Add OCI image annotations

These annotations are useful for tools (such as Renovate and Snyk) to use as well as for manual use by individuals. See: https://github.com/opencontainers/image-spec/blob/v1.1.0/annotations.md#pre-defined-annotation-keys
aquasecurity · May 30, 2024 · a051f5d · a051f5d
1 parent bd78231
commit a051f5d
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -28,6 +28,8 @@ jobs:
           for tag in ${tags[@]}; do
               oras push ghcr.io/aquasecurity/trivy-policies:${tag} \
               --config /dev/null:application/vnd.cncf.openpolicyagent.config.v1+json \
+              --annotation "org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
+              --annotation "org.opencontainers.image.revision=$GITHUB_SHA" \
               bundle.tar.gz:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip
           done
       - name: Deploy checks bundle to ghcr.io