[FEATURE] tags field should be a YAML list not a space separated list.

[Nicolas-Peiffer]

Is your feature request related to a problem? Please describe.

In the Github Action YAML configuration file, the tags field should be a YAML list, not a space separated list.
Indeed, YAML natively supports lists, so there is no reason to use a space separated list, other than not changing the source code which parses this YAML configuration.

Related issues:

• [FEATURE] tags field should be a YAML list not a space separated list buildah-build#146
• [FEATURE] tags field should be a YAML list not a space separated list. #101

Describe the solution you'd like

Use the list native support of YAML:

      - name: Build the container image
        id: buildah-build
        uses: redhat-actions/buildah-build@v1
        with:
          image-name: ${{ steps.set-oci-image-url.outputs.oci_image_url }}
          containerfile: ${{ env.BASE_CONTAINERFILE_NAME }}
          tags:
            - ${{ github.sha }}
            - tag1
            - tag2
            - tag3
          oci: true

instead of a space separated list:

      - name: Build the container image
        id: buildah-build
        uses: redhat-actions/buildah-build@v1
        with:
          image-name: ${{ steps.set-oci-image-url.outputs.oci_image_url }}
          containerfile: ${{ env.BASE_CONTAINERFILE_NAME }}
          tags: ${{ github.sha }} tag1 tag2 tag3
          oci: true

Describe alternatives you've considered

I have a situation where I need to tag an OCI image with a list of multiple tags which are actualy Github Action variable from other steps of my job.

Below is an example of what 13 tags in a Github Action recipe could looks like:

tags:
  - ${{ github.sha }}
  - golang-${{ steps.extract.outputs.golang_version }}
  - goreleaser-${{ steps.extract.outputs.goreleaser_version }}
  - cosign-${{ steps.extract.outputs.cosign_version }}
  - ko-${{ steps.extract.outputs.ko_version }}
  - trivy-${{ steps.extract.outputs.trivy_version }}
  - syft-${{ steps.extract.outputs.syft_version }}
  - golang-${{ steps.extract.outputs.golang_version }}-${{ steps.extract.outputs.debian_version}}
  - goreleaser-${{ steps.extract.outputs.goreleaser_version }}-${{ steps.extract.outputs.debian_version}}
  - cosign-${{ steps.extract.outputs.cosign_version }}-${{ steps.extract.outputs.debian_version}}
  - ko-${{ steps.extract.outputs.ko_version }}-${{ steps.extract.outputs.debian_version}}
  - trivy-${{ steps.extract.outputs.trivy_version }}-${{ steps.extract.outputs.debian_version}}
  - syft-${{ steps.extract.outputs.syft_version }}-${{ steps.extract.outputs.debian_version}}

With 13 tags like this, it is not convenient to maintain a space separated list.
If I take the same 13 tags above and convert this list into a single oneliner like below, this becomes unreadable and unmaintable.

golang-${{ steps.extract.outputs.golang_version }} goreleaser-${{ steps.extract.outputs.goreleaser_version }} cosign-${{ steps.extract.outputs.cosign_version }} ko-${{ steps.extract.outputs.ko_version }} trivy-${{ steps.extract.outputs.trivy_version }} syft-${{ steps.extract.outputs.syft_version }} golang-${{ steps.extract.outputs.golang_version }}-${{ steps.extract.outputs.debian_version}} goreleaser-${{ steps.extract.outputs.goreleaser_version }}-${{ steps.extract.outputs.debian_version}} cosign-${{ steps.extract.outputs.cosign_version }}-${{ steps.extract.outputs.debian_version}} ko-${{ steps.extract.outputs.ko_version }}-${{ steps.extract.outputs.debian_version}} trivy-${{ steps.extract.outputs.trivy_version }}-${{ steps.extract.outputs.debian_version}} syft-${{ steps.extract.outputs.syft_version }}-${{ steps.extract.outputs.debian_version}}

How does docker do for their own docker action?

Below is an example of how docker/metadata-action handle the tags.
They do not rely on a YAML list. However, it is easier to write tags on multilines. Check the full example here.

This below is more readable than a single oneliner.

      - name: Container metadata and tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          # image name may contain lowercase letters, digits and separators https://github.com/docker/metadata-action/tree/v5/?tab=readme-ov-file#image-name-and-tag-sanitization
          images: ${{ steps.set-oci-image-url.outputs.oci_image_url }}
          tags: |
            type=ref,event=branch
            # use tools version as tags
            type=raw,value=golang-${{ steps.extract.outputs.golang_version }}
            type=raw,value=goreleaser-${{ steps.extract.outputs.goreleaser_version }}
            type=raw,value=cosign-${{ steps.extract.outputs.cosign_version }}
            type=raw,value=ko-${{ steps.extract.outputs.ko_version }}
            type=raw,value=trivy-${{ steps.extract.outputs.trivy_version }}
            type=raw,value=syft-${{ steps.extract.outputs.syft_version }}

            type=raw,value=golang-${{ steps.extract.outputs.golang_version }}-${{ steps.extract.outputs.debian_version}}
            type=raw,value=goreleaser-${{ steps.extract.outputs.goreleaser_version }}-${{ steps.extract.outputs.debian_version}}
            type=raw,value=cosign-${{ steps.extract.outputs.cosign_version }}-${{ steps.extract.outputs.debian_version}}
            type=raw,value=ko-${{ steps.extract.outputs.ko_version }}-${{ steps.extract.outputs.debian_version}}
            type=raw,value=trivy-${{ steps.extract.outputs.trivy_version }}-${{ steps.extract.outputs.debian_version}}
            type=raw,value=syft-${{ steps.extract.outputs.syft_version }}-${{ steps.extract.outputs.debian_version}}

            # minimal (short sha)
            type=sha
            # full length sha
            type=sha,format=long

Additional context

In redhat-actions/buildah-build, there is a tags field which is a space separated list. Source:

tags: A space-separated list of the tags that were applied to the new image.

It is the same for redhat-actions/push-to-registry:

| tags | The tag or tags of the image or manifest to push. For multiple tags, separate by whitespace. Refer to [Image and Tag Inputs](https://github.com/redhat-actions/push-to-registry#image-tag-inputs). | `latest`

My motivation ?

Kaniko deprecation

The deprecation of Kaniko is a motivation to replace Kaniko with podman and buildah.

Use podman rather than docker

Why not use docker since it is available in Ubuntu actions/runner-images?

Because my workflow is using podman.

And because Podman, skopeo and Buildah are all available in Github Actio Ubuntu 24.04 image.

Why not use docker github actions like docker/metadata-action?

Because I do not want to mix Github Action that rely on the docker CLI client with Github Actions that rely on podman and buildah.