Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Add "org.opencontainers.image.*" labels to policy OCI artifacts #839

Open
mueller-ma opened this issue Jul 4, 2024 · 1 comment
Open

Feature Request: Add "org.opencontainers.image.*" labels to policy OCI artifacts #839

mueller-ma opened this issue Jul 4, 2024 · 1 comment
Labels
area/automation kind/enhancement

Comments

@mueller-ma
Copy link

Is your feature request related to a problem?

I use a git repository to manage the policies that I want to apply to a Kubernetes cluster, including the name of the policy and its version. I use Renovate (https://docs.renovatebot.com/) to keep this version up to date as it opens PRs for every new version.

Compared to other PRs for container images, the ones for Kubewarden policies lack of information that would make a review easier. Here are two screenshots (from GitLab, so the term MR is used instead of PR):

grafik

grafik

The PR for traefik is easier to review, because it contains a changelog and "traefik" (inside the table) is linked to https://github.com/traefik/traefik.

Solution you'd like

Renovate (and other tools) is using the container image labels org.opencontainers.image.* to know where the repo and changelog for an image is:

As you have the GitHub actions centralized in this repo, it should be possible to add the labels for all policies in one step.

Alternatives you've considered

No response

Anything else?

PS: Where do I find the changelog of a policy, e.g. https://github.com/kubewarden/container-resources-policy/tree/main ?
@viccuad
Copy link
Member

viccuad commented Jul 9, 2024

Hi, thanks for opening this issue!
Indeed, this would be a nice feature for both Kubewarden container images and policy Wasm modules.

PS: Where do I find the changelog of a policy?

Right now, besides some exceptions like kubewarden/cel-policy, policies don't have an associated changelog. Since policies are secure, small and self-contained, they rarely have worthwhile updates with new or revised functionality that constitute a minor or major version bump. Nevertheless this would be a good addition.

Acceptance criteria

For all policies:

  • Enable release-drafter in policies and policy templates (e.g: config + workflow).
  • Update reusable-release-policy-X workflows in kubewarden/github-actions to publish the already present draft GH release (e.g here).

For all policies and container images (controller, policy-server, audit-scanner)

  • Investigate which OCI metadata annotations are useful, as they can be consumed by ArtifactHub and Renovatebot.
  • Update release jobs to annotate OCI image artifacts with:
    • org.opencontainers.image.source allows Renovatebot to find the GH release changelog.
    • Other annotations that may be taken from GH info or policies metadata.yml.

@flavio flavio transferred this issue from kubewarden/github-actions Aug 9, 2024
@flavio flavio added this to the 1.17 milestone Aug 9, 2024
@viccuad viccuad changed the title Feature Request: Add "org.opencontainers.image.*" labels to container images Feature Request: Add "org.opencontainers.image.*" labels to policy OCI artifacts Aug 23, 2024
@flavio flavio modified the milestones: 1.17, 1.18 Sep 20, 2024
@flavio flavio modified the milestones: 1.18, 1.19 Oct 22, 2024
@flavio flavio mentioned this issue Nov 4, 2024
Open
5 tasks
@flavio flavio removed this from the 1.19 milestone Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/automation kind/enhancement
Projects
Kubewarden
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@flavio @viccuad @mueller-ma