ci: redact non-reproducible annotations of container

Prior to this patch, only the layers itself are reproducible, but not the manifests. By that, rebuilders (e.g. via github action in forks) will generate manifests with a different digest. The reason for that are non-reproducible annotations in the manifests. This patch fixes this by redacting the problematic annotations. Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
siemens · May 15, 2024 · 16e0446 · 16e0446
1 parent bc9a636
commit 16e0446
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
@@ -65,6 +65,10 @@ runs:
         annotations: |
           org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
           org.opencontainers.image.licenses=MIT and others
+          # redact information that is not reproducible
+          org.opencontainers.image.created=
+          org.opencontainers.image.source=
+          org.opencontainers.image.url=
       env:
         DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index