- Name: OCI Image annotations
- Start Date: 2021-12-03
- Author(s): @samj1912
- Status: Draft
- RFC Pull Request: (leave blank)
- CNB Pull Request: (leave blank)
- CNB Issue: (leave blank)
- Supersedes: (put "N/A" unless this replaces an existing RFC, then link to that RFC)
Add OCI recommended image annotations to output images.
N/A
Certain OCI image scanning and debugging tools take into account standard annotations on the images as defined by OCI Spec - Pre-defined Annotation keys. Buildpacks already records some of this information in the project.toml and other labels defined at https://github.com/buildpacks/spec/blob/main/platform.md#labels. We should also preserve this information in the output image in appropriate annotations as recommended by the OCI spec.
Adds OCI recommended annotations to the output image.
Optionally adds the following annotations where applicable when lifecycle is used to publish images directly to the registry -
org.opencontainers.image.base.name: Run image tag name. Currently stored inio.buildpacks.lifecycle.metadata.run-image.referenceorg.opencontainers.image.base.digest: Run image digest. Currently stored inio.buildpacks.lifecycle.metadata.run-image.reference
The platform may also provide appropriate keys inside project-metadata.toml to the lifecycle so that it exports the appropriate annotations listed below.
org.opencontainers.image.source: URL to the image source if the source is a source controlled repository, URL to a blob etc. Sourced fromsource.metadata.repository.org.opencontainers.image.revision: Source controlled revision of application source code. Sourced fromsource.version.commit.org.opencontainers.image.authors: Authors of hte image. Sourced fromsource.metadata.authors.org.opencontainers.image.version: Authors of hte image. Sourced fromsource.metadata.version.org.opencontainers.image.documentation: URL to find more information on the image. Sourced fromsource.metadata.documentation-url.org.opencontainers.image.title: Human-readable title of the image. Sourced fromsource.metadata.name.org.opencontainers.image.licenses: License(s) under which contained software is distributed as an SPDX License Expression. Sourced fromsource.metadata.licenses.
A platform may choose to map the above fields to the fields defined in a project descriptor as noted at https://github.com/buildpacks/spec/blob/extensions/project-descriptor%2F0.2/extensions/project-descriptor.md#non-_-tables.
Everything under source.metadata.<key> is mapped from _.<key> from the project descriptor in this case.
In case of the daemon mode, the annotations cannot be applied and will be ignored.
N/A
- https://github.com/buildpacks/rfcs/blob/main/text/0054-project-descriptor-schema.md
- https://github.com/buildpacks/rfcs/blob/main/text/0084-project-descriptor-domains.md
N/A
Per above.