From 16e044616e5e415aaa1b8d1192a82f60d60aca71 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@siemens.com>
Date: Wed, 15 May 2024 21:58:47 +0200
Subject: [PATCH] ci: redact non-reproducible annotations of container

Prior to this patch, only the layers itself are reproducible,
but not the manifests. By that, rebuilders (e.g. via github
action in forks) will generate manifests with a different digest.
The reason for that are non-reproducible annotations in the manifests.

This patch fixes this by redacting the problematic annotations.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 .github/actions/docker-init/action.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/actions/docker-init/action.yml b/.github/actions/docker-init/action.yml
index 64a52565..5c391bff 100644
--- a/.github/actions/docker-init/action.yml
+++ b/.github/actions/docker-init/action.yml
@@ -65,6 +65,10 @@ runs:
         annotations: |
           org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
           org.opencontainers.image.licenses=MIT and others
+          # redact information that is not reproducible
+          org.opencontainers.image.created=
+          org.opencontainers.image.source=
+          org.opencontainers.image.url=
       env:
         DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index