Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support setting OCI annotations in images built by ko - and stop inheriting all annotations #1395

Closed
afrittoli opened this issue Sep 11, 2024 · 0 comments · Fixed by #1426
Closed

Support setting OCI annotations in images built by ko - and stop inheriting all annotations #1395

afrittoli opened this issue Sep 11, 2024 · 0 comments · Fixed by #1426

Comments

@afrittoli
Copy link

OCI annotations can be set on manifests, to provide metadata about the images.

ko today supports setting labels (introduced by docker) but not setting annotations (introduced by the OCI spec).
It does set annotations related to the base image used, which is great, but it also sets additional annotations, inherited from the base image, which do not apply to the target image, and cannot be overwritten using ko.

This feature request stems from something I noticed on Tekton container images.
Since Tekton uses Chainguard's base images and ko to build its images, the annotations resulting in Tekton images look like:

crane manifest gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.63.0@sha256:e3d170eb9bc04c6ee69306529c2f82e84296a52414e136ef16995ac179abcd12 | jq .annotations
{
  "org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/",
  "org.opencontainers.image.base.digest": "sha256:67a1b00e0134e2b3a614c7198a26f7deed9d11b7acad4d52c79c0cfd47a2eae7",
  "org.opencontainers.image.base.name": "cgr.dev/chainguard/static@sha256:67a1b00e0134e2b3a614c7198a26f7deed9d11b7acad4d52c79c0cfd47a2eae7",
  "org.opencontainers.image.source": "https://github.com/chainguard-images/images/tree/main/images/static",
  "org.opencontainers.image.url": "https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/"
}

While the org.opencontainers.image.base part is correct, the values author, source and URL do not apply to Tekton images.
seankhliao added a commit to seankhliao/ko that referenced this issue Oct 15, 2024
@seankhliao
allow setting annotations
3c94bd2 
This adds a new build flag for setting annotations
on image indexes and manifests.
Annotations are no longer copied from the base image.
`org.opencontainers.image.base.digest` and
`org.opencontainers.image.base.name`
are always set to the resolved values.

Usage example:

```sh
ko build --image-annotation foo=bar,fizz=buzz .
```

Fixes ko-build#1090
Fixes ko-build#1090
Fixes ko-build#1231
Fixes ko-build#1235
Fixes ko-build#1395
@seankhliao seankhliao mentioned this issue Oct 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

allow setting annotations seankhliao/ko
1 participant
@afrittoli