-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OCI & OpenShift labels to Docker image #10007
Conversation
Don't worry, I'll split it up into two parts: adding the labels, then updating Jenkins CI, then updating GHA CI. |
8e05cac
to
6c52025
Compare
Sample of a failed run: https://github.com/camunda/zeebe/runs/7690271365?check_suite_focus=true |
2928df3
to
c8168fb
Compare
c8168fb
to
c773725
Compare
It might be interesting to create a reusable action for building our Docker image now that we have a less straightforward process for building the image. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, thanks for putting so much effort into the verify script 🏅
I only have a few suggestions but nothing that would require another review
c1fbdab
to
166e0e2
Compare
Adds labels to the Docker image following the OCI and OpenShift specs. This includes modifications to the build process to inject the few values which are dynamic, namely: - the created at ISO 8601 timestamp - the commit SHA (or revision) of the artifact - the semantic version of the artifact On top of adding labels, this modifies the `Dockerfile` a bit and pins the production image to specific sha of the base image, ensuring reproducible builds. In the future we should update this sha when need be, and update the golden file (`docker/test/docker-labels.golden.json`). This also adds `hadolint` to lint our Dockerfile and applies some of the recommendations to it. A new code quality job is added, `Docker checks`, which runs hadolint and verifies that the labels are as expected.
166e0e2
to
b447062
Compare
bors merge |
Build succeeded: |
Description
This PR adds labels to the Docker image following the OCI and OpenShift specs. This includes modifications to the build process to inject the few values which are dynamic, namely:
You can find the specs here:
On top of adding labels, this modifies the
Dockerfile
a bit and pins the production image to specific sha of the base image, ensuring reproducible builds. In the future we should update this sha when need be, and update the golden file (docker/test/docker-labels.golden.json
).This also adds
hadolint
to lint our Dockerfile and applies some of the recommendations to it. A new code quality job is added,Docker checks
, which runs hadolint and verifies that the labels are as expected. The verification is done via a bash script which grabs the labels from adocker inspect
, and compares it with an interpolated golden file (since we have a few dynamic values). The comparison is done usingdiff
, so the output should be familiar to most.Related issues
related to #9940
blocks #10013
Definition of Done
Not all items need to be done depending on the issue and the pull request.
Code changes:
backport stable/1.3
) to the PR, in case that fails you need to create backports manually.Testing:
Documentation:
Please refer to our review guidelines.