Page MenuHomePhabricator
Create Task
Maniphest T345070

Attach opencontainers image metadata to docker images
Open, MediumPublic
Actions

Description

We have multiple issues regarding metadata from our docker images:

  • There was an incident a little while back where we were looking for the source git repo for a container, which turned out to be word of mouth information
  • We can't know (without looking at multiple sources) which images are based off of each other which makes dependency tracking hard
  • Image build date and time is usually derived from the image label, which is not ideal (as it is not enforced)
  • We don't know the base OS which an image is composed (might be part of the tag, else we need to inspect image contents)

The above problems can be addressed by adding annotations/labels to the images during their build process:
https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys

This would have to be implemented in:

  • build-base-images/build-bare-slim.sh
  • docker-pkg
  • blubber

Knowing the OS versions of images would also allow us to:

  • reliably prune outdated images when they are EOLed (e.g. for T335333)
  • exclude EOLed images in the docker-reporter and docker image builds (T335282)
  • reliably exclude the handful of Alpine based images we use in docker-reporter (which are currently excluded by a heuristic based on the image name)
  • provide the ability to sort based on OS versions on Debmonitor

Related Objects

Event Timeline

fgiunchedi created this task.Aug 28 2023, 11:53 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 28 2023, 11:53 AM
JMeybohm subscribed.Oct 13 2023, 8:19 AM

/link T287130

JMeybohm updated the task description. (Show Details)Oct 13 2023, 8:24 AM
JMeybohm renamed this task from Attach git info metadata to docker images to Attach opencontainers image metadata to docker images.Oct 13 2023, 8:38 AM
JMeybohm triaged this task as Medium priority.
JMeybohm added a project: Release-Engineering-Team.
JMeybohm updated the task description. (Show Details)
JMeybohm updated the task description. (Show Details)
JMeybohm added a subscriber: MoritzMuehlenhoff.
JMeybohm updated the task description. (Show Details)Oct 27 2023, 11:19 AM
JMeybohm merged a task: T335337: Annotate images in our registry with OS (and OS version).
JMeybohm added a subscriber: akosiaris.
CDanis subscribed.Mon, Jun 17, 3:08 PM
elukey added a project: User-Elukey.Tue, Jun 18, 3:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL