FR: setting OCI base image annotations

[imjasonh]

The OCI spec recently added specification for two new standard annotations, to facilitate pointing to a base image:

• org.opencontainers.image.base.digest Digest of the image this image is based on (string)
  • This SHOULD be the immediate image sharing zero-indexed layers with the image, such as from a Dockerfile FROM statement.
  • This SHOULD NOT reference any other images used to generate the contents of the image (e.g., multi-stage Dockerfile builds).
• org.opencontainers.image.base.name Image reference of the image this image is based on (string)
  • This SHOULD be image references in the format defined by distribution/distribution.
  • This SHOULD be a fully qualified reference name, without any assumed default registry. (e.g., registry.example.com/my-org/my-image:tag instead of my-org/my-image:tag).
  • This SHOULD be the immediate image sharing zero-indexed layers with the image, such as from a Dockerfile FROM statement.
  • This SHOULD NOT reference any other images used to generate the contents of the image (e.g., multi-stage Dockerfile builds).
  • If the image.base.name annotation is specified, the image.base.digest annotation SHOULD be the digest of the manifest referenced by the image.ref.name annotation.

More details and further motivation here: https://articles.imjasonh.com/oci-base-image-annotations

I'd like to discuss and propose that kaniko set these annotations on images it produces by default, pointing to the ref and digest of the FROM image that produces the final built image. (note: this does not include any images implicated in multi-stage builds)

[hassenius]

I'd like to see this too

[aaron-prindle]

@imjasonh do you still recommend adding theses image annotations? Can you give any insights as to how this might help kaniko users or how OCI image annotations are being used currently? Thanks!

[prudnitskiy]

Are there any updates on this feature request? Label schema is marked as obsolete for OCI