diff --git a/.github/workflows/ngwpc-cicd.yml b/.github/workflows/ngwpc-cicd.yml index 03791a9e98..87c8471898 100644 --- a/.github/workflows/ngwpc-cicd.yml +++ b/.github/workflows/ngwpc-cicd.yml @@ -53,8 +53,9 @@ jobs: commit_sha_short: ${{ steps.vars.outputs.commit_sha_short }} test_image_tag: ${{ steps.vars.outputs.test_image_tag }} alias_tag: ${{ steps.vars.outputs.alias_tag }} - build_date: ${{ steps.vars.outputs.build_date }} clean_ref: ${{ steps.vars.outputs.clean_ref }} + ngen_forcing_digest: ${{ steps.vars.outputs.ngen_forcing_digest }} + ngen_forcing_revision: ${{ steps.vars.outputs.ngen_forcing_revision }} steps: - name: Compute image vars id: vars @@ -70,9 +71,6 @@ jobs: # one datetime for all time variables NOW=$(date -u +'%Y-%m-%d %H:%M:%S') - # for OCI labels - BUILD_DATE=$(date -u -d "$NOW" +'%Y-%m-%dT%H:%M:%SZ') - # for Docker image tags TIMESTAMP=$(date -u -d "$NOW" +'%Y%m%d%H%M%SZ') @@ -107,15 +105,29 @@ jobs: ALIAS="${TIMESTAMP}-${CLEAN_REF}" fi + # skopeo is needed to inspect the base image + if ! command -v skopeo >/dev/null 2>&1; then + sudo apt-get update -y + sudo apt-get install -y --no-install-recommends skopeo + fi + + # base image (ngen-forcing) metadata for ngen Dockerfile labels + NGEN_FORCING_IMAGE_TAG="${{ inputs.NGEN_FORCING_IMAGE_TAG || 'latest' }}" + NGEN_FORCING_IMAGE="ghcr.io/${ORG}/ngen-bmi-forcing:${NGEN_FORCING_IMAGE_TAG}" + NGEN_FORCING_INSPECT=$(skopeo inspect "docker://${NGEN_FORCING_IMAGE}" 2>/dev/null || echo '{}') + NGEN_FORCING_DIGEST=$(echo "$NGEN_FORCING_INSPECT" | jq -r '.Digest // "unknown"') + NGEN_FORCING_REVISION=$(echo "$NGEN_FORCING_INSPECT" | jq -r '.Labels["org.opencontainers.image.revision"] // "unknown"') + # save outputs echo "org=${ORG}" >> "$GITHUB_OUTPUT" echo "image_base=${IMAGE_BASE}" >> "$GITHUB_OUTPUT" - echo "build_date=${BUILD_DATE}" >> "$GITHUB_OUTPUT" echo "test_image_tag=${TEST_TAG}" >> "$GITHUB_OUTPUT" echo "alias_tag=${ALIAS}" >> "$GITHUB_OUTPUT" echo "commit_sha=${REAL_SHA}" >> "$GITHUB_OUTPUT" echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT" echo "clean_ref=${CLEAN_REF}" >> "$GITHUB_OUTPUT" + echo "ngen_forcing_digest=${NGEN_FORCING_DIGEST}" >> "$GITHUB_OUTPUT" + echo "ngen_forcing_revision=${NGEN_FORCING_REVISION}" >> "$GITHUB_OUTPUT" # CodeQL scan codeql-scan: @@ -270,13 +282,14 @@ jobs: build-args: | ORG=${{ needs.setup.outputs.org }} NGEN_FORCING_IMAGE_TAG=${{ inputs.NGEN_FORCING_IMAGE_TAG || 'latest' }} + BASE_IMAGE_DIGEST=${{ needs.setup.outputs.ngen_forcing_digest }} + BASE_IMAGE_REVISION=${{ needs.setup.outputs.ngen_forcing_revision }} EWTS_ORG=${{ inputs.EWTS_ORG || 'NGWPC' }} EWTS_REF=${{ inputs.EWTS_REF || 'development' }} IMAGE_SOURCE=https://github.com/${{ github.repository }} IMAGE_VENDOR=${{ github.repository_owner }} IMAGE_VERSION=${{ needs.setup.outputs.clean_ref }} IMAGE_REVISION=${{ needs.setup.outputs.commit_sha }} - IMAGE_CREATED=${{ needs.setup.outputs.build_date }} CI_COMMIT_REF_NAME=${{ needs.setup.outputs.clean_ref }} # run unit tests inside the built Docker image diff --git a/Dockerfile b/Dockerfile index c08f6cb206..8b721f514a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,6 @@ ARG IMAGE_SOURCE="unknown" ARG IMAGE_VENDOR="unknown" ARG IMAGE_VERSION="unknown" ARG IMAGE_REVISION="unknown" -ARG IMAGE_CREATED="unknown" # OCI Standard Labels LABEL org.opencontainers.image.base.name="${NGEN_FORCING_IMAGE}" \ @@ -30,7 +29,8 @@ LABEL org.opencontainers.image.base.name="${NGEN_FORCING_IMAGE}" \ org.opencontainers.image.vendor="${IMAGE_VENDOR}" \ org.opencontainers.image.version="${IMAGE_VERSION}" \ org.opencontainers.image.revision="${IMAGE_REVISION}" \ - org.opencontainers.image.created="${IMAGE_CREATED}" + org.opencontainers.image.title="Next Generation Water Modeling Engine and Framework Prototype" \ + org.opencontainers.image.description="Docker image for the NGEN application" # cannot remove LANG even though https://bugs.python.org/issue19846 is fixed # last attempted removal of LANG broke many users: