ci: Add image descriptions and source

More information in case the image is consumed via different sources
than the official one.

While at it, make the action steps more readable by adding separating
newlines.

Signed-off-by: Jan Kiszka <[email protected]>

Author: jan-kiszka

.github/actions/docker-init/action.yml

@@ -5,56 +5,87 @@ inputs:
     required: true
   deploy-token:
     required: true
-  cache-key:
+  image-name:
     required: true
 
 runs:
   using: composite
   steps:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
       with:
         driver-opts: image=moby/buildkit:v0.13.0
+
     - name: Login to ghcr.io
       uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ inputs.deploy-user }}
         password: ${{ inputs.deploy-token }}
+
     - name: Set SOURCE_DATE_EPOCH
       run: |
         echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
       shell: bash
+
     - name: Determine Debian tag
       run: |
         DEBIAN_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
         echo "DEBIAN_TAG=$(podman image search --list-tags debian --limit 1000000000 | \
                            grep "$DEBIAN_RELEASE-.*-slim" | sort -r | head -1 | sed 's/.*[ ]\+//')" >> $GITHUB_ENV
       shell: bash
+
     - name: Prepare repository for COPY-in
       run: |
         git clone . /home/runner/kas-clone
       shell: bash
+
+    - name: Define image description
+      run: |
+        case ${{ inputs.image-name }} in
+        kas)
+            echo "IMAGE_DESCRIPTION=kas build environment for Yocto/OpenEmbedded projects" >> $GITHUB_ENV
+            ;;
+        kas-isar)
+            echo "IMAGE_DESCRIPTION=kas build environment for isar-based Debian projects" >> $GITHUB_ENV
+            ;;
+        esac
+      shell: bash
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        annotations: |
+          org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
+          org.opencontainers.image.licenses=MIT and others
+      env:
+        DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
     - name: Cache var-cache-apt
       id: cache-var-cache-apt
       uses: actions/cache@v4
       with:
         path: var-cache-apt
-        key: var-cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.cache-key }}
+        key: var-cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
+
     - name: Cache var-lib-apt
       id: cache-var-lib-apt
       uses: actions/cache@v4
       with:
         path: var-lib-apt
-        key: var-lib-apt-${{ env.DEBIAN_TAG }}-${{ inputs.cache-key }}
+        key: var-lib-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
+
     - name: Inject var-cache-apt into docker
       uses: reproducible-containers/[email protected]
       with:
         cache-source: var-cache-apt
         cache-target: /var/cache/apt
         skip-extraction: ${{ steps.cache-var-cache-apt.outputs.cache-hit }}
+
     - name: Inject var-lib-apt into docker
       uses: reproducible-containers/[email protected]
       with:

.github/workflows/master.yml

@@ -30,7 +30,7 @@ jobs:
         with:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
-          cache-key: ${{ matrix.image-name }}
+          image-name: ${{ matrix.image-name }}
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v5
         if: ${{ env.PUSH_MASTER }}
@@ -44,3 +44,4 @@ jobs:
           provenance: mode=max,reproducible=true
           outputs: type=registry,rewrite-timestamp=true
           tags: ghcr.io/siemens/kas/${{ matrix.image-name }}
+          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}

.github/workflows/next.yml

@@ -76,7 +76,7 @@ jobs:
         with:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
-          cache-key: ${{ matrix.image-name }}
+          image-name: ${{ matrix.image-name }}
 
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v5
@@ -105,3 +105,4 @@ jobs:
           provenance: mode=max,reproducible=true
           outputs: type=registry,rewrite-timestamp=true
           tags: ghcr.io/siemens/kas/${{ matrix.image-name }}:next
+          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}

.github/workflows/release.yml

@@ -22,7 +22,7 @@ jobs:
         with:
           deploy-user: ${{ github.actor }}
           deploy-token: ${{ secrets.GITHUB_TOKEN }}
-          cache-key: ${{ matrix.image-name }}
+          image-name: ${{ matrix.image-name }}
       - name: Build ${{ matrix.image-name }} image
         uses: docker/build-push-action@v5
         with:
@@ -38,3 +38,4 @@ jobs:
             ghcr.io/siemens/kas/${{ matrix.image-name }}
             ghcr.io/siemens/kas/${{ matrix.image-name }}:${{ env.RELEASE_VERSION }}
             ghcr.io/siemens/kas/${{ matrix.image-name }}:latest-release
+          annotations: ${{ env.DOCKER_METADATA_OUTPUT_ANNOTATIONS }}