[PATCH 1/1] ci: redact non-reproducible annotations of container
0 views
Skip to first unread message
Felix Moessbauer
May 15, 2024, 3:59:01 PMMay 15
to kas-...@googlegroups.com, jan.k...@siemens.com, Felix Moessbauer
Prior to this patch, only the layers itself are reproducible,
but not the manifests. By that, rebuilders (e.g. via github
action in forks) will generate manifests with a different digest.
The reason for that are non-reproducible annotations in the manifests.
This patch fixes this by redacting the problematic annotations.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/actions/docker-init/action.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index 64a525659..5c391bff2 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -65,6 +65,10 @@ runs:
annotations: |
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
org.opencontainers.image.licenses=MIT and others
+ # redact information that is not reproducible
+ org.opencontainers.image.created=
+ org.opencontainers.image.source=
+ org.opencontainers.image.url=
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
--
2.39.2
but not the manifests. By that, rebuilders (e.g. via github
action in forks) will generate manifests with a different digest.
The reason for that are non-reproducible annotations in the manifests.
This patch fixes this by redacting the problematic annotations.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
.github/actions/docker-init/action.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index 64a525659..5c391bff2 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -65,6 +65,10 @@ runs:
annotations: |
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
org.opencontainers.image.licenses=MIT and others
+ # redact information that is not reproducible
+ org.opencontainers.image.created=
+ org.opencontainers.image.source=
+ org.opencontainers.image.url=
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
--
2.39.2
Jan Kiszka
May 15, 2024, 4:13:38 PMMay 15
to Felix Moessbauer, kas-...@googlegroups.com
Jan
--
Siemens AG, Technology
Linux Expert Center
Reply all
Reply to author
Forward
0 new messages