Skip to content
Snippets Groups Projects
Unverified Commit ea36a659 authored by Timo Furrer's avatar Timo Furrer
Browse files

Add opencontainers image annotations 

Changelog: added
parent bc2cac16
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 25 additions and 1 deletion
.gitlab-ci.yml
+ 25
1
View file @ ea36a659
...@@ -95,7 +95,8 @@ stages: ...@@ -95,7 +95,8 @@ stages:
# We use a dash `-` here, instead of the `+`. # We use a dash `-` here, instead of the `+`.
# This may be problematic, because it indicates a semver prerelease. # This may be problematic, because it indicates a semver prerelease.
- export RELEASE_IMAGE_NAME="$CI_REGISTRY_IMAGE/gitlab-opentofu" - export RELEASE_IMAGE_NAME="$CI_REGISTRY_IMAGE/gitlab-opentofu"
- export RELEASE_IMAGE="${RELEASE_IMAGE_NAME}:${RELEASE_VERSION}${RELEASE_OPENTOFU_VERSION:+-opentofu$RELEASE_OPENTOFU_VERSION}${RELEASE_BASE_IMAGE_OS:+-$RELEASE_BASE_IMAGE_OS}" - export RELEASE_IMAGE_TAG="${RELEASE_VERSION}${RELEASE_OPENTOFU_VERSION:+-opentofu$RELEASE_OPENTOFU_VERSION}${RELEASE_BASE_IMAGE_OS:+-$RELEASE_BASE_IMAGE_OS}"
- export RELEASE_IMAGE="${RELEASE_IMAGE_NAME}:${RELEASE_IMAGE_TAG}"
variables: variables:
# OpenTofu variables # OpenTofu variables
...@@ -287,7 +288,30 @@ gitlab-opentofu-image:sign: ...@@ -287,7 +288,30 @@ gitlab-opentofu-image:sign:
- apk add --update cosign - apk add --update cosign
- cosign login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" - cosign login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
script: script:
# OpenContainers Annotations from: https://github.com/opencontainers/image-spec/blob/main/annotations.md
- cosign sign "$(crane digest --full-ref "$RELEASE_IMAGE")" - cosign sign "$(crane digest --full-ref "$RELEASE_IMAGE")"
--annotations "org.opencontainers.image.created=$CI_PIPELINE_CREATED_AT"
--annotations "org.opencontainers.image.authors=$CI_PROJECT_URL"
--annotations "org.opencontainers.image.url=$CI_PROJECT_URL"
--annotations "org.opencontainers.image.documentation=$CI_PROJECT_URL"
--annotations "org.opencontainers.image.source=$CI_PROJECT_URL"
--annotations "org.opencontainers.image.version=$CI_COMMIT_TAG"
--annotations "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--annotations "org.opencontainers.image.vendor=GitLab"
--annotations "org.opencontainers.image.licenses=MIT"
--annotations "org.opencontainers.image.ref.name=$RELEASE_IMAGE"
--annotations "org.opencontainers.image.title='GitLab OpenTofu CI/CD Component'"
--annotations "org.opencontainers.image.description='GitLab OpenTofu CI/CD Component, including OpenTofu and a wrapper to integrate with GitLab.'"
--annotations "com.gitlab.ci.user.name=$GITLAB_USER_NAME"
--annotations "com.gitlab.ci.user.id=$GITLAB_USER_ID"
--annotations "com.gitlab.ci.pipeline.id=$CI_PIPELINE_ID"
--annotations "com.gitlab.ci.pipeline.url=$CI_PIPELINE_URL"
--annotations "com.gitlab.ci.job.id=$CI_JOB_ID"
--annotations "com.gitlab.ci.job.url=$CI_JOB_URL"
--annotations "com.gitlab.ci.commit.sha=$CI_COMMIT_SHA"
--annotations "com.gitlab.ci.commit.ref.name=$CI_COMMIT_REF_NAME"
--annotations "com.gitlab.ci.project.path=$CI_PROJECT_PATH"
--annotations "tag=$RELEASE_IMAGE_TAG"
- export image_digest="$(crane digest $RELEASE_IMAGE)" - export image_digest="$(crane digest $RELEASE_IMAGE)"
- 'echo "- \`$RELEASE_IMAGE\` (digest: \`$image_digest\`)" > image$CI_JOB_ID.md' - 'echo "- \`$RELEASE_IMAGE\` (digest: \`$image_digest\`)" > image$CI_JOB_ID.md'
artifacts: artifacts:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment