Add labels with base image information to docker images

[jcfiorenzano]

Required Information

Question, Bug, or Feature?
Type: Feature

Enter Task Name: Docker

list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

Issue Description

Add labels org.opencontainers.image.base.digest with the base image digest and org.opencontainers.image.base.ref.name for the base image name. In the case of multistage builds use the latest base image.

This information can be used for other tasks that extract metadata from the image that was just built.

[ajinkya599]

@N-Usha Are you okay with these labels?

[ajinkya599]

@ninallam Can you please review the labels?

[ajinkya599]

@ajinkya599, @DS-MS and @ammohant discussed this and here are our thoughts on the required changes:
@ninallam - Please let us know if you have any other thoughts.

• Add an environment variable DOCKER_TASK_BUILT_IMAGES that captures the list of built images. Each build from Docker (V0, V1, V2) should append to this list.

• Add a new output variable DockerOutputPath in DockerV0 and DockerV1 that stores the path to the file that contains the output of the Docker task. (The behaviour of DockerOutput variable should not change).

• Instead of adding partial set of OCI labels, lets add the required labels without following the OCI conventions (keeping parity with the current build/release labels)

  • image.base.digest
  • image.base.ref.name

• There should be a way to control the addition of the new labels to the built image in all the versions of the task.
  @ninallam Should this be an environment variable or a first-class input? Also, can you please recommend a name?

[ninallam]

The above approach looks good.

There should be a way to control the addition of the new labels to the built image in all the versions of the task.
@ninallam Should this be an environment variable or a first-class input? Also, can you please recommend a name?

Regarding giving a control the to add the new labels, we should have this in Docker V2. For Docker V0, V1 we will add these labels by default. If customers want to turn off the labels they should upgrade to the latest version.

This control should be a first class input in the task as it is more discoverable. This will also align with the existing input we have for Pipeline data.
My recommendation for the input name is: addBaseImageData. Any other thoughts are welcome :)

Please note we will have to upgrade the minor version for Docker V2 once we add the new input field.

[ajinkya599]

Regarding giving a control the to add the new labels, we should have this in Docker V2. For Docker V0, V1 we will add these labels by default. If customers want to turn off the labels they should upgrade to the latest version.

@ninallam - Shouldn't we have a way to turn it off even for the older versions as well? The idea is to have a quick mitigation if hypothetically it breaks something for the users. The default can be on in all the versions.

[ninallam]

@ajinkya599 If we meed a quick mitigation, let's have a similar task input for all the versions of the task.

[krokofant]

This feature always pulls the latest image so the cache on the build agents can't be fully used without disabling it.

[ggirard07]

Is it possible to add this variable into official task documentation?