    }
-    core.setOutput(Outputs.IMAGE, image);
-    core.setOutput(Outputs.TAGS, tags);
-}
-
-async function doBuildUsingDockerFiles(
-    cli: BuildahCli, newImage: string, workspace: string, dockerFiles: string[], useOCI: boolean, arch: string
-): Promise<void> {
-    if (dockerFiles.length === 1) {
-        core.info(`Performing build from Dockerfile`);
-    }
-    else {
-        core.info(`Performing build from ${dockerFiles.length} Dockerfiles`);
-    }
-
-    const context = path.join(workspace, core.getInput(Inputs.CONTEXT));
-    const buildArgs = getInputList(Inputs.BUILD_ARGS);
-    const dockerFileAbsPaths = dockerFiles.map((file) => path.join(workspace, file));
-    const layers = core.getInput(Inputs.LAYERS);
 
     const inputExtraArgsStr = core.getInput(Inputs.EXTRA_ARGS);
-    let buildahBudExtraArgs: string[] = [];
+    let buildahExtraArgs: string[] = [];
     if (inputExtraArgsStr) {
         // transform the array of lines into an array of arguments
         // by splitting over lines, then over spaces, then trimming.
         const lines = splitByNewline(inputExtraArgsStr);
-        buildahBudExtraArgs = lines.flatMap((line) => line.split(" ")).map((arg) => arg.trim());
+        buildahExtraArgs = lines.flatMap((line) => line.split(" ")).map((arg) => arg.trim());
     }
-    await cli.buildUsingDocker(
-        newImage, context, dockerFileAbsPaths, buildArgs, useOCI, arch, layers, buildahBudExtraArgs
-    );
+
+    // check if all tags provided are in `image:tag` format
+    const isFullImageNameTag = isFullImageName(normalizedTagsList[0]);
+    if (normalizedTagsList.some((tag) => isFullImageName(tag) !== isFullImageNameTag)) {
+        throw new Error(`Input "${Inputs.TAGS}" cannot have a mix of full name and non full name tags. Refer to https://github.com/redhat-actions/buildah-build#image-tag-inputs`);
+    }
+    if (!isFullImageNameTag && !normalizedImage) {
+        throw new Error(`Input "${Inputs.IMAGE}" must be provided when not using full image name tags. Refer to https://github.com/redhat-actions/buildah-build#image-tag-inputs`);
+    }
+
+    const newImage = getFullImageName(normalizedImage, normalizedTagsList[0]);
+    const useOCI = core.getInput(Inputs.OCI) === "true";
+
+    const archs = getArch();
+    const platforms = getPlatform();
+
+    if ((archs.length > 0) && (platforms.length > 0)) {
+        throw new Error("The --platform option may not be used in combination with the --arch option.");
+    }
+
+    const builtImage = [];
+    if (containerFiles.length !== 0) {
+        builtImage.push(...await doBuildUsingContainerFiles(
+            cli,
+            newImage,
+            workspace,
+            containerFiles,
+            useOCI,
+            archs,
+            platforms,
+            labelsList,
+            buildahExtraArgs
+        ));
+    }
+    else {
+        if (platforms.length > 0) {
+            throw new Error("The --platform option is not supported for builds without containerfiles.");
+        }
+        builtImage.push(...await doBuildFromScratch(cli, newImage, useOCI, archs, labelsList, buildahExtraArgs));
+    }
+
+    if ((archs.length > 1) || (platforms.length > 1)) {
+        core.info(`Creating manifest with tag${normalizedTagsList.length !== 1 ? "s" : ""} `
+            + `"${normalizedTagsList.join(", ")}"`);
+        const builtManifest = [];
+        for (const tag of normalizedTagsList) {
+            const manifestName = getFullImageName(normalizedImage, tag);
+            // Force-remove existing manifest to prevent errors on recurring build on the same machine
+            await cli.manifestRm(manifestName);
+            await cli.manifestCreate(manifestName);
+            builtManifest.push(manifestName);
+
+            for (const arch of archs) {
+                const tagSuffix = removeIllegalCharacters(arch);
+                await cli.manifestAdd(manifestName, `${newImage}-${tagSuffix}`);
+            }
+
+            for (const platform of platforms) {
+                const tagSuffix = removeIllegalCharacters(platform);
+                await cli.manifestAdd(manifestName, `${newImage}-${tagSuffix}`);
+            }
+        }
+
+        core.info(`✅ Successfully built image${builtImage.length !== 1 ? "s" : ""} "${builtImage.join(", ")}" `
+            + `and manifest${builtManifest.length !== 1 ? "s" : ""} "${builtManifest.join(", ")}"`);
+    }
+    else if (normalizedTagsList.length > 1) {
+        await cli.tag(normalizedImage, normalizedTagsList);
+    }
+    else if (normalizedTagsList.length === 1) {
+        core.info(`✅ Successfully built image "${getFullImageName(normalizedImage, normalizedTagsList[0])}"`);
+    }
+
+    core.setOutput(Outputs.IMAGE, normalizedImage);
+    core.setOutput(Outputs.TAGS, tags);
+    core.setOutput(Outputs.IMAGE_WITH_TAG, newImage);
+}
+
+async function doBuildUsingContainerFiles(
+    cli: BuildahCli,
+    newImage: string,
+    workspace: string,
+    containerFiles: string[],
+    useOCI: boolean,
+    archs: string[],
+    platforms: string[],
+    labels: string[],
+    extraArgs: string[]
+): Promise<string[]> {
+    if (containerFiles.length === 1) {
+        core.info(`Performing build from Containerfile`);
+    }
+    else {
+        core.info(`Performing build from ${containerFiles.length} Containerfiles`);
+    }
+
+    const context = path.join(workspace, core.getInput(Inputs.CONTEXT));
+    const buildArgs = getInputList(Inputs.BUILD_ARGS);
+    const containerFileAbsPaths = containerFiles.map((file) => path.join(workspace, file));
+    const layers = core.getInput(Inputs.LAYERS);
+    const tlsVerify = core.getInput(Inputs.TLS_VERIFY) === "true";
+
+    const builtImage = [];
+    // since multi arch image can not have same tag
+    // therefore, appending arch/platform in the tag
+    if (archs.length > 0 || platforms.length > 0) {
+        for (const arch of archs) {
+            // handling it seperately as, there is no need of
+            // tagSuffix if only one image has to be built
+            let tagSuffix = "";
+            if (archs.length > 1) {
+                tagSuffix = `-${removeIllegalCharacters(arch)}`;
+            }
+            await cli.buildUsingDocker(
+                `${newImage}${tagSuffix}`,
+                context,
+                containerFileAbsPaths,
+                buildArgs,
+                useOCI,
+                labels,
+                layers,
+                extraArgs,
+                tlsVerify,
+                arch
+            );
+            builtImage.push(`${newImage}${tagSuffix}`);
+        }
+
+        for (const platform of platforms) {
+            let tagSuffix = "";
+            if (platforms.length > 1) {
+                tagSuffix = `-${removeIllegalCharacters(platform)}`;
+            }
+            await cli.buildUsingDocker(
+                `${newImage}${tagSuffix}`,
+                context,
+                containerFileAbsPaths,
+                buildArgs,
+                useOCI,
+                labels,
+                layers,
+                extraArgs,
+                tlsVerify,
+                undefined,
+                platform
+            );
+            builtImage.push(`${newImage}${tagSuffix}`);
+        }
+    }
+
+    else if (archs.length === 1 || platforms.length === 1) {
+        await cli.buildUsingDocker(
+            newImage,
+            context,
+            containerFileAbsPaths,
+            buildArgs,
+            useOCI,
+            labels,
+            layers,
+            extraArgs,
+            tlsVerify,
+            archs[0],
+            platforms[0]
+        );
+        builtImage.push(newImage);
+    }
+    else {
+        await cli.buildUsingDocker(
+            newImage,
+            context,
+            containerFileAbsPaths,
+            buildArgs,
+            useOCI,
+            labels,
+            layers,
+            extraArgs,
+            tlsVerify
+        );
+        builtImage.push(newImage);
+    }
+
+    return builtImage;
 }
 
 async function doBuildFromScratch(
-    cli: BuildahCli, newImage: string, useOCI: boolean, arch: string
-): Promise<void> {
+    cli: BuildahCli,
+    newImage: string,
+    useOCI: boolean,
+    archs: string[],
+    labels: string[],
+    extraArgs: string[]
+): Promise<string[]> {
     core.info(`Performing build from scratch`);
 
     const baseImage = core.getInput(Inputs.BASE_IMAGE, { required: true });
@@ -95,49 +265,47 @@ async function doBuildFromScratch(
     const port = core.getInput(Inputs.PORT);
     const workingDir = core.getInput(Inputs.WORKDIR);
     const envs = getInputList(Inputs.ENVS);
+    const tlsVerify = core.getInput(Inputs.TLS_VERIFY) === "true";
 
-    const container = await cli.from(baseImage);
+    const container = await cli.from(baseImage, tlsVerify, extraArgs);
     const containerId = container.output.replace("\n", "");
 
-    const newImageConfig: BuildahConfigSettings = {
-        entrypoint,
-        port,
-        workingdir: workingDir,
-        envs,
-        arch,
-    };
-    await cli.config(containerId, newImageConfig);
-    await cli.copy(containerId, content);
-    await cli.commit(containerId, newImage, useOCI);
-}
-
-function getInputList(name: string): string[] {
-    const items = core.getInput(name);
-    if (!items) {
-        return [];
+    const builtImage = [];
+    if (archs.length > 0) {
+        for (const arch of archs) {
+            let tagSuffix = "";
+            if (archs.length > 1) {
+                tagSuffix = `-${removeIllegalCharacters(arch)}`;
+            }
+            const newImageConfig: BuildahConfigSettings = {
+                entrypoint,
+                port,
+                workingdir: workingDir,
+                envs,
+                arch,
+                labels,
+            };
+            await cli.config(containerId, newImageConfig);
+            await cli.copy(containerId, content);
+            await cli.commit(containerId, `${newImage}${tagSuffix}`, useOCI);
+            builtImage.push(`${newImage}${tagSuffix}`);
+        }
     }
-    return items
-        .split(/\r?\n/)
-        .filter((x) => x)
-        .reduce<string[]>(
-            (acc, line) => acc.concat(line).map((pat) => pat.trim()),
-            [],
-        );
-}
-
-function getArch(): string {
-    // 'arch' should be used over 'archs', see https://github.com/redhat-actions/buildah-build/issues/60
-    const archs = core.getInput(Inputs.ARCHS);
-    const arch = core.getInput(Inputs.ARCH);
-
-    if (arch && archs) {
-        core.warning(
-            `Please use only one input of "${Inputs.ARCH}" and "${Inputs.ARCHS}". "${Inputs.ARCH}" takes precedence, `
-            + `so --arch argument will be "${arch}".`
-        );
+    else {
+        const newImageConfig: BuildahConfigSettings = {
+            entrypoint,
+            port,
+            workingdir: workingDir,
+            envs,
+            labels,
+        };
+        await cli.config(containerId, newImageConfig);
+        await cli.copy(containerId, content);
+        await cli.commit(containerId, newImage, useOCI);
+        builtImage.push(newImage);
     }
 
-    return arch || archs;
+    return builtImage;
 }
 
 run().catch(core.setFailed);

src/utils.ts

@@ -9,6 +9,7 @@ import * as core from "@actions/core";
 import * as path from "path";
 import * as io from "@actions/io";
 import * as os from "os";
+import { Inputs } from "./generated/inputs-outputs";
 
 async function findStorageDriver(filePaths: string[]): Promise<string> {
     let storageDriver = "";
@@ -54,7 +55,9 @@ export async function findFuseOverlayfsPath(): Promise<string | undefined> {
         fuseOverlayfsPath = await io.which("fuse-overlayfs");
     }
     catch (err) {
-        core.debug(err);
+        if (err instanceof Error) {
+            core.debug(err.message);
+        }
     }
 
     return fuseOverlayfsPath;
@@ -63,3 +66,108 @@ export async function findFuseOverlayfsPath(): Promise<string | undefined> {
 export function splitByNewline(s: string): string[] {
     return s.split(/\r?\n/);
 }
+
+export function getArch(): string[] {
+    const archs = getCommaSeperatedInput(Inputs.ARCHS);
+
+    const arch = core.getInput(Inputs.ARCH);
+
+    if (arch && archs.length > 0) {
+        core.warning(
+            `Both "${Inputs.ARCH}" and "${Inputs.ARCHS}" inputs are set. `
+            + `Please use "${Inputs.ARCH}" if you want to provide multiple `
+            + `ARCH else use ${Inputs.ARCH}". "${Inputs.ARCHS}" takes preference.`
+        );
+    }
+
+    if (archs.length > 0) {
+        return archs;
+    }
+    else if (arch) {
+        return [ arch ];
+    }
+    return [];
+}
+
+export function getPlatform(): string[] {
+    const platform = core.getInput(Inputs.PLATFORM);
+    const platforms = getCommaSeperatedInput(Inputs.PLATFORMS);
+
+    if (platform && platforms.length > 0) {
+        core.warning(
+            `Both "${Inputs.PLATFORM}" and "${Inputs.PLATFORMS}" inputs are set. `
+            + `Please use "${Inputs.PLATFORMS}" if you want to provide multiple `
+            + `PLATFORM else use ${Inputs.PLATFORM}". "${Inputs.PLATFORMS}" takes preference.`
+        );
+    }
+
+    if (platforms.length > 0) {
+        core.debug("return platforms");
+        return platforms;
+    }
+    else if (platform) {
+        core.debug("return platform");
+        return [ platform ];
+    }
+    core.debug("return empty");
+    return [];
+}
+
+export function getContainerfiles(): string[] {
+    // 'containerfile' should be used over 'dockerfile',
+    // see https://github.com/redhat-actions/buildah-build/issues/57
+    const containerfiles = getInputList(Inputs.CONTAINERFILES);
+    const dockerfiles = getInputList(Inputs.DOCKERFILES);
+
+    if (containerfiles.length !== 0 && dockerfiles.length !== 0) {
+        core.warning(
+            `Both "${Inputs.CONTAINERFILES}" and "${Inputs.DOCKERFILES}" inputs are set. `
+            + `Please use only one of these two inputs, as they are aliases of one another. `
+            + `"${Inputs.CONTAINERFILES}" takes precedence.`
+        );
+    }
+
+    return containerfiles.length !== 0 ? containerfiles : dockerfiles;
+}
+
+export function getInputList(name: string): string[] {
+    const items = core.getInput(name);
+    if (!items) {
+        return [];
+    }
+    const splitItems = splitByNewline(items);
+    return splitItems
+        .reduce<string[]>(
+            (acc, line) => acc.concat(line).map((item) => item.trim()),
+            [],
+        );
+}
+
+export function getCommaSeperatedInput(name: string): string[] {
+    const items = core.getInput(name);
+    if (items.length === 0) {
+        core.debug("empty");
+        return [];
+    }
+    const splitItems = items.split(",");
+    return splitItems
+        .reduce<string[]>(
+            (acc, line) => acc.concat(line).map((item) => item.trim()),
+            [],
+        );
+}
+
+export function isFullImageName(image: string): boolean {
+    return image.indexOf(":") > 0;
+}
+
+export function getFullImageName(image: string, tag: string): string {
+    if (isFullImageName(tag)) {
+        return tag;
+    }
+    return `${image}:${tag}`;
+}
+
+export function removeIllegalCharacters(item: string): string {
+    return item.replace(/[^a-zA-Z0-9 ]/g, "");
+}