From 0f1e1e5494dd4b592ccfb08621486fec10c42ea8 Mon Sep 17 00:00:00 2001 From: Maximilian Irro Date: Thu, 26 Sep 2024 20:24:13 +0200 Subject: [PATCH] Add OpenContainer Image Format Annotations as Labels to Docker Image --- .github/workflows/ci.yaml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2408eab7e..9860613f8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -46,6 +46,11 @@ jobs: go-version-file: go.mod - name: "[preparation] set up qemu" uses: docker/setup-qemu-action@v3.0.0 + - name: '[preparation] extract docker metadata' + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: ${DOCKER_HUB_REPO} - name: "[preparation] set up docker context for buildx" run: docker context create builders - name: "[preparation] set up docker buildx" @@ -75,6 +80,14 @@ jobs: fi echo "CONTAINER_IMAGE_TAG=${CONTAINER_IMAGE_TAG}-${{ matrix.config.platform }}${{ matrix.config.version }}-${{ matrix.config.arch }}" >> $GITHUB_ENV + - name: "[preparation] set the container image labels" + run: | + CONTAINER_IMAGE_LABELS=() + while read -r label; do + CONTAINER_IMAGE_LABELS+=(--label "${label}") + done <<<"${DOCKER_METADATA_OUTPUT_LABELS}" + + echo "CONTAINER_IMAGE_LABELS=${CONTAINER_IMAGE_LABELS}" >> $GITHUB_ENV - name: "[execution] build linux & windows agent binaries" run: | mkdir -p dist/ @@ -84,13 +97,14 @@ jobs: - name: "[execution] build and push docker images" run: | if [ "${{ matrix.config.platform }}" == "windows" ]; then - docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} --build-arg OSVERSION=${{ matrix.config.version }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile . + docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} "${CONTAINER_IMAGE_LABELS[@]}" --build-arg OSVERSION=${{ matrix.config.version }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile . else - docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile . - docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" -f build/${{ matrix.config.platform }}/alpine.Dockerfile . + docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} "${CONTAINER_IMAGE_LABELS[@]}" -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile . + docker buildx build --output=type=registry --attest type=provenance,mode=max --attest type=sbom,disabled=false --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} "${CONTAINER_IMAGE_LABELS[@]}" -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" -f build/${{ matrix.config.platform }}/alpine.Dockerfile . fi env: CONTAINER_IMAGE_TAG: ${{ env.CONTAINER_IMAGE_TAG }} + CONTAINER_IMAGE_LABELS: ${{ env.CONTAINER_IMAGE_LABELS }} build_manifests: runs-on: ubuntu-latest needs: [build_images]