Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oci_image should support setting created and stamp #661

Open
thesayyn opened this issue Jul 25, 2024 · 2 comments · May be fixed by #724
Open

oci_image should support setting created and stamp #661

thesayyn opened this issue Jul 25, 2024 · 2 comments · May be fixed by #724
Labels
enhancement New feature or request

Comments

@thesayyn
Copy link
Collaborator

#49
@thesayyn thesayyn mentioned this issue Jul 25, 2024
Closed
@thesayyn thesayyn added the enhancement New feature or request label Aug 7, 2024
@hanneskaeufler
Copy link

hanneskaeufler commented Oct 16, 2024
edited
Loading

I looked into this a bit, and via https://github.com/opencontainers/image-spec/blob/main/annotations.md#back-compatibility-with-label-schema it occurred to me that I'd be able to set an annotation of org.opencontainers.image.created=2024-10-16T05:24:06Z. This is already possible via oci_image such as

     env = {
         "ENV": "/test",
     },
+    annotations = ":annotations.txt",
 )

where annotations.txt is of course

org.opencontainers.image.created=2024-10-16T05:24:06Z

This annotation is already correctly forwarded to the blob so that when you patch the above into e2e/smoke/BUILD.bazel and run the e2e test, then

cat bazel-out/darwin_arm64-fastbuild/bin/image/blobs/sha256/12a9bab86e5c959b4b7d7f85a0e1823ff9809d9a4af324677214986ca5379048

will yield

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
  "config": {
    "mediaType": "application/vnd.docker.container.image.v1+json",
    "size": 910,
    "digest": "sha256:0a8456b11c2e37ebf65ae6c1c7109e94345e6cb68a624b3ab9da7776bd96e0e7"
  },
  "layers": [
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 820995,
      "digest": "sha256:6b0b1527d75b1e49c2cb08f4eb8616c64c9a20a8b9d8c1179146b2675586536b"
    },
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 7089657,
      "digest": "sha256:26e3e4b0848c0e87391a7a844b11fcd2e6d223bd516be6ac8b17bac4e6808609"
    }
  ],
  "annotations": {
    "org.opencontainers.image.created": "2024-10-16T05:24:06Z"
  }
}

Going further, this can be combined with

expand_template(
    name = "annotations",
    out = "annotations.txt",
    template = "annotations.txt.template",
    stamp_substitutions = {"CREATED_AT": "{{BUILD_TIMESTAMP}}"},
)

even gets us as far as

  "annotations": {
    "org.opencontainers.image.created": "1729106583"
  }

when running the Bazel command with --stamp.

Now the fun thing is: docker doesn't seem to care for this annotation at all. Quoting from ChatGPT:

When you load an OCI image tarball using docker load, Docker does not respect the org.opencontainers.image.created annotation from the image manifest or config. Instead, it sets the Created field based on when the image is loaded into Docker. This behavior is inherent to Docker’s implementation and is not aligned with the OCI specification, which allows for the use of annotations like org.opencontainers.image.created.

@hanneskaeufler
Copy link

And for myself: This can be combined with a workspace status command which outputs a iso8601 formatted date:

#!/bin/bash

BUILD_TIMESTAMP=${BUILD_TIMESTAMP:-$(date +%s)}
BUILD_ISO8601=$(date -u -r "$BUILD_TIMESTAMP" +"%Y-%m-%dT%H:%M:%SZ") # macOS specific
echo "BUILD_ISO8601 $BUILD_ISO8601"

This was referenced Oct 17, 2024
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
2 participants
@hanneskaeufler @thesayyn