feat: add configurable metadata variable with OCI recommended labels

d3630f93 · Sébastien CROCQUESEL · Pierre Smeyers · 893a00c5 · d3630f93 · d3630f93
Commit d3630f93 authored 3 years ago by Sébastien CROCQUESEL Committed by Pierre Smeyers 3 years ago
--- a/README.md
+++ b/README.md
@@ -200,10 +200,11 @@ This job builds the image and publishes it to the _snapshot_ repository.

 It is bound to the `package-build` stage, and uses the following variables:

-| Name                     | description                                                                                                   | default value     |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------- |
-| `DOCKER_BUILD_ARGS`      | Additional `docker build`/`kaniko` arguments                                                                  | _(none)_          |
-| `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`)  | _(none)_          |
+| Name                            | description                                                                                                   | default value                  |
+| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| `DOCKER_BUILD_ARGS`             | Additional `docker build`/`kaniko` arguments                                                                  | _(none)_                       |
+| `DOCKER_REGISTRY_MIRROR`        | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`)  | _(none)_                       |
+| `DOCKER_METADATA` | Additional `docker build`/`kaniko` arguments to set label                                                     | OCI Image Format Specification |

 This job produces an _output variable_ that is propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)):

@@ -230,6 +231,27 @@ LABEL name="my-project"                   \
      maintainer="my-project@acme.com"
 ```

+Default value for `DOCKER_METADATA` supports a subset of the [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md) for labels and use [GitLab CI pre-defined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) to guess the value as follow :
+
+| Label                               | Gitlab CI pre-defined variable |
+| ----------------------------------- | ------------------------------ |
+| `org.opencontainers.image.url`      | `$CI_PROJECT_URL`              |
+| `org.opencontainers.image.source`   | `$CI_PROJECT_URL`              |
+| `org.opencontainers.image.title`    | `$CI_PROJECT_PATH`             |
+| `org.opencontainers.image.ref.name` | `$CI_COMMIT_REF_NAME`          |
+| `org.opencontainers.image.revision` | `$CI_COMMIT_SHA`               |
+| `org.opencontainers.image.created`  | `$CI_JOB_STARTED_AT`           |
+
+Note that spaces are currently not supported by Kaniko. Therefore, title couldn't be `CI_PROJECT_TITLE`.
+
+You may disable this feature by setting `DOCKER_METADATA` to empty or you can override some of the pre-defined label value with the `DOCKER_BUILD_ARGS`.
+
+```yaml
+DOCKER_BUILD_ARGS: "--label org.opencontainers.image.title=my-project"
+```
+
+If you have defined one of those labels in the Dockerfile, the final value will depend if image is built with Kaniko or Docker in Docker. With Kaniko, the value of the Dockerfile take precedence, while with DinD command-line argument take precedence.
+
 ### `docker-healthcheck` job

 :warning: this job requires that your runner has required privileges to run [Docker-in-Docker](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-workflow-with-docker-executor).

--- a/kicker.json
+++ b/kicker.json
@@ -48,6 +48,12 @@
      "name": "DOCKER_BUILD_ARGS",
      "description": "Additional docker build/kaniko arguments"
    },
+    {
+      "name": "DOCKER_METADATA",
+      "description": "Additional docker build/kaniko arguments to set labels",
+      "default": "--label org.opencontainers.image.url=${CI_PROJECT_URL} --label org.opencontainers.image.source=${CI_PROJECT_URL} --label org.opencontainers.image.title=${CI_PROJECT_PATH} --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} --label org.opencontainers.image.revision=${CI_COMMIT_SHA} --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}",
+      "advanced": true
+    },
    {
      "name": "DOCKER_PUBLISH_ARGS",
      "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -46,6 +46,14 @@ variables:
  # default integration ref name (pattern)
  INTEG_REF: '/^develop$/'

+  # don't use CI_PROJECT_TITLE, kaniko doesn't support space in argument right now (https://github.com/GoogleContainerTools/kaniko/issues/1231)
+  DOCKER_METADATA: >-
+    --label org.opencontainers.image.url=${CI_PROJECT_URL}
+    --label org.opencontainers.image.source=${CI_PROJECT_URL}
+    --label org.opencontainers.image.title=${CI_PROJECT_PATH}
+    --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}
+    --label org.opencontainers.image.revision=${CI_COMMIT_SHA}
+    --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}

 # ==================================================
 # Stages definition
@@ -345,9 +353,9 @@ stages:
      kaniko_registry_mirror_option="--registry-mirror $(echo ${DOCKER_REGISTRY_MIRROR} | sed "s|^https*://||")"
    fi
    log_info "Build & deploy image $docker_image"
-    log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_BUILD_ARGS $*"
+    log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS $*"
    # shellcheck disable=SC2086
-    /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_BUILD_ARGS "$@"
+    /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@"
  }

  function get_latest_template_version() {
@@ -509,7 +517,7 @@ docker-dind-build:
  script:
    - docker pull $DOCKER_SNAPSHOT_IMAGE || true
    # Build using cache if exist
-    - docker build --file "$DOCKER_FILE" --cache-from $DOCKER_SNAPSHOT_IMAGE --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_BUILD_ARGS "$(docker_context_path)"
+    - docker build --file "$DOCKER_FILE" --cache-from $DOCKER_SNAPSHOT_IMAGE --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
    - docker push $DOCKER_SNAPSHOT_IMAGE
    # Display the size of each layer
    - docker history $DOCKER_SNAPSHOT_IMAGE