add missing docker labels #8509
Description
Is your feature request related to a problem? Please describe.
The current implementation is missing some attributes like title, documentation, license etc --> see detailed information below.
Solution / Enhancement
The Docker images provided for Authentik currently do not contain all recommended Docker labels that contain the corresponding references to the corresponding repository, the license, the "manufacturer", the link to the documentation or similar. The OpenContainerInitiative has created an open standard that contains various meta information and is also officially recommended by Docker (e.g. instead of the deprecated MAINTAINER).
I would suggest the following labels from the selection - here in the issue for clarification with example values.
I marked all labels with ✅ that are allreaddy implemented:
org.opencontainers.image.title="MariaDB Community" # Human-readable title of the image
✅org.opencontainers.image.description="MariaDB Database for relational SQL" # Human-readable description of the software packaged in the image
org.opencontainers.image.created="2023-06-14T15:37:46Z" # date and time on which the image was built, conforming to RFC 3339(https://datatracker.ietf.org/doc/html/rfc3339#section-5.6)
org.opencontainers.image.authors="MariaDB Community" # contact details of the people or organization responsible for the image
✅org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker" # URL to find more information on the image
org.opencontainers.image.documentation="https://hub.docker.com/_/mariadb/" # URL to get documentation on the image
✅org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" # URL to get source code for building the image
✅org.opencontainers.image.version="10.11.6" # version of the packaged software
✅org.opencontainers.image.revision="abf8f791360b2bc4a5c7d011877668679bcbb3f2" # Source control revision identifier for the packaged software --> aka. Git SHA
org.opencontainers.image.vendor="MariaDB Community" # Name of the distributing entity, organization or individual
org.opencontainers.image.licenses="GPL-2.0" # License(s) under which contained software is distributed as an SPDX License Expression(https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/)
org.opencontainers.image.ref.name="ubuntu" # Name of the reference for a target
org.opencontainers.image.base.name="docker.io/library/ubuntu:jammy"Implementation
- The static values can be stored in the Dockerfile depending on the build setup, the dynamic values (commit ref, build date, etc.) must be set dynamically in the workflow.
- If the values are always set dynamically in the workflow, this has the advantage that packages are published with adapted values in the event of a fork.
Static values (which won't change that often)
...
LABEL org.opencontainers.image.title="MariaDB Community" \
✅org.opencontainers.image.description="MariaDB Database for relational SQL" \
org.opencontainers.image.authors="MariaDB Community" \
✅org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker" \
org.opencontainers.image.documentation="https://hub.docker.com/_/mariadb/" \
✅org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \
org.opencontainers.image.vendor="MariaDB Community" \
org.opencontainers.image.licenses="GPL-2.0"
...... and dynamic labels (which are indeed mostly static, but could also be fetched dynamically for the afore-mentioned reasons of flexibility):
...
echo "NOW=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
....
org.opencontainers.image.title=${{github.event.repository.name}} # vorausgesetzt, der Repository-Name entspricht dem Image-Name!
✅org.opencontainers.image.description="a short text describing the image"
org.opencontainers.image.created=${{ env.NOW }}
org.opencontainers.image.authors="MariaDB Community"
✅org.opencontainers.image.url="https://umami.is/"
org.opencontainers.image.documentation="https://umami.is/docs"
✅org.opencontainers.image.source=${{github.server_url}}/${{github.repository}}
✅org.opencontainers.image.version=${{github.ref_name}}
✅org.opencontainers.image.revision=${{github.sha}}
org.opencontainers.image.vendor=${{github.repository_owner}} # vorausgesetzt, der Repository-Owner entspricht dem Image-Author!
org.opencontainers.image.licenses="GPL-2.0"
org.opencontainers.image.ref.name="alpine"
org.opencontainers.image.base.name="docker.io/library/alpine"--> I would recommend a dynamic implementation where possible.
After positive feedback I can create a corresponding PullRequest :)
Advantages and benefits:
- Tools such as Renovate or Dependabot (which I actively use myself) read the tags and can embed the changelog or a reference to the source repo directly in the automated pull requests
- Github also displays the information contained in the own container registry GHCR
- the information can also be output via CLI
docker inspect:docker inspect $(docker ps -q) --format='{{ .Id }} {{ index .Config.Labels "org.opencontainers.image.source" }}'- or any other parameter instead of.source- so you can quickly see all active container licenses, the build date etc., for example.
Background / predecessor
- the previously used label schema(https://github.com/label-schema/label-schema.org/blob/gh-pages/rc1.md) is deprecated and has been replaced by the OCI annotations - there is a corresponding mapping table for transfer.