Merge remote-tracking branch 'upstream/master'

# Conflicts:
#	.gitlab-ci.yml
#	CHANGELOG.md
#	README.md
#	kicker.json

.gitlab-ci.yml

+# variables in the GitLab CI/CD variables:
+  #   GITLAB_TOKEN to support the semantic-release
+  #   DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
+  #   TMPL_RELEASE_ENABLED to enable the semantic-release job
+  #   TBC_NAMESPACE: smartdatalab/public/ci-cd-components
+
 include:
-  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/extract@master
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
     inputs:
       extract-script-job-tags: ["docker"]
-  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/validation@master
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
     inputs:
       check-links-job-tags: ["docker"]
       tbc-check-job-tags: ["docker"]
       tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master
       gitlab-ci-lint-job-tags: ["docker"]
-  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/kicker/validation@master
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
     inputs:
       kicker-validation-job-tags: ["docker"]
       schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
-  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/bash/gitlab-ci-bash@master
+      yajsv-image: "cicd-docker-dev.artifact.tecnalia.com/yajsv:latest"
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
     inputs:
       bash-shellcheck-job-tags: ["docker"]
-  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/semantic-release/gitlab-ci-semrel@master
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
     inputs:
       semantic-release-job-tags: ["docker"]
-  - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitleaks/gitlab-ci-gitleaks@master
+  - component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitleaks/gitlab-ci-gitleaks@master
     inputs:
       gitleaks-job-tags: ["docker"]
 

.gitleaksignore

-a64568eb3639a163cb0f387257017209a85869d7:README.md:generic-api-key:181
\ No newline at end of file
+README.md:generic-api-key:181
+README.md:generic-api-key:202
\ No newline at end of file

CHANGELOG.md

-# [5.11.0](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/compare/5.10.3...5.11.0) (2024-07-26)
 
 
-### Features
+## [5.11.1](https://gitlab.com/to-be-continuous/docker/compare/5.11.0...5.11.1) (2024-08-13)
+
+
+### Bug Fixes
 
-* display tools' version ([9fa5118](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/commit/9fa51183755b94e02af9a3151eccc5ba9be75b15))
+* **build:** support metadata labels and build command arguments containing spaces ([ac391c3](https://gitlab.com/to-be-continuous/docker/commit/ac391c3aa1b7811abddeef0e68a2916669687036))
 
 # [5.11.0](https://gitlab.com/to-be-continuous/docker/compare/5.10.3...5.11.0) (2024-07-05)
 

kicker.json

@@ -77,12 +77,12 @@
     },
     {
       "name": "DOCKER_BUILD_ARGS",
-      "description": "Additional docker/kaniko/buildah build arguments"
+      "description": "Additional docker/kaniko/buildah build arguments.\n\n_If values contain spaces, ensure any required quote are correctly escaped when needed (not supported for Kaniko)_"
     },
     {
       "name": "DOCKER_METADATA",
-      "description": "Additional metadata to set as labels",
-      "default": "--label org.opencontainers.image.url=${CI_PROJECT_URL} --label org.opencontainers.image.source=${CI_PROJECT_URL} --label org.opencontainers.image.title=${CI_PROJECT_PATH} --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} --label org.opencontainers.image.revision=${CI_COMMIT_SHA} --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}",
+      "description": "Additional metadata to set as labels.\n\nIf values contain spaces, ensure any required quote are correctly escaped when needed (not supported for Kaniko)_",
+      "default": "--label \"org.opencontainers.image.url=${CI_PROJECT_URL}\" --label \"org.opencontainers.image.source=${CI_PROJECT_URL}\" --label \"org.opencontainers.image.title=${CI_PROJECT_PATH}\" --label \"org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}\" --label \"org.opencontainers.image.revision=${CI_COMMIT_SHA}\" --label \"org.opencontainers.image.created=${CI_JOB_STARTED_AT}\"",
       "advanced": true
     },
     {
@@ -148,6 +148,11 @@
       "type": "array",
       "default": [],
       "advanced": true
+    },
+    {
+      "name": "DOCKER_PUSH_ARGS",
+      "description": "Additional docker/buildah `push` arguments (executed right after `build`).\n\nEx: `--compression-format zstd --compression-level 20`",
+      "advanced": true
     }
   ],
   "features": [

templates/gitlab-ci-docker-ecr.yml

@@ -45,7 +45,7 @@ variables:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "5.11.0"]
+      command: ["--service", "docker", "5.12.0"]
     - name: "$TBC_AWS_PROVIDER_IMAGE"
       alias: "aws-auth-provider"
   id_tokens:

templates/gitlab-ci-docker-gcp.yml

@@ -44,7 +44,7 @@ variables:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "5.11.0"]
+      command: ["--service", "docker", "5.12.0"]
     - name: "$TBC_GCP_PROVIDER_IMAGE"
       alias: "gcp-auth-provider"
   variables:

templates/gitlab-ci-docker-vault.yml

@@ -22,7 +22,7 @@ variables:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "5.11.0"]
+      command: ["--service", "docker", "5.12.0"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:

templates/gitlab-ci-docker.yml

@@ -79,6 +79,9 @@ spec:
     build-args:
       description: Additional docker/kaniko/buildah build arguments
       default: ''
+    push-args:
+      description: Additional docker/buildah `push` arguments (executed right after `build`)
+      default: ''
     build-cache-disabled:
       description: Disable the build cache
       type: boolean
@@ -86,12 +89,12 @@ spec:
     metadata:
       description: Additional metadata to set as labels
       default: >-
-        --label org.opencontainers.image.url=${CI_PROJECT_URL}
-        --label org.opencontainers.image.source=${CI_PROJECT_URL}
-        --label org.opencontainers.image.title=${CI_PROJECT_PATH}
-        --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}
-        --label org.opencontainers.image.revision=${CI_COMMIT_SHA}
-        --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}
+        --label "org.opencontainers.image.url=${CI_PROJECT_URL}"
+        --label "org.opencontainers.image.source=${CI_PROJECT_URL}"
+        --label "org.opencontainers.image.title=${CI_PROJECT_PATH}"
+        --label "org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"
+        --label "org.opencontainers.image.revision=${CI_COMMIT_SHA}"
+        --label "org.opencontainers.image.created=${CI_JOB_STARTED_AT}"
     publish-args:
       description: Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)
       default: ''
@@ -318,6 +321,7 @@ variables:
   DOCKER_REGISTRY_MIRROR: $[[ inputs.registry-mirror ]]
   CONTAINER_REGISTRIES_CONFIG_FILE: $[[ inputs.container-registries-config-file ]]
   KANIKO_SNAPSHOT_IMAGE_CACHE: $[[ inputs.kaniko-snapshot-image-cache ]]
+  DOCKER_PUSH_ARGS: $[[ inputs.push-args ]]
   DOCKER_HADOLINT_DISABLED: $[[ inputs.hadolint-disabled ]]
   DOCKER_HADOLINT_ARGS: $[[ inputs.hadolint-args ]]
   DOCKER_HEALTHCHECK_DISABLED: $[[ inputs.healthcheck-disabled ]]
@@ -650,9 +654,9 @@ stages:
       kaniko_registry_mirror_option="--registry-mirror $(echo ${DOCKER_REGISTRY_MIRROR} | sed "s|^https*://||")"
     fi
     log_info "Build & deploy image $docker_image"
-    log_info "Kaniko command: /kaniko/executor ${TRACE+--verbosity debug} --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image ${kaniko_cache_args} $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS $*"
+    log_info "Kaniko command: echo $DOCKER_METADATA $DOCKER_BUILD_ARGS $* | xargs /kaniko/executor ${TRACE+--verbosity debug} --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image ${kaniko_cache_args} $kaniko_registry_mirror_option"
     # shellcheck disable=SC2086
-    /kaniko/executor ${TRACE+--verbosity debug} --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" ${kaniko_cache_args} $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@"
+    echo $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@" | xargs /kaniko/executor ${TRACE+--verbosity debug} --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" ${kaniko_cache_args} $kaniko_registry_mirror_option
   }
 
   # Used by containers tools like buildah, skopeo.
@@ -697,7 +701,7 @@ stages:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "5.11.0"]
+      command: ["--service", "docker", "5.12.0"]
   before_script:
     - !reference [.docker-scripts]
 
@@ -733,7 +737,7 @@ stages:
     _TRACE: "${TRACE}"
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "5.11.0"]
+      command: ["--service", "docker", "5.12.0"]
     - name: $DOCKER_DIND_IMAGE
       alias: docker
       command:
@@ -834,8 +838,8 @@ docker-dind-build:
         log_info "Build cache enabled; CLI options: ${dind_cache_args}"
       fi
     # Build using cache if exist
-    - docker build --file "$DOCKER_FILE" ${dind_cache_args} --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
-    - docker push $DOCKER_SNAPSHOT_IMAGE
+    - echo $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)" | xargs docker build --file "$DOCKER_FILE" ${dind_cache_args} --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy"
+    - docker push $DOCKER_PUSH_ARGS $DOCKER_SNAPSHOT_IMAGE
     # Display the size of each layer
     - docker history $DOCKER_SNAPSHOT_IMAGE
     # Display the total size of the image
@@ -878,8 +882,8 @@ docker-buildah-build:
       log_info "Buildah version:"
       buildah version
     # build and push image
-    - buildah build --file "$DOCKER_FILE" --tag $DOCKER_SNAPSHOT_IMAGE $buildah_cache_args --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
-    - buildah push --digestfile .img-digest.txt "$DOCKER_SNAPSHOT_IMAGE"
+    - echo $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)" | xargs buildah build --file "$DOCKER_FILE" --tag $DOCKER_SNAPSHOT_IMAGE $buildah_cache_args --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy"
+    - buildah push --digestfile .img-digest.txt $DOCKER_PUSH_ARGS "$DOCKER_SNAPSHOT_IMAGE"
     # display digest of the resulting image
     - cat .img-digest.txt
     # create dotenv file