From 0f0c5bd8ea0efa5e9ba98205d19dda7dfe03bc0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Torres=20Gonz=C3=A1lez?= Date: Fri, 28 Feb 2025 09:27:45 +0100 Subject: [PATCH 1/8] Update README.md Fix wrong name of the action image --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1dd80c6..2460e58 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ jobs: uses: actions/checkout@v4 - name: Use Podman Build and Push Action - uses: frozen-tapestry/podman-build-push-action@v1 + uses: Frozen-Tapestry/container-action@v1 with: login_registry: ghcr.io login_username: ${{ secrets.REGISTRY_USERNAME }} From 7de88c59ce09b5bba2a7260db35a538aa23471f5 Mon Sep 17 00:00:00 2001 From: Foat Akhmadeev Date: Fri, 28 Feb 2025 16:18:42 +0300 Subject: [PATCH 2/8] sudo permission fix --- scripts/run.sh | 52 +++++++++++++++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 18 deletions(-) diff --git a/scripts/run.sh b/scripts/run.sh index 680a003..7d193de 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -13,12 +13,23 @@ PODMAN_USER="podman" chown $PODMAN_USER:$PODMAN_USER /home/$PODMAN_USER/auth chown $PODMAN_USER:$PODMAN_USER /home/$PODMAN_USER/.local/share/containers/storage +run_cmd() { + local build_cmd=("$@") + cmd=$(printf "%q\t" "${build_cmd[@]}") + echo "Running: $cmd" + su "$PODMAN_USER" -c "$cmd" +} + ### LOGIN if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then - sudo -u $PODMAN_USER podman login \ - --storage-driver=overlay \ - --authfile="$REGISTRY_AUTH_FILE" \ - "$REGISTRY" -u "$USERNAME" -p "$PASSWORD" + build_cmd=(podman login + --storage-driver=overlay + --authfile="$REGISTRY_AUTH_FILE" + "$REGISTRY" + -username="$USERNAME" + --password="$PASSWORD" + ) + run_cmd "${build_cmd[@]}" fi generate_args() { @@ -50,26 +61,31 @@ if [[ -n "$DOCKERFILE" ]]; then EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "") echo "Extra args: $EXTRA_ARGS" - sudo -u $PODMAN_USER podman build --platform="linux/amd64" \ - --storage-driver=overlay \ - --authfile="$REGISTRY_AUTH_FILE" \ - --pull=true \ - --label image.created="$CREATED" \ - --label image.revision="$REVISION" \ - --label image.source="$SOURCE" \ - $TAGS \ - $LABELS \ - $BUILD_ARGS \ - $EXTRA_ARGS \ - -f "$DOCKERFILE" \ + build_cmd=(podman build + --platform="linux/amd64" + --storage-driver=overlay + --authfile="$REGISTRY_AUTH_FILE" + --pull=true + --label=image.created="$CREATED" + --label=image.revision="$REVISION" + --label=image.source="$SOURCE" + $TAGS + $LABELS + $BUILD_ARGS + $EXTRA_ARGS + --file="$DOCKERFILE" . + ) + run_cmd "${build_cmd[@]}" fi if [[ -n "$PUSH" && "$PUSH" == "true" ]]; then TAGS=$(generate_args "$ACTION_TAGS" "") echo "Tags: $TAGS" - sudo -u $PODMAN_USER podman push \ - --storage-driver=overlay \ + build_cmd=(podman push + --storage-driver=overlay --authfile="$REGISTRY_AUTH_FILE" $TAGS + ) + run_cmd "${build_cmd[@]}" fi \ No newline at end of file From 1510e5208d1fa4ac2e153ad7d069661c98d4b1ad Mon Sep 17 00:00:00 2001 From: Foat Akhmadeev Date: Fri, 28 Feb 2025 16:38:44 +0300 Subject: [PATCH 3/8] readme and release updates --- .github/pull_request_template.md | 3 +++ README.md | 4 ++++ RELEASES.md | 7 ++++++- 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..34c785a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,3 @@ +### Base branch for this PR + +Please target the `develop` branch for this Pull Request. \ No newline at end of file diff --git a/README.md b/README.md index 2460e58..26b63d5 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,10 @@ jobs: login_password: ${{ secrets.REGISTRY_PASSWORD }} tags: ghcr.io/your-namespace/your-image:latest dockerfile: path/to/Dockerfile + # Use those security flags if using GitHub Action. Keep the defaults, if using Gitea. + security: | + --security-opt=seccomp=unconfined + --security-opt=apparmor=unconfined push: true ``` diff --git a/RELEASES.md b/RELEASES.md index bbb5869..d21e916 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -2,4 +2,9 @@ ### v1.0.0 -- Initial release \ No newline at end of file +- Initial release + +### v1.1.0 + +- Permission error fix +- Readme updates \ No newline at end of file From f736377de1608f73bf51852b9c04ae05abea1365 Mon Sep 17 00:00:00 2001 From: Foat Akhmadeev Date: Fri, 28 Feb 2025 17:03:47 +0300 Subject: [PATCH 4/8] uname hotfix --- scripts/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/run.sh b/scripts/run.sh index 7d193de..fb52223 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -26,7 +26,7 @@ if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then --storage-driver=overlay --authfile="$REGISTRY_AUTH_FILE" "$REGISTRY" - -username="$USERNAME" + --username="$USERNAME" --password="$PASSWORD" ) run_cmd "${build_cmd[@]}" From 2ad594c59129d2370d3d6131cfb535d68f33b573 Mon Sep 17 00:00:00 2001 From: Foat Akhmadeev Date: Wed, 19 Mar 2025 20:38:18 +0300 Subject: [PATCH 5/8] escaped spaces update --- .github/workflows/verify.yml | 9 +++++++-- action.yml | 2 +- scripts/run.sh | 32 +++++++++++++++++++++++--------- 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 56e9623..05fa15c 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -25,7 +25,11 @@ jobs: ARG MY_ENV_VAR2 ENV MY_ENV_VAR=$MY_ENV_VAR ENV MY_ENV_VAR2=$MY_ENV_VAR2 - CMD ["sh", "-c", "echo Result: $MY_ENV_VAR $MY_ENV_VAR2"]' > Dockerfile + ARG EXTRA_ENV_VAR + ARG EXTRA_ENV_VAR2 + ENV EXTRA_ENV_VAR=$EXTRA_ENV_VAR + ENV EXTRA_ENV_VAR2=$EXTRA_ENV_VAR2 + CMD ["sh", "-c", "echo Result: $MY_ENV_VAR $MY_ENV_VAR2 ~$EXTRA_ENV_VAR~ ~$EXTRA_ENV_VAR2~"]' > Dockerfile cat Dockerfile - name: Use Build and Push action uses: ./ @@ -36,6 +40,7 @@ jobs: tags: ghcr.io/frozen-tapestry/podman-action-verify:latest dockerfile: Dockerfile build_args: MY_ENV_VAR=Test MY_ENV_VAR2=Test2 + extra_args: --build-arg EXTRA_ENV_VAR="Extra\ env\ 1" --build-arg=EXTRA_ENV_VAR2=Extra\ env\ 2 security: | --security-opt=seccomp=unconfined --security-opt=apparmor=unconfined @@ -46,7 +51,7 @@ jobs: OUTPUT=$(docker run --rm ghcr.io/frozen-tapestry/podman-action-verify:latest) echo "Container Output: $OUTPUT" - if [ "$OUTPUT" != "Result: Test Test2" ]; then + if [ "$OUTPUT" != "Result: Test Test2 ~\"Extra env 1\"~ ~Extra env 2~" ]; then echo "Output does not match expected string" exit 1 fi \ No newline at end of file diff --git a/action.yml b/action.yml index d65ef38..d17a570 100644 --- a/action.yml +++ b/action.yml @@ -31,7 +31,7 @@ inputs: extra_args: description: | Extra args to be passed to podman. Space-separated. e.g. - -e=MY_ENV=Test -e=MY_ENV=Test2 + -e=MY_ENV=Test -e=MY_ENV=Test2 -e MY_ENV="Var\ with\ spaces" required: false dockerfile: description: Path to the Dockerfile. If set, build step is performed. diff --git a/scripts/run.sh b/scripts/run.sh index fb52223..195fcf5 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -32,16 +32,29 @@ if [[ -n "$REGISTRY" && -n "$USERNAME" && -n "$PASSWORD" ]]; then run_cmd "${build_cmd[@]}" fi +# Function that splits on unescaped spaces (but not on escaped ones) +# and outputs each processed token on a new line. generate_args() { local input_args="$1" local prefix="$2" - local output="" + local output=() + local placeholder="__ESCAPED_SPACE__" if [[ -n "$input_args" ]]; then - output="$(echo "$input_args" | tr -s ' ' '\n' | sed "s/[^ ]* */$prefix&/g")" + # Replace escaped spaces (\ ) with a unique placeholder. + local temp="${input_args//\\ /$placeholder}" + # Split on spaces (escaped ones are now hidden). + IFS=' ' read -r -a parts <<< "$temp" + for part in "${parts[@]}"; do + # Skip any empty parts. + [[ -z "$part" ]] && continue + # Restore escaped spaces. + part="${part//$placeholder/ }" + output+=("$prefix$part") + done fi - echo "$output" + printf "%s\n" "${output[@]}" } ### BUILD @@ -53,13 +66,13 @@ if [[ -n "$DOCKERFILE" ]]; then echo "Main labels: $CREATED $REVISION $SOURCE" TAGS=$(generate_args "$ACTION_TAGS" "-t=") - echo "Tags: $TAGS" + echo "Tags: ${TAGS[@]}" LABELS=$(generate_args "$ACTION_LABELS" "--label=") - echo "Labels: $LABELS" + echo "Labels: ${LABELS[@]}" BUILD_ARGS=$(generate_args "$ACTION_BUILD_ARGS" "--build-arg=") - echo "Build args: $BUILD_ARGS" + echo "Build args: ${BUILD_ARGS[@]}" EXTRA_ARGS=$(generate_args "$ACTION_EXTRA_ARGS" "") - echo "Extra args: $EXTRA_ARGS" + echo "Extra args: ${EXTRA_ARGS[@]}" build_cmd=(podman build --platform="linux/amd64" @@ -81,11 +94,12 @@ fi if [[ -n "$PUSH" && "$PUSH" == "true" ]]; then TAGS=$(generate_args "$ACTION_TAGS" "") - echo "Tags: $TAGS" + echo "Tags: ${TAGS[@]}" build_cmd=(podman push --storage-driver=overlay - --authfile="$REGISTRY_AUTH_FILE" $TAGS + --authfile="$REGISTRY_AUTH_FILE" + $TAGS ) run_cmd "${build_cmd[@]}" fi \ No newline at end of file From 1a5b0ee26da2837d6179b9f030faea3ec677768c Mon Sep 17 00:00:00 2001 From: Foat Akhmadeev Date: Wed, 19 Mar 2025 20:45:32 +0300 Subject: [PATCH 6/8] upd releases --- RELEASES.md | 6 +++++- action.yml | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index d21e916..120fd4c 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -7,4 +7,8 @@ ### v1.1.0 - Permission error fix -- Readme updates \ No newline at end of file +- Readme updates + +### v1.2.0 + +- Added support for escaped spaces \ No newline at end of file diff --git a/action.yml b/action.yml index d17a570..2ff6f38 100644 --- a/action.yml +++ b/action.yml @@ -25,13 +25,13 @@ inputs: required: false build_args: description: | - Optional build arguments. Space-separated. e.g. + Optional build arguments. Space-separated, escape space if used within single arg. e.g. MY_ENV_VAR=Test MY_ENV_VAR2=Test2 required: false extra_args: description: | - Extra args to be passed to podman. Space-separated. e.g. - -e=MY_ENV=Test -e=MY_ENV=Test2 -e MY_ENV="Var\ with\ spaces" + Extra args to be passed to podman. Space-separated, escape space if used within single arg. e.g. + -e=MY_ENV=Test -e=MY_ENV=Test2 -e MY_ENV=Var\ with\ spaces required: false dockerfile: description: Path to the Dockerfile. If set, build step is performed. From 61452555f62b96b325e8ccde94db62dc63b3e0ee Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 18 Jun 2025 10:16:57 +0200 Subject: [PATCH 7/8] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 2ff6f38..9a58b1d 100644 --- a/action.yml +++ b/action.yml @@ -49,7 +49,7 @@ runs: using: composite steps: - name: Run container steps - uses: frozen-tapestry/docker-run-action@v6 + uses: https://git.zio.sh/astra/docker-run-action@v6 with: image: quay.io/podman/stable:latest mount_ws: true From efce8b07677a79bc8b162ba4885c5959d08464b3 Mon Sep 17 00:00:00 2001 From: Astra Date: Wed, 18 Jun 2025 10:21:27 +0200 Subject: [PATCH 8/8] Update action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 9a58b1d..ce0ceaf 100644 --- a/action.yml +++ b/action.yml @@ -49,7 +49,7 @@ runs: using: composite steps: - name: Run container steps - uses: https://git.zio.sh/astra/docker-run-action@v6 + uses: https://git.zio.sh/astra/docker-run-action@bc0813212cba1c029615a08be520b15613988af3 with: image: quay.io/podman/stable:latest mount_ws: true