Added a flag to specify OCI annotation namespace

api.go

@@ -1,6 +1,16 @@
 package stacker
 
+import "fmt"
+
 const (
-	GitVersionAnnotation      = "com.cisco.stacker.git_version"
-	StackerContentsAnnotation = "com.cisco.stacker.stacker_yaml"
+	GitVersionAnnotation      = "%s.stacker.git_version"
+	StackerContentsAnnotation = "%s.stacker.stacker_yaml"
 )
+
+func getGitVersionAnnotation(namespace string) string {
+	return fmt.Sprintf(GitVersionAnnotation, namespace)
+}
+
+func getStackerContentsAnnotation(namespace string) string {
+	return fmt.Sprintf(StackerContentsAnnotation, namespace)
+}

build.go

@@ -25,16 +25,17 @@ import (
 const DefaultShell = "/usr/bin/sh"
 
 type BuildArgs struct {
-	Config       types.StackerConfig
-	LeaveUnladen bool
-	NoCache      bool
-	Substitute   []string
-	OnRunFailure string
-	LayerTypes   []types.LayerType
-	OrderOnly    bool
-	HashRequired bool
-	SetupOnly    bool
-	Progress     bool
+	Config               types.StackerConfig
+	LeaveUnladen         bool
+	NoCache              bool
+	Substitute           []string
+	OnRunFailure         string
+	LayerTypes           []types.LayerType
+	OrderOnly            bool
+	HashRequired         bool
+	SetupOnly            bool
+	Progress             bool
+	AnnotationsNamespace string
 }
 
 // Builder is responsible for building the layers based on stackerfiles
@@ -226,10 +227,10 @@ func (b *Builder) updateOCIConfigForOutput(sf *types.Stackerfile, s types.Storag
 
 	if gitVersion != "" {
 		log.Debugf("setting git version annotation to %s", gitVersion)
-		annotations[GitVersionAnnotation] = gitVersion
+		annotations[getGitVersionAnnotation(opts.AnnotationsNamespace)] = gitVersion
 	}
 
-	annotations[StackerContentsAnnotation] = sf.AfterSubstitutions
+	annotations[getStackerContentsAnnotation(opts.AnnotationsNamespace)] = sf.AfterSubstitutions
 
 	history := ispec.History{
 		EmptyLayer: true, // this is only the history for imageConfig edit

cmd/build.go

@@ -62,6 +62,11 @@ func initCommonBuildFlags() []cli.Flag {
 			Name:  "order-only",
 			Usage: "show the build order without running the actual build",
 		},
+		cli.StringFlag{
+			Name:  "annotations-namespace",
+			Usage: "set OCI annotations namespace in the OCI image manifest",
+			Value: "io.stackeroci",
+		},
 	}
 }
 
@@ -82,13 +87,14 @@ func beforeBuild(ctx *cli.Context) error {
 
 func newBuildArgs(ctx *cli.Context) (stacker.BuildArgs, error) {
 	args := stacker.BuildArgs{
-		Config:       config,
-		NoCache:      ctx.Bool("no-cache"),
-		Substitute:   ctx.StringSlice("substitute"),
-		OnRunFailure: ctx.String("on-run-failure"),
-		OrderOnly:    ctx.Bool("order-only"),
-		HashRequired: ctx.Bool("require-hash"),
-		Progress:     shouldShowProgress(ctx),
+		Config:               config,
+		NoCache:              ctx.Bool("no-cache"),
+		Substitute:           ctx.StringSlice("substitute"),
+		OnRunFailure:         ctx.String("on-run-failure"),
+		OrderOnly:            ctx.Bool("order-only"),
+		HashRequired:         ctx.Bool("require-hash"),
+		Progress:             shouldShowProgress(ctx),
+		AnnotationsNamespace: ctx.String("annotations-namespace"),
 	}
 	var err error
 	verity := squashfs.VerityMetadata(!ctx.Bool("no-squashfs-verity"))

squashfs/verity.go

@@ -81,7 +81,7 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-const VerityRootHashAnnotation = "com.cisco.stacker.squashfs_verity_root_hash"
+const VerityRootHashAnnotation = "io.stackeroci.stacker.squashfs_verity_root_hash"
 
 type verityDeviceType struct {
 	Flags      uint

test/annotations-namespace.bats

@@ -0,0 +1,39 @@
+load helpers
+
+function setup() {
+    stacker_setup
+}
+
+function teardown() {
+    cleanup
+}
+
+@test "namespace arg works" {
+    cat > stacker.yaml <<EOF
+thing:
+    from:
+        type: oci
+        url: $CENTOS_OCI
+    run: ls
+EOF
+    stacker build --annotations-namespace=namespace.example
+    [ "$status" -eq 0 ]
+    manifest=$(cat oci/index.json | jq -r .manifests[0].digest | cut -f2 -d:)
+    namespace=$(cat oci/blobs/sha256/$manifest | jq -r .annotations | cut -f1 -d:)
+    [[ "$namespace" == *"namespace.example"* ]]
+}
+
+@test "default namespace arg works" {
+    cat > stacker.yaml <<EOF
+thing:
+    from:
+        type: oci
+        url: $CENTOS_OCI
+    run: ls
+EOF
+    stacker build
+    [ "$status" -eq 0 ]
+    manifest=$(cat oci/index.json | jq -r .manifests[0].digest | cut -f2 -d:)
+    namespace=$(cat oci/blobs/sha256/$manifest | jq -r .annotations | cut -f1 -d:)
+    [[ "$namespace" == *"io.stackeroci"* ]]
+}

test/basic.bats

@@ -92,15 +92,15 @@ EOF
     config=$(cat oci/blobs/sha256/$manifest | jq -r .config.digest | cut -f2 -d:)
     [ "$(cat oci/blobs/sha256/$config | jq -r '.config.Entrypoint | join(" ")')" = "echo hello world" ]
 
-    publishedGitVersion=$(cat oci/blobs/sha256/$manifest | jq -r '.annotations."com.cisco.stacker.git_version"')
+    publishedGitVersion=$(cat oci/blobs/sha256/$manifest | jq -r '.annotations."io.stackeroci.stacker.git_version"')
     # ci does not clone tags. There it tests the fallback-to-commit path.
     myGitVersion=$(run_git describe --tags) || myGitVersion=$(run_git rev-parse HEAD)
     [ -n "$(run_git status --porcelain --untracked-files=no)" ] &&
         dirty="-dirty" || dirty=""
     [ "$publishedGitVersion" = "$myGitVersion$dirty" ]
 
     # need to trim the extra newline from jq
-    cat oci/blobs/sha256/$manifest | jq -r '.annotations."com.cisco.stacker.stacker_yaml"' | sed '$ d' > stacker_yaml_annotation
+    cat oci/blobs/sha256/$manifest | jq -r '.annotations."io.stackeroci.stacker.stacker_yaml"' | sed '$ d' > stacker_yaml_annotation
 
     # now we need to do --substitute FAVICON=favicon.ico
     sed -e 's/$FAVICON/favicon.ico/g' stacker.yaml > stacker_after_subs