From f8498e52f9c67937fe6fedb1aa2f0ae1026a47c4 Mon Sep 17 00:00:00 2001 From: Brett Cannon Date: Wed, 29 Oct 2025 09:51:40 -0700 Subject: [PATCH 1/2] Set OCI annotations in the manifest so they show up on the webpage for the images As well, add in some more common container labels and correct a couple minor mistakes in the metadata. --- .github/workflows/build-and-push.yml | 57 ++++++++++++++++++++++++++++ autoconf/Dockerfile | 5 ++- autoconf/README.md | 1 + devcontainer/Dockerfile | 3 ++ wasicontainer/Dockerfile | 5 ++- 5 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 autoconf/README.md diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml index dc5ef1b..8b0bb12 100644 --- a/.github/workflows/build-and-push.yml +++ b/.github/workflows/build-and-push.yml @@ -21,6 +21,7 @@ jobs: - name: Set Calver Date run: | echo "builddate=$(date +'%Y.%m.%d')" >> $GITHUB_OUTPUT + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT id: version - name: Checkout uses: actions/checkout@v5 @@ -34,6 +35,61 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract labels from Dockerfile + id: labels + run: | + set -euo pipefail + + # Extract labels from the Dockerfile. + DOCKERFILE=./${{ inputs.container }}/Dockerfile + + # Function to extract a label value. + extract_label() { + local label_key="$1" + grep "org.opencontainers.image.${label_key}=" "$DOCKERFILE" | \ + sed -n 's/.*org\.opencontainers\.image\.'"${label_key}"'="\([^"]*\)".*/\1/p' | \ + head -n1 || echo '' + } + + # Function to add annotation if value is non-empty. + add_annotation() { + local key="$1" + local value="$2" + if [ -n "$value" ]; then + [ -n "$annotations" ] && annotations="$annotations," + annotations="${annotations}annotation-index.org.opencontainers.image.${key}=${value}" + fi + } + + # Extract static labels from Dockerfile. + source=$(extract_label "source") + description=$(extract_label "description") + title=$(extract_label "title") + authors=$(extract_label "authors") + base_name=$(extract_label "base.name") + licenses=$(extract_label "licenses") + url=$(extract_label "url") + documentation=$(extract_label "documentation") + + # Get dynamic values from earlier steps. + created="${{ steps.version.outputs.created }}" + revision="${{ github.sha }}" + + # Build annotations string. + annotations="" + add_annotation "source" "$source" + add_annotation "description" "$description" + add_annotation "title" "$title" + add_annotation "authors" "$authors" + add_annotation "base.name" "$base_name" + add_annotation "licenses" "$licenses" + add_annotation "url" "$url" + add_annotation "documentation" "$documentation" + add_annotation "created" "$created" + add_annotation "revision" "$revision" + + # Output the complete annotations string. + echo "annotations=$annotations" >> $GITHUB_OUTPUT - name: Build and push uses: docker/build-push-action@v6 with: @@ -43,3 +99,4 @@ jobs: tags: | ghcr.io/python/${{ inputs.container }}:${{ steps.version.outputs.builddate }}.${{ github.run_id }} ghcr.io/python/${{ inputs.container }}:latest + outputs: type=image,name=ghcr.io/python/${{ inputs.container }},${{ steps.labels.outputs.annotations }} diff --git a/autoconf/Dockerfile b/autoconf/Dockerfile index 9e809fb..7ac3163 100644 --- a/autoconf/Dockerfile +++ b/autoconf/Dockerfile @@ -8,10 +8,13 @@ ARG AUTOMAKE_VERSION="1.16.5" ARG CONFIG_GIT_REV="00b15927496058d23e6258a28d8996f87cf1f191" LABEL org.opencontainers.image.source="https://github.com/python/cpython-devcontainers" -LABEL org.opencontainers.image.base.name="docker.io/library/ubuntu:22.04" +LABEL org.opencontainers.image.base.name="docker.io/library/ubuntu:24.04" LABEL org.opencontainers.image.authors="Donghee Na" LABEL org.opencontainers.image.title="GNU Autoconf ${AUTOCONF_VERSION} container for CPython" LABEL org.opencontainers.image.description="Container image with GNU Autoconf ${AUTOCONF_VERSION}, GNU Automake ${AUTOMAKE_VERSION}, and autoconf-archive ${AUTOCONF_ARCHIVE_VERSION} for generating CPython's configure script." +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.url="https://github.com/python/cpython-devcontainers" +LABEL org.opencontainers.image.documentation="https://github.com/python/cpython-devcontainers/blob/main/autoconf/README.md" RUN apt-get update && \ apt-get install -yq \ diff --git a/autoconf/README.md b/autoconf/README.md new file mode 100644 index 0000000..3c1e83b --- /dev/null +++ b/autoconf/README.md @@ -0,0 +1 @@ +Container image for recreating `configure` from `configure.ac` for CPython (via the `make regen-configure` command). diff --git a/devcontainer/Dockerfile b/devcontainer/Dockerfile index b58f9a3..7601b3e 100644 --- a/devcontainer/Dockerfile +++ b/devcontainer/Dockerfile @@ -5,6 +5,9 @@ LABEL org.opencontainers.image.source="https://github.com/python/cpython-devcont LABEL org.opencontainers.image.title="CPython development container" LABEL org.opencontainers.image.description="CPython development container with the tooling to work on Linux builds." LABEL org.opencontainers.image.authors="Brett Cannon" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.url="https://github.com/python/cpython-devcontainers" +LABEL org.opencontainers.image.documentation="https://github.com/python/cpython-devcontainers/blob/main/devcontainer/README.md" ENV CC=clang diff --git a/wasicontainer/Dockerfile b/wasicontainer/Dockerfile index aded10d..2f995e2 100644 --- a/wasicontainer/Dockerfile +++ b/wasicontainer/Dockerfile @@ -1,10 +1,13 @@ FROM ghcr.io/python/devcontainer:latest -LABEL org.opencontainers.image.base.name="ghcr.io/python/wasicontainer:latest" +LABEL org.opencontainers.image.base.name="ghcr.io/python/devcontainer:latest" LABEL org.opencontainers.image.source="https://github.com/python/cpython-devcontainers" LABEL org.opencontainers.image.title="CPython WASI development container" LABEL org.opencontainers.image.description="CPython development container with the tooling to work on WASI builds." LABEL org.opencontainers.image.authors="Brett Cannon" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.url="https://github.com/python/cpython-devcontainers" +LABEL org.opencontainers.image.documentation="https://github.com/python/cpython-devcontainers/blob/main/wasicontainer/README.md" ARG TARGETARCH From 82f34de18e348c0af1f2cc850c197d42c19e9485 Mon Sep 17 00:00:00 2001 From: Brett Cannon Date: Thu, 30 Oct 2025 10:51:18 -0700 Subject: [PATCH 2/2] Add a comment about why we are adding annotations --- .github/workflows/build-and-push.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml index 8b0bb12..476cccc 100644 --- a/.github/workflows/build-and-push.yml +++ b/.github/workflows/build-and-push.yml @@ -35,6 +35,14 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Extract labels from the Dockerfile to use as OCI annotations. + # This allows them to show up on the webpages for the containers on GHCR due to using + # multi-arch images + # (as documented at + # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#adding-a-description-to-multi-arch-images + # ). + # The pre-defined annotations by the OCI that you can add to a manifest can be found at + # https://specs.opencontainers.org/image-spec/annotations/#pre-defined-annotation-keys - name: Extract labels from Dockerfile id: labels run: |