You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm wondering if there's a way to have kaniko add, override, or remove manifest annotations during an image build, similar to using the docker build --annotation flag. This is related to #1720, but looking more generically at even manual manipulation of the annotations in the manifest.
Some images, especially Docker Official images for at least some languages (my specific examples are the golang and mode images) include annotations identifying the applicable image metadata (revision, source, base image, etc). When they are used as base images for a build with kaniko, the annotations cascade to the final image (per the spec), which can be incorrect. The following shows an example, which happens to be a golang based image from a GitLab container registry.
In addition to the annotations being incorrect in the final image, they are being used by some other applications as a source of truth.
One example of an issue is using Renovate to manage dependency updates (specifically container image tags/digests). If available in the image manifest, Renovate uses the annotationsorg.opencontainers.image.source and org.opencontainers.image.url to check for release notes and link to repositories, so it fails to properly pull release notes and links to the incorrect locations (although it uses the container registry itself for versioning data, so the updates are made properly). In the example above, instead of checking the source GitLab repository for release notes, it checks the GitHub golang repository. Without annotations the repository is properly resolved from the container image name.
The text was updated successfully, but these errors were encountered:
I'm wondering if there's a way to have kaniko add, override, or remove manifest
annotationsduring an image build, similar to using thedocker build --annotationflag. This is related to #1720, but looking more generically at even manual manipulation of theannotationsin the manifest.Some images, especially Docker Official images for at least some languages (my specific examples are the
golangandmodeimages) includeannotationsidentifying the applicable image metadata (revision, source, base image, etc). When they are used as base images for a build with kaniko, theannotationscascade to the final image (per the spec), which can be incorrect. The following shows an example, which happens to be agolangbased image from a GitLab container registry.In addition to the
annotationsbeing incorrect in the final image, they are being used by some other applications as a source of truth.One example of an issue is using Renovate to manage dependency updates (specifically container image tags/digests). If available in the image manifest, Renovate uses the
annotationsorg.opencontainers.image.sourceandorg.opencontainers.image.urlto check for release notes and link to repositories, so it fails to properly pull release notes and links to the incorrect locations (although it uses the container registry itself for versioning data, so the updates are made properly). In the example above, instead of checking the source GitLab repository for release notes, it checks the GitHubgolangrepository. Withoutannotationsthe repository is properly resolved from the container image name.The text was updated successfully, but these errors were encountered: