Fix/opencontainer labels

.github/workflows/development-docker.yml

@@ -12,21 +12,21 @@ permissions:
   contents: read
   packages: write
 
-concurrency: 
+concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
   check:
-    name: Check if workflow should run 
+    name: Check if workflow should run
     runs-on: ubuntu-latest
     outputs:
       enabled: ${{ steps.check.outputs.enabled }}
     steps:
       - name: Enabled Check
         id: check
         shell: bash
-        run: | 
+        run: |
           ENABLED=${{ secrets.DEVELOPMENT_DOCKER }}
 
           if [[ "${{ github.repository_owner }}" == "0xERR0R" ]]; then
@@ -87,7 +87,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ steps.get_token.outputs.token }}
-      
+
       - name: Login to DockerHub
         if: github.repository_owner == '0xERR0R'
         uses: docker/login-action@v3
@@ -106,15 +106,19 @@ jobs:
           BRANCH=${GITHUB_REF#refs/heads/}
           echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
           echo "Branch: ${BRANCH}"
-          
+
           VERSION=$(git describe --always --tags)
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "VERSION: ${VERSION}"
 
-          BUILD_TIME=$(date '+%Y%m%d-%H%M%S')
+          BUILD_TIME=$(date --iso-8601=seconds)
           echo "build_time=${BUILD_TIME}" >> $GITHUB_OUTPUT
           echo "BUILD_TIME: ${BUILD_TIME}"
 
+          DOC_PATH="main"
+          echo "doc_path=${DOC_PATH}" >> $GITHUB_OUTPUT
+          echo "DOC_PATH: ${DOC_PATH}"
+
           TAGS="ghcr.io/${REPOSITORY}:${BRANCH}"
           if [[ "${BRANCH}" == "main" ]]; then
             TAGS="${TAGS} , ghcr.io/${REPOSITORY}:development"
@@ -127,7 +131,7 @@ jobs:
           fi
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
           echo "TAGS: ${TAGS}"
-      
+
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
@@ -138,6 +142,7 @@ jobs:
           build-args: |
             VERSION=${{ steps.get_vars.outputs.version }}
             BUILD_TIME=${{ steps.get_vars.outputs.build_time }}
+            DOC_PATH=${{ steps.get_vars.outputs.doc_path }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -153,16 +158,16 @@ jobs:
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
         with:
-          scan-type: 'fs'
+          scan-type: "fs"
           ignore-unfixed: true
-          format: 'sarif'
-          output: 'trivy-repo-results.sarif'
-          severity: 'CRITICAL'
+          format: "sarif"
+          output: "trivy-repo-results.sarif"
+          severity: "CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'trivy-repo-results.sarif'
+          sarif_file: "trivy-repo-results.sarif"
 
   image-scan:
     name: Image vulnerability scan
@@ -177,14 +182,14 @@ jobs:
       - name: Run Trivy vulnerability scanner on Docker image
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }}'
-          format: 'sarif'
-          output: 'trivy-image-results.sarif'
+          image-ref: "ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }}"
+          format: "sarif"
+          output: "trivy-image-results.sarif"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'trivy-image-results.sarif'
+          sarif_file: "trivy-image-results.sarif"
 
   image-test:
     name: Test docker images
@@ -198,7 +203,7 @@ jobs:
 
       - name: Test images
         shell: bash
-        run: | 
+        run: |
           echo '::group::Version for linux/amd64'
           docker run --rm ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }} version
           echo '::endgroup::'
@@ -213,4 +218,4 @@ jobs:
 
           echo '::group::Version for linux/arm64'
           docker run --platform linux/arm64 --rm ghcr.io/${{ needs.docker.outputs.repository }}:${{ needs.docker.outputs.branch }} version
-          echo '::endgroup::'
+          echo '::endgroup::'

.github/workflows/release.yml

@@ -62,10 +62,14 @@ jobs:
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "VERSION: ${VERSION}"
 
-          BUILD_TIME=$(date '+%Y%m%d-%H%M%S')
+          BUILD_TIME=$(date --iso-8601=seconds)
           echo "build_time=${BUILD_TIME}" >> $GITHUB_OUTPUT
           echo "BUILD_TIME: ${BUILD_TIME}"
 
+          DOC_PATH=${VERSION%%-*}
+          echo "doc_path=${DOC_PATH}" >> $GITHUB_OUTPUT
+          echo "DOC_PATH: ${DOC_PATH}"
+
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
@@ -77,6 +81,7 @@ jobs:
           build-args: |
             VERSION=${{ steps.get_vars.outputs.version }}
             BUILD_TIME=${{ steps.get_vars.outputs.build_time }}
+            DOC_PATH=${{ steps.get_vars.outputs.doc_path }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -89,4 +94,4 @@ jobs:
           version: latest
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -1,3 +1,5 @@
+# syntax=docker/dockerfile:1
+
 # ----------- stage: ca-certs
 # get newest certificates in seperate stage for caching
 FROM --platform=$BUILDPLATFORM alpine:3.16 AS ca-certs
@@ -43,24 +45,25 @@ FROM scratch
 
 ARG VERSION
 ARG BUILD_TIME
+ARG DOC_PATH
 
 LABEL org.opencontainers.image.title="blocky" \
   org.opencontainers.image.vendor="0xERR0R" \
   org.opencontainers.image.licenses="Apache-2.0" \
-  org.opencontainers.image.version=${VERSION} \
-  org.opencontainers.image.created=${BUILD_TIME} \
+  org.opencontainers.image.version="${VERSION}" \
+  org.opencontainers.image.created="${BUILD_TIME}" \
   org.opencontainers.image.description="Fast and lightweight DNS proxy as ad-blocker for local network with many features" \
   org.opencontainers.image.url="https://github.com/0xERR0R/blocky#readme" \
   org.opencontainers.image.source="https://github.com/0xERR0R/blocky" \
-  org.opencontainers.image.documentation="https://0xerr0r.github.io/blocky/${VERSION}/"
+  org.opencontainers.image.documentation="https://0xerr0r.github.io/blocky/${DOC_PATH}/"
 
 
 
 USER 100
 WORKDIR /app
 
-COPY --from=ca-certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=build /bin/blocky /app/blocky
+COPY --link --from=ca-certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --link --from=build /bin/blocky /app/blocky
 
 ENV BLOCKY_CONFIG_FILE=/app/config.yml
 

Makefile

@@ -2,7 +2,8 @@
 .DEFAULT_GOAL:=help
 
 VERSION?=$(shell git describe --always --tags)
-BUILD_TIME?=$(shell date '+%Y%m%d-%H%M%S')
+BUILD_TIME?=$(shell date --iso-8601=seconds)
+DOC_PATH?="main"
 DOCKER_IMAGE_NAME=spx01/blocky
 
 BINARY_NAME:=blocky
@@ -16,7 +17,7 @@ GO_BUILD_LD_FLAGS:=\
 	-w \
 	-s \
 	-X github.com/0xERR0R/blocky/util.Version=${VERSION} \
-	-X github.com/0xERR0R/blocky/util.BuildTime=${BUILD_TIME} \
+	-X github.com/0xERR0R/blocky/util.BuildTime=$(shell date -d "${BUILD_TIME}" '+%Y%m%d-%H%M%S') \
 	-X github.com/0xERR0R/blocky/util.Architecture=${GOARCH}${GOARM}
 
 GO_BUILD_OUTPUT:=$(BIN_OUT_DIR)/$(BINARY_NAME)$(BINARY_SUFFIX)
@@ -82,6 +83,7 @@ docker-build: generate ## Build docker image
 	docker buildx build \
 		--build-arg VERSION=${VERSION} \
 		--build-arg BUILD_TIME=${BUILD_TIME} \
+		--build-arg DOC_PATH=${DOC_PATH} \
 		--network=host \
 		-o type=docker \
 		-t ${DOCKER_IMAGE_NAME} \