From d3630f9356ba3c9934f972ca728f562e3d015019 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20CROCQUESEL?=
<8662854-scrocquesel@users.noreply.gitlab.com>
Date: Wed, 24 Nov 2021 10:45:58 +0000
Subject: [PATCH] feat: add configurable metadata variable with OCI recommended
labels
---
README.md | 30 ++++++++++++++++++++++++++----
kicker.json | 6 ++++++
templates/gitlab-ci-docker.yml | 14 +++++++++++---
3 files changed, 43 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index b4b6447..d73d94e 100644
--- a/README.md
+++ b/README.md
@@ -200,10 +200,11 @@ This job builds the image and publishes it to the _snapshot_ repository.
It is bound to the `package-build` stage, and uses the following variables:
-| Name | description | default value |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------- | ----------------- |
-| `DOCKER_BUILD_ARGS` | Additional `docker build`/`kaniko` arguments | _(none)_ |
-| `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) | _(none)_ |
+| Name | description | default value |
+| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| `DOCKER_BUILD_ARGS` | Additional `docker build`/`kaniko` arguments | _(none)_ |
+| `DOCKER_REGISTRY_MIRROR` | URL of a Docker registry mirror to use during the image build (instead of default `https://index.docker.io`) | _(none)_ |
+| `DOCKER_METADATA` | Additional `docker build`/`kaniko` arguments to set label | OCI Image Format Specification |
This job produces an _output variable_ that is propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)):
@@ -230,6 +231,27 @@ LABEL name="my-project" \
maintainer="my-project@acme.com"
```
+Default value for `DOCKER_METADATA` supports a subset of the [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md) for labels and use [GitLab CI pre-defined variables](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html) to guess the value as follow :
+
+| Label | Gitlab CI pre-defined variable |
+| ----------------------------------- | ------------------------------ |
+| `org.opencontainers.image.url` | `$CI_PROJECT_URL` |
+| `org.opencontainers.image.source` | `$CI_PROJECT_URL` |
+| `org.opencontainers.image.title` | `$CI_PROJECT_PATH` |
+| `org.opencontainers.image.ref.name` | `$CI_COMMIT_REF_NAME` |
+| `org.opencontainers.image.revision` | `$CI_COMMIT_SHA` |
+| `org.opencontainers.image.created` | `$CI_JOB_STARTED_AT` |
+
+Note that spaces are currently not supported by Kaniko. Therefore, title couldn't be `CI_PROJECT_TITLE`.
+
+You may disable this feature by setting `DOCKER_METADATA` to empty or you can override some of the pre-defined label value with the `DOCKER_BUILD_ARGS`.
+
+```yaml
+DOCKER_BUILD_ARGS: "--label org.opencontainers.image.title=my-project"
+```
+
+If you have defined one of those labels in the Dockerfile, the final value will depend if image is built with Kaniko or Docker in Docker. With Kaniko, the value of the Dockerfile take precedence, while with DinD command-line argument take precedence.
+
### `docker-healthcheck` job
:warning: this job requires that your runner has required privileges to run [Docker-in-Docker](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker-workflow-with-docker-executor).
diff --git a/kicker.json b/kicker.json
index 544b86d..df1803c 100644
--- a/kicker.json
+++ b/kicker.json
@@ -48,6 +48,12 @@
"name": "DOCKER_BUILD_ARGS",
"description": "Additional docker build/kaniko arguments"
},
+ {
+ "name": "DOCKER_METADATA",
+ "description": "Additional docker build/kaniko arguments to set labels",
+ "default": "--label org.opencontainers.image.url=${CI_PROJECT_URL} --label org.opencontainers.image.source=${CI_PROJECT_URL} --label org.opencontainers.image.title=${CI_PROJECT_PATH} --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} --label org.opencontainers.image.revision=${CI_COMMIT_SHA} --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}",
+ "advanced": true
+ },
{
"name": "DOCKER_PUBLISH_ARGS",
"description": "Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)"
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 6ac8324..fb97068 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -46,6 +46,14 @@ variables:
# default integration ref name (pattern)
INTEG_REF: '/^develop$/'
+ # don't use CI_PROJECT_TITLE, kaniko doesn't support space in argument right now (https://github.com/GoogleContainerTools/kaniko/issues/1231)
+ DOCKER_METADATA: >-
+ --label org.opencontainers.image.url=${CI_PROJECT_URL}
+ --label org.opencontainers.image.source=${CI_PROJECT_URL}
+ --label org.opencontainers.image.title=${CI_PROJECT_PATH}
+ --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}
+ --label org.opencontainers.image.revision=${CI_COMMIT_SHA}
+ --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}
# ==================================================
# Stages definition
@@ -345,9 +353,9 @@ stages:
kaniko_registry_mirror_option="--registry-mirror $(echo ${DOCKER_REGISTRY_MIRROR} | sed "s|^https*://||")"
fi
log_info "Build & deploy image $docker_image"
- log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_BUILD_ARGS $*"
+ log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS $*"
# shellcheck disable=SC2086
- /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_BUILD_ARGS "$@"
+ /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@"
}
function get_latest_template_version() {
@@ -509,7 +517,7 @@ docker-dind-build:
script:
- docker pull $DOCKER_SNAPSHOT_IMAGE || true
# Build using cache if exist
- - docker build --file "$DOCKER_FILE" --cache-from $DOCKER_SNAPSHOT_IMAGE --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_BUILD_ARGS "$(docker_context_path)"
+ - docker build --file "$DOCKER_FILE" --cache-from $DOCKER_SNAPSHOT_IMAGE --tag $DOCKER_SNAPSHOT_IMAGE --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
- docker push $DOCKER_SNAPSHOT_IMAGE
# Display the size of each layer
- docker history $DOCKER_SNAPSHOT_IMAGE
--
GitLab