diff --git a/README.md b/README.md index b4b6447ab292e462dda25ecb45e7a8f9b625c513..d73d94ee40b2975e5651511a7db1f83386e7c79c 100644 --- a/README.md +++ b/README.md @@ -200,10 +200,11 @@ This job builds the image and publishes it to the _snapshot_ repository. It is bound to the `package-build` stage, and uses the following variables: -| Name | description | default value | -| ------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------- | -| `DOCKER_BUILD_ARGS` | Additional `docker build`/`kaniko` arguments | _(none)_ | -| `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) | _(none)_ | +| Name | description | default value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `DOCKER_BUILD_ARGS` | Additional `docker build`/`kaniko` arguments | _(none)_ | +| `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) | _(none)_ | +| `DOCKER_METADATA` | Additional `docker build`/`kaniko` arguments to set label | OCI Image Format Specification | This job produces an _output variable_ that is propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)): @@ -230,6 +231,27 @@ LABEL name="my-project" \ maintainer="my-project@acme.com" ``` +Default value for `DOCKER_METADATA` supports a subset of the [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md) for labels and use [GitLab CI pre-defined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) to guess the value as follow : + +| Label | Gitlab CI pre-defined variable | +| ----------------------------------- | ------------------------------ | +| `org.opencontainers.image.url` | `$CI_PROJECT_URL` | +| `org.opencontainers.image.source` | `$CI_PROJECT_URL` | +| `org.opencontainers.image.title` | `$CI_PROJECT_PATH` | +| `org.opencontainers.image.ref.name` | `$CI_COMMIT_REF_NAME` | +| `org.opencontainers.image.revision` | `$CI_COMMIT_SHA` | +| `org.opencontainers.image.created` | `$CI_JOB_STARTED_AT` | + +Note that spaces are currently not supported by Kaniko. Therefore, title couldn't be `CI_PROJECT_TITLE`. + +You may disable this feature by setting `DOCKER_METADATA` to empty or you can override some of the pre-defined label value with the `DOCKER_BUILD_ARGS`. + +```yaml +DOCKER_BUILD_ARGS: "--label org.opencontainers.image.title=my-project" +``` + +If you have defined one of those labels in the Dockerfile, the final value will depend if image is built with Kaniko or Docker in Docker. With Kaniko, the value of the Dockerfile take precedence, while with DinD command-line argument take precedence. + ### `docker-healthcheck` job :warning: this job requires that your runner has required privileges to run [Docker-in-Docker](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-workflow-with-docker-executor). diff --git a/kicker.json b/kicker.json index 544b86d1736420320baae6f9f3eb5c91600fdcf0..df1803c11e135e38926c5e2dfcb046988ab7a96b 100644 --- a/kicker.json +++ b/kicker.json @@ -48,6 +48,12 @@ "name": "DOCKER_BUILD_ARGS", "description": "Additional docker build/kaniko arguments" }, + { + "name": "DOCKER_METADATA", + "description": "Additional docker build/kaniko arguments to set labels", + "default": "--label org.opencontainers.image.url=${CI_PROJECT_URL} --label org.opencontainers.image.source=${CI_PROJECT_URL} --label org.opencontainers.image.title=${CI_PROJECT_PATH} --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} --label org.opencontainers.image.revision=${CI_COMMIT_SHA} --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}", + "advanced": true + }, { "name": "DOCKER_PUBLISH_ARGS", "description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)" diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 6ac8324f136c8ad9c7057a87fa3d1f56702d8c9e..fb970685f6078eecbcfe546f237a71153e2b40b1 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -46,6 +46,14 @@ variables: # default integration ref name (pattern) INTEG_REF: '/^develop$/' + # don't use CI_PROJECT_TITLE, kaniko doesn't support space in argument right now (https://github.com/GoogleContainerTools/kaniko/issues/1231) + DOCKER_METADATA: >- + --label org.opencontainers.image.url=${CI_PROJECT_URL} + --label org.opencontainers.image.source=${CI_PROJECT_URL} + --label org.opencontainers.image.title=${CI_PROJECT_PATH} + --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} + --label org.opencontainers.image.revision=${CI_COMMIT_SHA} + --label org.opencontainers.image.created=${CI_JOB_STARTED_AT} # ================================================== # Stages definition @@ -345,9 +353,9 @@ stages: kaniko_registry_mirror_option="--registry-mirror $(echo ${DOCKER_REGISTRY_MIRROR} | sed "s|^https*://||")" fi log_info "Build & deploy image $docker_image" - log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_BUILD_ARGS $*" + log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS $*" # shellcheck disable=SC2086 - /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_BUILD_ARGS "$@" + /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@" } function get_latest_template_version() { @@ -509,7 +517,7 @@ docker-dind-build: script: - docker pull $DOCKER_SNAPSHOT_IMAGE || true # Build using cache if exist - - docker build --file "$DOCKER_FILE" --cache-from $DOCKER_SNAPSHOT_IMAGE --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_BUILD_ARGS "$(docker_context_path)" + - docker build --file "$DOCKER_FILE" --cache-from $DOCKER_SNAPSHOT_IMAGE --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)" - docker push $DOCKER_SNAPSHOT_IMAGE # Display the size of each layer - docker history $DOCKER_SNAPSHOT_IMAGE