[enhancement] Add better metadata to the Docker images

nebari-dev / nebari

🪴 Nebari - your open source data science platform

https://nebari.dev

BSD 3-Clause "New" or "Revised" License

273 stars 89 forks source link

[enhancement] Add better metadata to the Docker images #892

Closed trallard closed 2 years ago

trallard commented 2 years ago

Description

As part of the Docker over-haul currently going on it would be good to add better metadata for the Docker images, to facilitate findability, reproducibility and trust Right now the Docker images have a single label maintainer

Suggestion

Add more OCI compliant annotations to the Docker images seehttps://github.com/opencontainers/image-spec/blob/main/annotations.md

Context

This adheres to industry-standard best practices and increases the end-user confidence

iameskild commented 2 years ago

Hey @trallard, thanks for the suggestion! I'm only faintly aware of OCI, but I started with adding the following labels:

LABEL org.opencontainers.image.authors="Quansight" \
      org.opencontainers.image.source="https://github.com/Quansight/qhub"

Are there any others that you would recommend? Perhaps a description for each of image in question?

trallard commented 2 years ago

I would suggest adding the following on top of source and maintainer:

description
created (previous build-date from label schema) - this can be updated through GH actions
license (QHub is BSD-3 so this should inherit from)

Also it is advisable that the author label has a contact option (email, github handle, etc)

iameskild commented 2 years ago

@trallard @HarshCasper I just realized that we already set OCI-compliant labels :)

https://github.com/Quansight/qhub/runs/4111162873?check_suite_focus=true#step:5:32

Who should we add as author? @costrouc?

trallard commented 2 years ago

Maybe the QHub development team? - do we have a qhub email or something?

trallard commented 2 years ago

@iameskild are you still working on items related to this or shall we close the issue?

iameskild commented 2 years ago

Hey @trallard, I believe that we can. Here are the labels currently being applied:

      "org.opencontainers.image.title": "qhub",
      "org.opencontainers.image.description": "QHub deployment tool",
      "org.opencontainers.image.url": "https://github.com/Quansight/qhub",
      "org.opencontainers.image.source": "https://github.com/Quansight/qhub",
      "org.opencontainers.image.version": "docs-update-cleanup",
      "org.opencontainers.image.created": "2021-12-13T18:02:27.414Z",
      "org.opencontainers.image.revision": "7bcfa7e72875102025276298168c8a95e2518f5c",
      "org.opencontainers.image.licenses": "BSD-3-Clause"

I didn't find "email" as a predefined OCI key but we can add another field/key if you would like to include it. Otherwise this issue can be closed.

trallard commented 2 years ago

that should be enough - will go ahead and close this issue