Erwan-loot opened a new pull request, #2846: URL: https://github.com/apache/tika/pull/2846
## Context Add [OCI Image Spec](https://github.com/opencontainers/image-spec/blob/main/annotations.md) standard labels to all five Dockerfiles published by this repository, and wire the dynamic labels through the two CI workflows. **This PR touches Docker metadata only — no changes to Tika source code, Maven build, tests, or runtime behaviour.** Note: JIRA registration is currently closed, so I was unable to file a tracker issue first. If a JIRA ticket is required, I'm happy to create one once registration reopens, or a maintainer can create it and I'll update the PR title accordingly. ## Type Improvement — Docker metadata only, no functional changes. ## Dockerfiles modified | Dockerfile | Published image | |---|---| | `tika-server/docker-build/minimal/Dockerfile` | `apache/tika:X.Y.Z` | | `tika-server/docker-build/full/Dockerfile` | `apache/tika:X.Y.Z-full` | | `tika-server/docker-build/minimal/Dockerfile.snapshot` | `apache/tika:X.Y.Z-SNAPSHOT` | | `tika-server/docker-build/full/Dockerfile.snapshot` | `apache/tika:X.Y.Z-SNAPSHOT-full` | | `tika-grpc/docker-build/Dockerfile` | `apache/tika-grpc:X.Y.Z` | ## Labels added | Label | Value | Type | |---|---|---| | `org.opencontainers.image.title` | `"Apache Tika Server"` / `"Apache Tika Server (full)"` / `"Apache Tika gRPC Server"` | Static | | `org.opencontainers.image.description` | Variant-specific description | Static | | `org.opencontainers.image.url` | `https://hub.docker.com/r/apache/tika` (or `/tika-grpc`) | Static | | `org.opencontainers.image.source` | `https://github.com/apache/tika` | Static | | `org.opencontainers.image.documentation` | `https://tika.apache.org/` | Static | | `org.opencontainers.image.vendor` | `Apache Software Foundation` | Static | | `org.opencontainers.image.licenses` | `Apache-2.0` | Static | | `org.opencontainers.image.version` | `${TIKA_VERSION}` / `${VERSION}` | Dynamic (existing ARG) | | `org.opencontainers.image.revision` | `${REVISION}` — git SHA at build time | Dynamic (new ARG + CI) | | `org.opencontainers.image.created` | `${CREATED}` — RFC 3339 build timestamp | Dynamic (new ARG + CI) | The existing `maintainer` label is preserved as-is in all files. ## CI changes A new `Set build metadata` step is added to each Docker job in both workflows (`docker-release.yml` and `docker-snapshot.yml`). It captures `git rev-parse HEAD` (the exact checked-out commit, not `GITHUB_SHA`, so it is correct for the `workflow_dispatch`-with-`source_ref` path) and the current UTC timestamp, then passes them as `REVISION` and `CREATED` build-args to every `docker/build-push-action` call. If `REVISION` or `CREATED` are not supplied (e.g. a local `docker build` without the build-args), the ARGs default to empty strings — the labels are still present but unpopulated, which is harmless. ## Benefits - **Dependency bot changelogs**: Renovate and Dependabot use `org.opencontainers.image.source` to link release notes in update PRs - **Registry UI**: GHCR, Docker Hub display title, description, license, and source link from OCI labels - **Image provenance**: `revision` + `created` allow pinpointing the exact source commit and build time for security audits and CVE investigations - **Standardisation**: Aligns with OCI Image Spec best practices widely adopted across the container ecosystem ## How to verify After the next CI build, inspect the published image: ```bash docker pull apache/tika:latest docker inspect apache/tika:latest --format '{{ json .Config.Labels }}' | jq . ``` All `org.opencontainers.image.*` keys should be present and populated. ## References - [OCI Image Spec — Annotations](https://github.com/opencontainers/image-spec/blob/main/annotations.md) - [Renovate Docker datasource](https://docs.renovatebot.com/modules/datasource/docker/) - [Docker — Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
