From d50cbf9cda4e28d94dc6c34a752d8ef83f1a4974 Mon Sep 17 00:00:00 2001
From: "Miguel.Pena" <miguel.pena@rtx.com>
Date: Fri, 3 Apr 2026 11:49:36 -0700
Subject: [PATCH 1/2] fixing oci labels

---
 .github/workflows/ngwpc-cicd.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/ngwpc-cicd.yml b/.github/workflows/ngwpc-cicd.yml
index 03791a9e98..a99f134e5d 100644
--- a/.github/workflows/ngwpc-cicd.yml
+++ b/.github/workflows/ngwpc-cicd.yml
@@ -55,6 +55,8 @@ jobs:
       alias_tag: ${{ steps.vars.outputs.alias_tag }}
       build_date: ${{ steps.vars.outputs.build_date }}
       clean_ref: ${{ steps.vars.outputs.clean_ref }}
+      ngen_forcing_digest: ${{ steps.vars.outputs.ngen_forcing_digest }}
+      ngen_forcing_revision: ${{ steps.vars.outputs.ngen_forcing_revision }}
     steps:
       - name: Compute image vars
         id: vars
@@ -107,6 +109,19 @@ jobs:
             ALIAS="${TIMESTAMP}-${CLEAN_REF}"
           fi
 
+          # skopeo is needed to inspect the base image
+          if ! command -v skopeo >/dev/null 2>&1; then
+            sudo apt-get update -y
+            sudo apt-get install -y --no-install-recommends skopeo
+          fi
+
+          # base image (ngen-forcing) metadata for ngen Dockerfile labels
+          NGEN_FORCING_IMAGE_TAG="${{ inputs.NGEN_FORCING_IMAGE_TAG || 'latest' }}"
+          NGEN_FORCING_IMAGE="ghcr.io/${ORG}/ngen-bmi-forcing:${NGEN_FORCING_IMAGE_TAG}"
+          NGEN_FORCING_INSPECT=$(skopeo inspect "docker://${NGEN_FORCING_IMAGE}" 2>/dev/null || echo '{}')
+          NGEN_FORCING_DIGEST=$(echo "$NGEN_FORCING_INSPECT" | jq -r '.Digest // "unknown"')
+          NGEN_FORCING_REVISION=$(echo "$NGEN_FORCING_INSPECT" | jq -r '.Labels["org.opencontainers.image.revision"] // "unknown"')
+
           # save outputs
           echo "org=${ORG}" >> "$GITHUB_OUTPUT"
           echo "image_base=${IMAGE_BASE}" >> "$GITHUB_OUTPUT"
@@ -116,6 +131,8 @@ jobs:
           echo "commit_sha=${REAL_SHA}" >> "$GITHUB_OUTPUT"
           echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
           echo "clean_ref=${CLEAN_REF}" >> "$GITHUB_OUTPUT"
+          echo "ngen_forcing_digest=${NGEN_FORCING_DIGEST}" >> "$GITHUB_OUTPUT"
+          echo "ngen_forcing_revision=${NGEN_FORCING_REVISION}" >> "$GITHUB_OUTPUT"
 
   # CodeQL scan
   codeql-scan:
@@ -270,6 +287,8 @@ jobs:
           build-args: |
             ORG=${{ needs.setup.outputs.org }}
             NGEN_FORCING_IMAGE_TAG=${{ inputs.NGEN_FORCING_IMAGE_TAG || 'latest' }}
+            BASE_IMAGE_DIGEST=${{ needs.setup.outputs.ngen_forcing_digest }}
+            BASE_IMAGE_REVISION=${{ needs.setup.outputs.ngen_forcing_revision }}
             EWTS_ORG=${{ inputs.EWTS_ORG || 'NGWPC' }}
             EWTS_REF=${{ inputs.EWTS_REF || 'development' }}
             IMAGE_SOURCE=https://github.com/${{ github.repository }}

From 6cb54b00a921a13442dc8a9a696277f09d7087b4 Mon Sep 17 00:00:00 2001
From: Miguel Pena <miguelp1986@gmail.com>
Date: Fri, 3 Apr 2026 16:51:24 -0700
Subject: [PATCH 2/2] removed oci label created since creation date is already
 in image, and added labels description and title

---
 .github/workflows/ngwpc-cicd.yml | 6 ------
 Dockerfile                       | 4 ++--
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ngwpc-cicd.yml b/.github/workflows/ngwpc-cicd.yml
index a99f134e5d..87c8471898 100644
--- a/.github/workflows/ngwpc-cicd.yml
+++ b/.github/workflows/ngwpc-cicd.yml
@@ -53,7 +53,6 @@ jobs:
       commit_sha_short: ${{ steps.vars.outputs.commit_sha_short }}
       test_image_tag: ${{ steps.vars.outputs.test_image_tag }}
       alias_tag: ${{ steps.vars.outputs.alias_tag }}
-      build_date: ${{ steps.vars.outputs.build_date }}
       clean_ref: ${{ steps.vars.outputs.clean_ref }}
       ngen_forcing_digest: ${{ steps.vars.outputs.ngen_forcing_digest }}
       ngen_forcing_revision: ${{ steps.vars.outputs.ngen_forcing_revision }}
@@ -72,9 +71,6 @@ jobs:
           # one datetime for all time variables
           NOW=$(date -u +'%Y-%m-%d %H:%M:%S')
 
-          # for OCI labels
-          BUILD_DATE=$(date -u -d "$NOW" +'%Y-%m-%dT%H:%M:%SZ')
-
           # for Docker image tags
           TIMESTAMP=$(date -u -d "$NOW" +'%Y%m%d%H%M%SZ')
 
@@ -125,7 +121,6 @@ jobs:
           # save outputs
           echo "org=${ORG}" >> "$GITHUB_OUTPUT"
           echo "image_base=${IMAGE_BASE}" >> "$GITHUB_OUTPUT"
-          echo "build_date=${BUILD_DATE}" >> "$GITHUB_OUTPUT"
           echo "test_image_tag=${TEST_TAG}" >> "$GITHUB_OUTPUT"
           echo "alias_tag=${ALIAS}" >> "$GITHUB_OUTPUT"
           echo "commit_sha=${REAL_SHA}" >> "$GITHUB_OUTPUT"
@@ -295,7 +290,6 @@ jobs:
             IMAGE_VENDOR=${{ github.repository_owner }}
             IMAGE_VERSION=${{ needs.setup.outputs.clean_ref }}
             IMAGE_REVISION=${{ needs.setup.outputs.commit_sha }}
-            IMAGE_CREATED=${{ needs.setup.outputs.build_date }}
             CI_COMMIT_REF_NAME=${{ needs.setup.outputs.clean_ref }}
 
 # run unit tests inside the built Docker image
diff --git a/Dockerfile b/Dockerfile
index c08f6cb206..8b721f514a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,6 @@ ARG IMAGE_SOURCE="unknown"
 ARG IMAGE_VENDOR="unknown"
 ARG IMAGE_VERSION="unknown"
 ARG IMAGE_REVISION="unknown"
-ARG IMAGE_CREATED="unknown"
 
 # OCI Standard Labels
 LABEL org.opencontainers.image.base.name="${NGEN_FORCING_IMAGE}" \
@@ -30,7 +29,8 @@ LABEL org.opencontainers.image.base.name="${NGEN_FORCING_IMAGE}" \
     org.opencontainers.image.vendor="${IMAGE_VENDOR}" \
     org.opencontainers.image.version="${IMAGE_VERSION}" \
     org.opencontainers.image.revision="${IMAGE_REVISION}" \
-    org.opencontainers.image.created="${IMAGE_CREATED}"
+    org.opencontainers.image.title="Next Generation Water Modeling Engine and Framework Prototype" \
+    org.opencontainers.image.description="Docker image for the NGEN application"
 
 # cannot remove LANG even though https://bugs.python.org/issue19846 is fixed
 # last attempted removal of LANG broke many users: