From a40874fc52a3cbd01fe2f2cfb74e384e69b4927a Mon Sep 17 00:00:00 2001 From: martincostello Date: Mon, 10 Nov 2025 10:43:43 +0000 Subject: [PATCH 1/2] Add annotations to container image - Add annotations to container image, manifest and index. - Enable reproducible builds. --- .github/workflows/ghcr-image-build-and-publish.yml | 9 +++++++++ .github/workflows/release.yml | 9 ++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ghcr-image-build-and-publish.yml b/.github/workflows/ghcr-image-build-and-publish.yml index f51604bd..752e38f0 100644 --- a/.github/workflows/ghcr-image-build-and-publish.yml +++ b/.github/workflows/ghcr-image-build-and-publish.yml @@ -36,6 +36,10 @@ jobs: with: persist-credentials: false + - name: Get Git commit timestamp + shell: bash + run: echo "GIT_COMMIT_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}" + - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 @@ -54,6 +58,8 @@ jobs: - name: Extract Docker metadata id: meta uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} labels: |- @@ -67,7 +73,10 @@ jobs: - name: Build and push Docker image id: push uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + env: + SOURCE_DATE_EPOCH: ${{ env.GIT_COMMIT_EPOCH }} with: + annotations: ${{ steps.meta.outputs.annotations }} cache-from: type=gha cache-to: type=gha,mode=max context: docker/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 672b93c6..175356b8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,13 +22,20 @@ jobs: id-token: write steps: - - id: checkout + - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false + - name: Get Git commit timestamp + shell: bash + run: echo "GIT_COMMIT_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}" + - id: push-to-dockerhub uses: grafana/shared-workflows/actions/docker-build-push-image@c658f0fe8393e31c39d266684ef273c6538ed0e1 # docker-build-push-image/v0.1.0 + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + SOURCE_DATE_EPOCH: ${{ env.GIT_COMMIT_EPOCH }} with: dockerhub-repository: grafana/otel-lgtm context: docker From 32ab4744092eb25f1be6e8eb85ddf050cab34c3b Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Tue, 11 Nov 2025 09:26:45 +0000 Subject: [PATCH 2/2] Bump docker-build-push-image Update docker-build-push-image to 0.2.0 to support annotations. Signed-off-by: Martin Costello --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 175356b8..0ff426b8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: run: echo "GIT_COMMIT_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}" - id: push-to-dockerhub - uses: grafana/shared-workflows/actions/docker-build-push-image@c658f0fe8393e31c39d266684ef273c6538ed0e1 # docker-build-push-image/v0.1.0 + uses: grafana/shared-workflows/actions/docker-build-push-image@b3d136565946d8788dd6812881fb0fb2fe14bacb # docker-build-push-image/v0.2.0 env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index SOURCE_DATE_EPOCH: ${{ env.GIT_COMMIT_EPOCH }}