Update changelog

Signed-off-by: divyansh42 <diagrawa@redhat.com>

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+tab_width = 4
+indent_size = 4
+end_of_line = lf
+indent_style = space
+max_line_length = 120
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{yml,yaml}]
+tab_width = 2
+indent_size = 2

.github/install_latest_buildah.sh

@@ -1,7 +1,3 @@
-# https://github.com/containers/buildah/blob/main/install.md
-. /etc/os-release
-sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x${ID^}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
-wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/x${ID^}_${VERSION_ID}/Release.key -O Release.key
 sudo apt-key add - < Release.key
 sudo apt-get update -qq
 sudo apt-get -qq -y install buildah

.github/workflows/check-lowercase.yaml

@@ -0,0 +1,66 @@
+# This workflow will perform a test whenever there
+# is some change in code done to ensure that the changes
+# are not buggy and we are getting the desired output.
+name: Check Case Normalization
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'  # every day at midnight
+
+env:
+  IMAGE_NAME: ImageCaseTest
+  IMAGE_TAGS: v1 TagCaseTest
+
+jobs:
+  build:
+    name: Build image using Buildah
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        install_latest: [ true, false ]
+
+    steps:
+
+      # Checkout buildah action github repository
+      - name: Checkout Buildah action
+        uses: actions/checkout@v4
+        with:
+          path: "buildah-build"
+
+      - name: Install latest buildah
+        if: matrix.install_latest
+        run: |
+          bash buildah-build/.github/install_latest_buildah.sh
+
+      - name: Create Dockerfile
+        run: |
+          cat > Containerfile<<EOF
+          FROM busybox
+          RUN echo "hello world"
+          EOF
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: ./buildah-build/
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          layers: false
+          tags: ${{ env.IMAGE_TAGS }}
+          containerfiles: |
+            ./Containerfile
+          extra-args: |
+            --pull
+
+      - name: Echo Outputs
+        run: |
+          echo "Image: ${{ steps.build_image.outputs.image }}"
+          echo "Tags: ${{ steps.build_image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build_image.outputs.image-with-tag }}"
+
+      # Check if image is build
+      - name: Check images created
+        run: buildah images

.github/workflows/ci.yml

@@ -6,21 +6,21 @@ on:
 jobs:
   lint:
     name: Run ESLint
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - run: npm ci
       - run: npm run lint
-  
+
   check-dist:
     name: Check Distribution
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     env:
       BUNDLE_FILE: "dist/index.js"
       BUNDLE_COMMAND: "npm run bundle"
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Install
         run: npm ci
@@ -30,18 +30,18 @@ jobs:
         with:
           bundle_file: ${{ env.BUNDLE_FILE }}
           bundle_command: ${{ env.BUNDLE_COMMAND }}
-  
+
   check-inputs-outputs:
     name: Check Input and Output enums
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     env:
       IO_FILE: ./src/generated/inputs-outputs.ts
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Install dependencies
         run: npm ci
-    
+
       - name: Verify Input and Output enums
         uses: redhat-actions/common/action-io-generator@v1
         with:

.github/workflows/containerfile_build.yml

@@ -15,7 +15,7 @@ env:
 jobs:
   build:
     name: Build image using Buildah
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -25,7 +25,7 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 

.github/workflows/docker_metadata_action.yml

@@ -1,7 +1,7 @@
 # This workflow will perform a test whenever there
 # is some change in code done to ensure that the changes
 # are not buggy and we are getting the desired output.
-name: Build with docker/metadata-action@v2
+name: Build with docker/metadata-action
 on:
   push:
   pull_request:
@@ -12,7 +12,7 @@ on:
 jobs:
   build-containerfile:
     name: Build image with Containerfile
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -25,11 +25,11 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Docker Metadata
         id: docker-metadata
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             ${{ env.IMAGE_NAME }}
@@ -88,7 +88,7 @@ jobs:
 
   build-scratch:
     name: Build image without Containerfile
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -103,11 +103,11 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Docker Metadata
         id: docker-metadata
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             ${{ env.IMAGE_NAME }}
@@ -128,31 +128,18 @@ jobs:
 
       # Checkout spring-petclinic github repository
       - name: Checkout spring-petclinic project
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           repository: "spring-projects/spring-petclinic"
           path: ${{ env.PROJECT_DIR }}
 
-      # If none of these files has changed, we assume that the contents of
-      # .m2/repository can be fetched from the cache.
-      - name: Hash Maven files
-        working-directory: ${{ env.PROJECT_DIR }}
-        run: |
-          echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV
-
-      # Download the m2 repository from the cache to speed up the build.
-      - name: Check for Maven cache
-        id: check-mvn-cache
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Setup java.
       - name: Setup Java
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
 
       # Run maven to build the project
       - name: Maven
@@ -160,14 +147,6 @@ jobs:
         run: |
           mvn package -ntp -B
 
-       # If there was no cache hit above, store the output into the cache now.
-      - name: Save Maven repo into cache
-        if: ${{ steps.check-mvn-cache.outputs.cache-hit }} != 'true'
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Build image using Buildah action
       - name: Build Image
         id: build_image

.github/workflows/link_check.yml

@@ -12,9 +12,9 @@ on:
 jobs:
   markdown-link-check:
     name: Check links in markdown
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: gaurav-nelson/github-action-markdown-link-check@v1
         with:
           use-verbose-mode: true

.github/workflows/multiarch.yml

@@ -16,7 +16,7 @@ jobs:
     name: Build multi-architecture image using Containerfile
     env:
       IMAGE_NAME: hello-world-multiarch
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -26,7 +26,7 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
@@ -84,7 +84,7 @@ jobs:
     name: Build multi-platform image using Containerfile
     env:
       IMAGE_NAME: hello-world-multiplatform
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -94,7 +94,7 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
@@ -112,7 +112,7 @@ jobs:
         run: |
           cat > Containerfile<<EOF
 
-          FROM docker.io/alpine:3.14
+          FROM docker.io/alpine:3.16
 
           RUN echo "hello world"
 
@@ -151,7 +151,7 @@ jobs:
     name: Build multi-architecture image from scratch
     env:
       IMAGE_NAME: spring-petclinic-multiarch
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -161,7 +161,7 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
@@ -177,31 +177,18 @@ jobs:
 
       # Checkout spring-petclinic github repository
       - name: Checkout spring-petclinic project
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           repository: "spring-projects/spring-petclinic"
           path: ${{ env.PROJECT_DIR }}
 
-      # If none of these files has changed, we assume that the contents of
-      # .m2/repository can be fetched from the cache.
-      - name: Hash Maven files
-        working-directory: ${{ env.PROJECT_DIR }}
-        run: |
-          echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV
-
-      # Download the m2 repository from the cache to speed up the build.
-      - name: Check for Maven cache
-        id: check-mvn-cache
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Setup java.
       - name: Setup Java
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
 
       # Run maven to build the project
       - name: Maven
@@ -209,14 +196,6 @@ jobs:
         run: |
           mvn package -ntp -B
 
-       # If there was no cache hit above, store the output into the cache now.
-      - name: Save Maven repo into cache
-        if: ${{ steps.check-mvn-cache.outputs.cache-hit }} != 'true'
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       - name: Build Image
         id: build_image_multiarch
         uses: ./buildah-build/

.github/workflows/scratch_build.yml

@@ -17,7 +17,7 @@ env:
 jobs:
   build:
     name: Build image using Buildah
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -27,7 +27,7 @@ jobs:
 
       # Checkout buildah action github repository
       - name: Checkout Buildah action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: "buildah-build"
 
@@ -38,31 +38,18 @@ jobs:
 
       # Checkout spring-petclinic github repository
       - name: Checkout spring-petclinic project
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           repository: "spring-projects/spring-petclinic"
           path: ${{ env.PROJECT_DIR }}
 
-      # If none of these files has changed, we assume that the contents of
-      # .m2/repository can be fetched from the cache.
-      - name: Hash Maven files
-        working-directory: ${{ env.PROJECT_DIR }}
-        run: |
-          echo "MVN_HASH=${{ hashFiles('**/pom.xml', '.mvn/**/*', 'mvnw*') }}" >> $GITHUB_ENV
-
-      # Download the m2 repository from the cache to speed up the build.
-      - name: Check for Maven cache
-        id: check-mvn-cache
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Setup java.
       - name: Setup Java
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v3
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
 
       # Run maven to build the project
       - name: Maven
@@ -70,14 +57,6 @@ jobs:
         run: |
           mvn package -ntp -B
 
-       # If there was no cache hit above, store the output into the cache now.
-      - name: Save Maven repo into cache
-        if: ${{ steps.check-mvn-cache.outputs.cache-hit }} != 'true'
-        uses: actions/cache@v2
-        with:
-          path: ${{ env.MVN_REPO_DIR }}
-          key: ${{ env.MVN_HASH }}
-
       # Build image using Buildah action
       - name: Build Image
         id: build_image

.github/workflows/security_scan.yml

@@ -0,0 +1,36 @@
+name: Vulnerability Scan with CRDA
+on:
+  # push:
+  workflow_dispatch:
+  # pull_request_target:
+  #   types: [ assigned, opened, synchronize, reopened, labeled, edited ]
+  # schedule:
+  #   - cron: '0 0 * * *'  # every day at midnight
+
+jobs:
+  crda-scan:
+    runs-on: ubuntu-22.04
+    name: Scan project vulnerability with CRDA
+    steps:
+
+      - uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install CRDA
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          source: github
+          github_pat: ${{ github.token }}
+          crda: "latest"
+
+      - name: CRDA Scan
+        id: scan
+        uses: redhat-actions/crda@v1
+        with:
+          crda_key: ${{ secrets.CRDA_KEY }}
+          fail_on: never

.gitignore

@@ -1,2 +1,3 @@
 node_modules/
-out/
+out/
+.idea/

CHANGELOG.md

@@ -1,5 +1,19 @@
 # buildah-build Changelog
 
+## v2.13
+- Update action to run on Node20. https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/
+
+## v2.12
+- Forcibly remove existing manifest before creating a new one. [#103](https://github.com/redhat-actions/buildah-build/pull/103)
+
+## v2.11 
+- Update action to run on Node16. https://github.blog/changelog/2022-05-20-actions-can-now-run-in-a-node-js-16-runtime/
+
+## v2.10
+- Make image and tag in lowercase, if found in uppercase. https://github.com/redhat-actions/buildah-build/issues/89
+- Add `--tls-verify` and `extra-args` input for `buildah from` command. https://github.com/redhat-actions/buildah-build/issues/92
+- Remove kubic packages from test workflows. https://github.com/redhat-actions/buildah-build/issues/93
+
 ## v2.9
 - Add support for multiple archs and platforms.
 - Allow building image manifest if multi arch or platform is provided.

README.md

@@ -30,12 +30,13 @@ After building your image, use [push-to-registry](https://github.com/redhat-acti
 | build-args | Build arguments to pass to the Docker build using `--build-arg`, if using a Containerfile that requires ARGs. Use the form `arg_name=arg_value`, and separate arguments with newlines. | None
 | context | Path to directory to use as the build context. | `.`
 | containerfiles\* | The list of Containerfile paths to perform a build using docker instructions. Separate filenames by newline. | **Required**
-| extra-args | Extra args to be passed to buildah bud. Separate arguments by newline. Do not use quotes. | None
+| extra-args | Extra args to be passed to `buildah bud`. Separate arguments by newline. Do not use quotes. | None
 | image | Name to give to the output image. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | **Required** - unless all `tags` include image name
 | layers | Set to true to cache intermediate layers during the build process. | None
 | oci | Build the image using the OCI metadata format, instead of the Docker format. | `false`
 | tags | One or more tags to give the new image. Separate by whitespace. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | `latest`
 | labels | One or more labels to give the new image. Separate by newline. | None
+| tls-verify | Require HTTPS and verify certificates when accessing the registry. Set to `false` to skip the verification | `true`
 
 > \* The `containerfiles` input was previously `dockerfiles`. Refer to [this issue](https://github.com/redhat-actions/buildah-build/issues/57).
 
@@ -56,6 +57,8 @@ After building your image, use [push-to-registry](https://github.com/redhat-acti
 | tags | One or more tags to give the new image. Separate by whitespace. Refer to the [Image and Tag Inputs](#image-tag-inputs) section. | `latest`
 | labels | One or more labels to give the new image. Separate by newline. | None
 | workdir | The working directory to use within the container. | None
+| extra-args | Extra args to be passed to `buildah from`. Separate arguments by newline. Do not use quotes. | None
+| tls-verify | Require HTTPS and verify certificates when accessing the registry. Set to `false` to skip the verification. This will be used with `buildah from` command. | `true`
 
 <a id="image-tag-inputs"></a>
 ### Image and Tags Inputs
@@ -123,7 +126,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - name: Buildah Action
       uses: redhat-actions/buildah-build@v2
@@ -163,7 +166,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - run: mvn package
 

action.yml

@@ -74,9 +74,14 @@ inputs:
     required: false
   extra-args:
     description: |
-      Extra args to be passed to buildah bud.
+      Extra args to be passed to buildah bud and buildah from.
       Separate arguments by newline. Do not use quotes - @actions/exec will do the quoting for you.
     required: false
+  tls-verify:
+    description: |
+      Require HTTPS and verify certificates when accessing the registry. Defaults to true.
+    required: false
+    default: 'true'
 outputs:
   image:
     description: 'Name of the image built'
@@ -85,5 +90,5 @@ outputs:
   image-with-tag:
     description: 'Name of the image tagged with the first tag present'
 runs:
-  using: 'node12'
+  using: 'node20'
   main: 'dist/index.js'

package.json

@@ -1,8 +1,8 @@
 {
   "name": "buildah-build",
-  "version": "1.0.0",
+  "version": "3.0",
   "engines": {
-    "node": "12"
+    "node": "20"
   },
   "description": "Action for building OCI-compatible images using buildah",
   "repository": {
@@ -21,21 +21,21 @@
   "author": "Red Hat",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.2.6",
-    "@actions/exec": "^1.0.4",
-    "@actions/io": "^1.0.2",
-    "ini": "^2.0.0"
+    "@actions/core": "1.10.1",
+    "@actions/exec": "1.1.1",
+    "@actions/io": "1.1.3",
+    "ini": "4.1.1"
   },
   "devDependencies": {
-    "@redhat-actions/action-io-generator": "^1.5.0",
-    "@redhat-actions/eslint-config": "^1.3.2",
-    "@redhat-actions/tsconfig": "^1.1.1",
-    "@types/ini": "^1.3.30",
-    "@types/node": "^12",
-    "@typescript-eslint/eslint-plugin": "^4.28.2",
-    "@typescript-eslint/parser": "^4.28.2",
-    "@vercel/ncc": "^0.25.1",
-    "eslint": "^7.30.0",
-    "typescript": "^4.3.5"
+    "@redhat-actions/action-io-generator": "1.5.0",
+    "@redhat-actions/eslint-config": "1.3.2",
+    "@redhat-actions/tsconfig": "1.2.0",
+    "@types/ini": "1.3.31",
+    "@types/node": "^20.0",
+    "@typescript-eslint/eslint-plugin": "6.7.3",
+    "@typescript-eslint/parser": "6.7.3",
+    "@vercel/ncc": "0.38.0",
+    "eslint": "8.50.0",
+    "typescript": "5.2.2"
   }
 }

src/buildah.ts

@@ -22,9 +22,9 @@ interface Buildah {
     buildUsingDocker(
         image: string, context: string, containerFiles: string[], buildArgs: string[],
         useOCI: boolean, labels: string[], layers: string,
-        extraArgs: string[], arch?: string, platform?: string,
+        extraArgs: string[], tlsVerify: boolean, arch?: string, platform?: string,
     ): Promise<CommandResult>;
-    from(baseImage: string): Promise<CommandResult>;
+    from(baseImage: string, tlsVerify: boolean, extraArgs: string[]): Promise<CommandResult>;
     config(container: string, setting: BuildahConfigSettings): Promise<CommandResult>;
     copy(container: string, contentToCopy: string[]): Promise<CommandResult | undefined>;
     commit(container: string, newImageName: string, useOCI: boolean): Promise<CommandResult>;
@@ -66,9 +66,17 @@ export class BuildahCli implements Buildah {
     }
 
     async buildUsingDocker(
-        image: string, context: string, containerFiles: string[], buildArgs: string[],
-        useOCI: boolean, labels: string[], layers: string,
-        extraArgs: string[], arch?: string, platform?: string
+        image: string,
+        context: string,
+        containerFiles: string[],
+        buildArgs: string[],
+        useOCI: boolean,
+        labels: string[],
+        layers: string,
+        extraArgs: string[],
+        tlsVerify: boolean,
+        arch?: string,
+        platform?: string
     ): Promise<CommandResult> {
         const args: string[] = [ "bud" ];
         if (arch) {
@@ -92,6 +100,7 @@ export class BuildahCli implements Buildah {
             args.push(buildArg);
         });
         args.push(...BuildahCli.getImageFormatOption(useOCI));
+        args.push(`--tls-verify=${tlsVerify}`);
         if (layers) {
             args.push(`--layers=${layers}`);
         }
@@ -104,8 +113,14 @@ export class BuildahCli implements Buildah {
         return this.execute(args);
     }
 
-    async from(baseImage: string): Promise<CommandResult> {
-        return this.execute([ "from", baseImage ]);
+    async from(baseImage: string, tlsVerify: boolean, extraArgs: string[]): Promise<CommandResult> {
+        const args: string[] = [ "from" ];
+        args.push(`--tls-verify=${tlsVerify}`);
+        if (extraArgs.length > 0) {
+            args.push(...extraArgs);
+        }
+        args.push(baseImage);
+        return this.execute(args);
     }
 
     async copy(container: string, contentToCopy: string[], contentPath?: string): Promise<CommandResult | undefined> {
@@ -115,8 +130,9 @@ export class BuildahCli implements Buildah {
 
         core.debug("copy");
         core.debug(container);
-        for (const content of contentToCopy) {
-            const args: string[] = [ "copy", container, content ];
+        core.debug("content: " + contentToCopy.join(" "));
+        if (contentToCopy.length > 0) {
+            const args: string[] = [ "copy", container ].concat(contentToCopy);
             if (contentPath) {
                 args.push(contentPath);
             }
@@ -185,6 +201,26 @@ export class BuildahCli implements Buildah {
         core.info(`✅ Successfully built image${builtImage.length !== 1 ? "s" : ""} "${builtImage.join(", ")}"`);
     }
 
+    // Unfortunately buildah doesn't support the exists command yet
+    // https://github.com/containers/buildah/issues/4217
+
+    // async manifestExists(manifest: string): Promise<boolean> {
+    //     const args: string[] = [ "manifest", "exists" ];
+    //     args.push(manifest);
+    //     const execOptions: exec.ExecOptions = {ignoreReturnCode: true};
+    //     core.info(`Checking if manifest ${manifest} exists`);
+    //     const {exitCode} = await this.execute(args, execOptions);
+    //     return exitCode ? false : true;
+    // }
+
+    async manifestRm(manifest: string): Promise<void> {
+        const execOptions: exec.ExecOptions = { ignoreReturnCode: true };
+        const args: string[] = [ "manifest", "rm" ];
+        args.push(manifest);
+        core.info(`Removing existing manifest ${manifest}`);
+        await this.execute(args, execOptions);
+    }
+
     async manifestCreate(manifest: string): Promise<void> {
         const args: string[] = [ "manifest", "create" ];
         args.push(manifest);

src/generated/inputs-outputs.ts

@@ -62,7 +62,7 @@ export enum Inputs {
      */
     ENVS = "envs",
     /**
-     * Extra args to be passed to buildah bud.
+     * Extra args to be passed to buildah bud and buildah from.
      * Separate arguments by newline. Do not use quotes - @actions/exec will do the quoting for you.
      * Required: false
      * Default: None.
@@ -118,6 +118,12 @@ export enum Inputs {
      * Default: "latest"
      */
     TAGS = "tags",
+    /**
+     * Require HTTPS and verify certificates when accessing the registry. Defaults to true.
+     * Required: false
+     * Default: "true"
+     */
+    TLS_VERIFY = "tls-verify",
     /**
      * The working directory to use within the container
      * Required: false

src/index.ts

@@ -37,22 +37,45 @@ export async function run(): Promise<void> {
     const labels = core.getInput(Inputs.LABELS);
     const labelsList: string[] = labels ? splitByNewline(labels) : [];
 
+    const normalizedTagsList: string[] = [];
+    let isNormalized = false;
+    for (const tag of tagsList) {
+        normalizedTagsList.push(tag.toLowerCase());
+        if (tag.toLowerCase() !== tag) {
+            isNormalized = true;
+        }
+    }
+    const normalizedImage = image.toLowerCase();
+    if (isNormalized || image !== normalizedImage) {
+        core.warning(`Reference to image and/or tag must be lowercase.`
+        + ` Reference has been converted to be compliant with standard.`);
+    }
+
     // info message if user doesn't provides any tag
     if (tagsList.length === 0) {
         core.info(`Input "${Inputs.TAGS}" is not provided, using default tag "${DEFAULT_TAG}"`);
         tagsList.push(DEFAULT_TAG);
     }
 
+    const inputExtraArgsStr = core.getInput(Inputs.EXTRA_ARGS);
+    let buildahExtraArgs: string[] = [];
+    if (inputExtraArgsStr) {
+        // transform the array of lines into an array of arguments
+        // by splitting over lines, then over spaces, then trimming.
+        const lines = splitByNewline(inputExtraArgsStr);
+        buildahExtraArgs = lines.flatMap((line) => line.split(" ")).map((arg) => arg.trim());
+    }
+
     // check if all tags provided are in `image:tag` format
-    const isFullImageNameTag = isFullImageName(tagsList[0]);
-    if (tagsList.some((tag) => isFullImageName(tag) !== isFullImageNameTag)) {
+    const isFullImageNameTag = isFullImageName(normalizedTagsList[0]);
+    if (normalizedTagsList.some((tag) => isFullImageName(tag) !== isFullImageNameTag)) {
         throw new Error(`Input "${Inputs.TAGS}" cannot have a mix of full name and non full name tags. Refer to https://github.com/redhat-actions/buildah-build#image-tag-inputs`);
     }
-    if (!isFullImageNameTag && !image) {
+    if (!isFullImageNameTag && !normalizedImage) {
         throw new Error(`Input "${Inputs.IMAGE}" must be provided when not using full image name tags. Refer to https://github.com/redhat-actions/buildah-build#image-tag-inputs`);
     }
 
-    const newImage = getFullImageName(image, tagsList[0]);
+    const newImage = getFullImageName(normalizedImage, normalizedTagsList[0]);
     const useOCI = core.getInput(Inputs.OCI) === "true";
 
     const archs = getArch();
@@ -64,21 +87,33 @@ export async function run(): Promise<void> {
 
     const builtImage = [];
     if (containerFiles.length !== 0) {
-        builtImage.push(...await doBuildUsingContainerFiles(cli, newImage, workspace, containerFiles, useOCI,
-            archs, platforms, labelsList));
+        builtImage.push(...await doBuildUsingContainerFiles(
+            cli,
+            newImage,
+            workspace,
+            containerFiles,
+            useOCI,
+            archs,
+            platforms,
+            labelsList,
+            buildahExtraArgs
+        ));
     }
     else {
         if (platforms.length > 0) {
             throw new Error("The --platform option is not supported for builds without containerfiles.");
         }
-        builtImage.push(...await doBuildFromScratch(cli, newImage, useOCI, archs, labelsList));
+        builtImage.push(...await doBuildFromScratch(cli, newImage, useOCI, archs, labelsList, buildahExtraArgs));
     }
 
     if ((archs.length > 1) || (platforms.length > 1)) {
-        core.info(`Creating manifest with tag${tagsList.length !== 1 ? "s" : ""} "${tagsList.join(", ")}"`);
+        core.info(`Creating manifest with tag${normalizedTagsList.length !== 1 ? "s" : ""} `
+            + `"${normalizedTagsList.join(", ")}"`);
         const builtManifest = [];
-        for (const tag of tagsList) {
-            const manifestName = getFullImageName(image, tag);
+        for (const tag of normalizedTagsList) {
+            const manifestName = getFullImageName(normalizedImage, tag);
+            // Force-remove existing manifest to prevent errors on recurring build on the same machine
+            await cli.manifestRm(manifestName);
             await cli.manifestCreate(manifestName);
             builtManifest.push(manifestName);
 
@@ -96,21 +131,28 @@ export async function run(): Promise<void> {
         core.info(`✅ Successfully built image${builtImage.length !== 1 ? "s" : ""} "${builtImage.join(", ")}" `
             + `and manifest${builtManifest.length !== 1 ? "s" : ""} "${builtManifest.join(", ")}"`);
     }
-    else if (tagsList.length > 1) {
-        await cli.tag(image, tagsList);
+    else if (normalizedTagsList.length > 1) {
+        await cli.tag(normalizedImage, normalizedTagsList);
     }
-    else if (tagsList.length === 1) {
-        core.info(`✅ Successfully built image "${getFullImageName(image, tagsList[0])}"`);
+    else if (normalizedTagsList.length === 1) {
+        core.info(`✅ Successfully built image "${getFullImageName(normalizedImage, normalizedTagsList[0])}"`);
     }
 
-    core.setOutput(Outputs.IMAGE, image);
+    core.setOutput(Outputs.IMAGE, normalizedImage);
     core.setOutput(Outputs.TAGS, tags);
     core.setOutput(Outputs.IMAGE_WITH_TAG, newImage);
 }
 
 async function doBuildUsingContainerFiles(
-    cli: BuildahCli, newImage: string, workspace: string, containerFiles: string[], useOCI: boolean, archs: string[],
-    platforms: string[], labels: string[],
+    cli: BuildahCli,
+    newImage: string,
+    workspace: string,
+    containerFiles: string[],
+    useOCI: boolean,
+    archs: string[],
+    platforms: string[],
+    labels: string[],
+    extraArgs: string[]
 ): Promise<string[]> {
     if (containerFiles.length === 1) {
         core.info(`Performing build from Containerfile`);
@@ -123,15 +165,8 @@ async function doBuildUsingContainerFiles(
     const buildArgs = getInputList(Inputs.BUILD_ARGS);
     const containerFileAbsPaths = containerFiles.map((file) => path.join(workspace, file));
     const layers = core.getInput(Inputs.LAYERS);
+    const tlsVerify = core.getInput(Inputs.TLS_VERIFY) === "true";
 
-    const inputExtraArgsStr = core.getInput(Inputs.EXTRA_ARGS);
-    let buildahBudExtraArgs: string[] = [];
-    if (inputExtraArgsStr) {
-        // transform the array of lines into an array of arguments
-        // by splitting over lines, then over spaces, then trimming.
-        const lines = splitByNewline(inputExtraArgsStr);
-        buildahBudExtraArgs = lines.flatMap((line) => line.split(" ")).map((arg) => arg.trim());
-    }
     const builtImage = [];
     // since multi arch image can not have same tag
     // therefore, appending arch/platform in the tag
@@ -144,8 +179,16 @@ async function doBuildUsingContainerFiles(
                 tagSuffix = `-${removeIllegalCharacters(arch)}`;
             }
             await cli.buildUsingDocker(
-                `${newImage}${tagSuffix}`, context, containerFileAbsPaths, buildArgs,
-                useOCI, labels, layers, buildahBudExtraArgs, arch, undefined
+                `${newImage}${tagSuffix}`,
+                context,
+                containerFileAbsPaths,
+                buildArgs,
+                useOCI,
+                labels,
+                layers,
+                extraArgs,
+                tlsVerify,
+                arch
             );
             builtImage.push(`${newImage}${tagSuffix}`);
         }
@@ -156,8 +199,17 @@ async function doBuildUsingContainerFiles(
                 tagSuffix = `-${removeIllegalCharacters(platform)}`;
             }
             await cli.buildUsingDocker(
-                `${newImage}${tagSuffix}`, context, containerFileAbsPaths, buildArgs,
-                useOCI, labels, layers, buildahBudExtraArgs, undefined, platform
+                `${newImage}${tagSuffix}`,
+                context,
+                containerFileAbsPaths,
+                buildArgs,
+                useOCI,
+                labels,
+                layers,
+                extraArgs,
+                tlsVerify,
+                undefined,
+                platform
             );
             builtImage.push(`${newImage}${tagSuffix}`);
         }
@@ -165,15 +217,31 @@ async function doBuildUsingContainerFiles(
 
     else if (archs.length === 1 || platforms.length === 1) {
         await cli.buildUsingDocker(
-            newImage, context, containerFileAbsPaths, buildArgs,
-            useOCI, labels, layers, buildahBudExtraArgs, archs[0], platforms[0]
+            newImage,
+            context,
+            containerFileAbsPaths,
+            buildArgs,
+            useOCI,
+            labels,
+            layers,
+            extraArgs,
+            tlsVerify,
+            archs[0],
+            platforms[0]
         );
         builtImage.push(newImage);
     }
     else {
         await cli.buildUsingDocker(
-            newImage, context, containerFileAbsPaths, buildArgs,
-            useOCI, labels, layers, buildahBudExtraArgs
+            newImage,
+            context,
+            containerFileAbsPaths,
+            buildArgs,
+            useOCI,
+            labels,
+            layers,
+            extraArgs,
+            tlsVerify
         );
         builtImage.push(newImage);
     }
@@ -182,7 +250,12 @@ async function doBuildUsingContainerFiles(
 }
 
 async function doBuildFromScratch(
-    cli: BuildahCli, newImage: string, useOCI: boolean, archs: string[], labels: string[],
+    cli: BuildahCli,
+    newImage: string,
+    useOCI: boolean,
+    archs: string[],
+    labels: string[],
+    extraArgs: string[]
 ): Promise<string[]> {
     core.info(`Performing build from scratch`);
 
@@ -192,8 +265,9 @@ async function doBuildFromScratch(
     const port = core.getInput(Inputs.PORT);
     const workingDir = core.getInput(Inputs.WORKDIR);
     const envs = getInputList(Inputs.ENVS);
+    const tlsVerify = core.getInput(Inputs.TLS_VERIFY) === "true";
 
-    const container = await cli.from(baseImage);
+    const container = await cli.from(baseImage, tlsVerify, extraArgs);
     const containerId = container.output.replace("\n", "");
 
     const builtImage = [];

src/utils.ts

@@ -55,7 +55,9 @@ export async function findFuseOverlayfsPath(): Promise<string | undefined> {
         fuseOverlayfsPath = await io.which("fuse-overlayfs");
     }
     catch (err) {
-        core.debug(err);
+        if (err instanceof Error) {
+            core.debug(err.message);
+        }
     }
 
     return fuseOverlayfsPath;