Add consistent OCI labels to all container Dockerfiles

Every container now carries title, description, version, source, and vendor labels per the OCI image spec. Version is derived from the existing CONTAINER_APP_VERSION ARG at build time. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 20:42:00 -07:00 · 2026-03-18 20:42:00 -07:00 · 613f05dfde
commit 613f05dfde
parent c92b949a20
22 changed files with 116 additions and 19 deletions
--- a/containers/alloy/Dockerfile
+++ b/containers/alloy/Dockerfile
@ -48,9 +48,12 @@ RUN RELEASE_BUILD=1 VERSION=${ALLOY_VERSION} \

 FROM alpine:3.22

-LABEL org.opencontainers.image.title=alloy
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Alloy"
 LABEL org.opencontainers.image.description="Grafana Alloy is an OpenTelemetry Collector distribution"
-LABEL org.opencontainers.image.source=https://github.com/grafana/alloy
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 RUN apk --no-cache add ca-certificates tzdata \
    && addgroup -g 473 alloy \
--- a/containers/cv/Dockerfile
+++ b/containers/cv/Dockerfile
@ -10,6 +10,13 @@ ARG CONTAINER_APP_VERSION=1.0.3

 FROM nginx:alpine

+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="CV"
+LABEL org.opencontainers.image.description="Static site server for CV/resume"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 # Install curl for downloading release assets
 RUN apk add --no-cache curl

--- a/containers/devpi/Dockerfile
+++ b/containers/devpi/Dockerfile
@ -4,6 +4,12 @@ FROM python:3.12-slim

 ARG CONTAINER_APP_VERSION
 ARG DEVPI_SERVER_VERSION=${CONTAINER_APP_VERSION}
+
+LABEL org.opencontainers.image.title="devpi"
+LABEL org.opencontainers.image.description="devpi PyPI server and caching proxy"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
 ARG DEVPI_WEB_VERSION=5.0.1

 # Install devpi-server and devpi-web
--- a/containers/grafana-sidecar/Dockerfile
+++ b/containers/grafana-sidecar/Dockerfile
@ -20,9 +20,12 @@ RUN python -m venv .venv && \

 FROM base

+ARG CONTAINER_APP_VERSION
 LABEL org.opencontainers.image.title="Grafana Sidecar"
 LABEL org.opencontainers.image.description="K8s sidecar to sync ConfigMap dashboards into Grafana"
-LABEL org.opencontainers.image.source="https://github.com/kiwigrid/k8s-sidecar"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 ENV PYTHONUNBUFFERED=1
 WORKDIR /app
--- a/containers/grafana/Dockerfile
+++ b/containers/grafana/Dockerfile
@ -51,9 +51,12 @@ USER grafana
 WORKDIR /usr/share/grafana
 EXPOSE 3000

+ARG CONTAINER_APP_VERSION
 LABEL org.opencontainers.image.title="Grafana"
 LABEL org.opencontainers.image.description="Grafana OSS observability platform"
-LABEL org.opencontainers.image.source="https://github.com/grafana/grafana"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["grafana", "server", \
--- a/containers/homepage/Dockerfile
+++ b/containers/homepage/Dockerfile
@ -21,9 +21,12 @@ RUN mkdir -p config \

 FROM node:24-alpine

-LABEL org.opencontainers.image.title=Homepage
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Homepage"
 LABEL org.opencontainers.image.description="A self-hosted services landing page"
-LABEL org.opencontainers.image.source=https://github.com/gethomepage/homepage
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 WORKDIR /app

--- a/containers/kiwix-serve/Dockerfile
+++ b/containers/kiwix-serve/Dockerfile
@ -38,6 +38,13 @@ RUN set -e && \
    curl -k -L $url | tar -xz -C /usr/local/bin/ --strip-components 1 && \
    apk del curl

+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="kiwix-serve"
+LABEL org.opencontainers.image.description="Kiwix content server for offline ZIM files"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 EXPOSE 80

 # Run as non-root
--- a/containers/kubectl/Dockerfile
+++ b/containers/kubectl/Dockerfile
@ -27,6 +27,13 @@ RUN apk add --no-cache curl && \

 FROM alpine:3.22

+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="kubectl"
+LABEL org.opencontainers.image.description="Minimal kubectl container"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 COPY --from=downloader /kubectl /usr/local/bin/kubectl

 # Add ca-certificates for HTTPS connections and bash for scripts
--- a/containers/loki/Dockerfile
+++ b/containers/loki/Dockerfile
@ -25,9 +25,12 @@ RUN go build -tags netgo \

 FROM alpine:3.22

-LABEL org.opencontainers.image.title=Loki
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Loki"
 LABEL org.opencontainers.image.description="Grafana Loki log aggregation system"
-LABEL org.opencontainers.image.source=https://github.com/grafana/loki
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 RUN apk add --no-cache ca-certificates tzdata
 RUN mkdir -p /loki && chown 10001:10001 /loki
--- a/containers/mealie/Dockerfile
+++ b/containers/mealie/Dockerfile
@ -135,8 +135,11 @@ ENV HOST=0.0.0.0
 COPY --from=backend-builder /src/docker/entry.sh $MEALIE_HOME/run.sh
 RUN chmod +x $MEALIE_HOME/run.sh

+ARG CONTAINER_APP_VERSION
 LABEL org.opencontainers.image.title="Mealie"
 LABEL org.opencontainers.image.description="Self-hosted recipe manager"
-LABEL org.opencontainers.image.source="https://github.com/mealie-recipes/mealie"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 ENTRYPOINT ["/app/run.sh"]
--- a/containers/miniflux/Dockerfile
+++ b/containers/miniflux/Dockerfile
@ -18,9 +18,12 @@ RUN make miniflux

 FROM alpine:3.22

-LABEL org.opencontainers.image.title=Miniflux
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Miniflux"
 LABEL org.opencontainers.image.description="Miniflux is a minimalist and opinionated feed reader"
-LABEL org.opencontainers.image.source=https://github.com/miniflux/v2
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 EXPOSE 8080
 ENV LISTEN_ADDR=0.0.0.0:8080
--- a/containers/navidrome/Dockerfile
+++ b/containers/navidrome/Dockerfile
@ -38,10 +38,12 @@ RUN go build -tags=netgo \

 FROM alpine:3.22

-LABEL org.opencontainers.image.title=Navidrome
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Navidrome"
 LABEL org.opencontainers.image.description="Navidrome is a self-hosted music server and streamer"
-# Points to upstream canonical source, not the forge mirror used for builds
-LABEL org.opencontainers.image.source=https://github.com/navidrome/navidrome
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 RUN apk add --no-cache ca-certificates tzdata taglib ffmpeg \
 && addgroup -g 1000 navidrome \
--- a/containers/nettest/Dockerfile
+++ b/containers/nettest/Dockerfile
@ -8,6 +8,13 @@ ARG CONTAINER_APP_VERSION=0.1.0

 FROM alpine:3.22

+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="nettest"
+LABEL org.opencontainers.image.description="Network connectivity test container for CI/CD debugging"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 RUN apk add --no-cache \
    curl \
    ca-certificates \
--- a/containers/ntfy/Dockerfile
+++ b/containers/ntfy/Dockerfile
@ -49,9 +49,12 @@ RUN go build \

 FROM alpine:3.22

-LABEL org.opencontainers.image.title=ntfy
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="ntfy is a simple HTTP-based pub-sub notification service"
-LABEL org.opencontainers.image.source=https://github.com/binwiederhier/ntfy
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 RUN apk --no-cache add tzdata

--- a/containers/prometheus/Dockerfile
+++ b/containers/prometheus/Dockerfile
@ -54,9 +54,12 @@ RUN go build -tags netgo,builtinassets \

 FROM alpine:3.22

-LABEL org.opencontainers.image.title=Prometheus
+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Prometheus"
 LABEL org.opencontainers.image.description="Prometheus monitoring system and time series database"
-LABEL org.opencontainers.image.source=https://github.com/prometheus/prometheus
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 RUN apk add --no-cache ca-certificates tzdata

--- a/containers/quartz/Dockerfile
+++ b/containers/quartz/Dockerfile
@ -11,6 +11,13 @@ ARG NGINX_VERSION=${CONTAINER_APP_VERSION}

 FROM nginx:${NGINX_VERSION}-alpine

+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="Quartz"
+LABEL org.opencontainers.image.description="Static site server for Quartz-built documentation"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 # Install curl for downloading release assets
 RUN apk add --no-cache curl

--- a/containers/runner-job-image/Dockerfile
+++ b/containers/runner-job-image/Dockerfile
@ -17,6 +17,12 @@ ARG TARGETARCH
 ARG CONTAINER_APP_VERSION
 ARG DAGGER_VERSION=${CONTAINER_APP_VERSION}

+LABEL org.opencontainers.image.title="Runner Job Image"
+LABEL org.opencontainers.image.description="Forgejo Actions job execution environment"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 # Install base dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
--- a/containers/teslamate/Dockerfile
+++ b/containers/teslamate/Dockerfile
@ -45,6 +45,13 @@ RUN SKIP_LOCALE_DOWNLOAD=true mix release --path /opt/built
 # Runtime image
 FROM debian:trixie-slim AS app

+ARG CONTAINER_APP_VERSION
+LABEL org.opencontainers.image.title="TeslaMate"
+LABEL org.opencontainers.image.description="Tesla data logger and visualization"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 ENV LANG=C.UTF-8 \
    SRTM_CACHE=/opt/app/.srtm_cache \
    HOME=/opt/app
--- a/containers/transmission-exporter/Dockerfile
+++ b/containers/transmission-exporter/Dockerfile
@ -5,8 +5,12 @@ ARG CONTAINER_APP_VERSION=1.0.1

 FROM python:3.13-alpine3.23

+ARG CONTAINER_APP_VERSION
 LABEL org.opencontainers.image.title="Transmission Exporter"
 LABEL org.opencontainers.image.description="Prometheus exporter for Transmission BitTorrent client"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

--- a/containers/transmission/Dockerfile
+++ b/containers/transmission/Dockerfile
@ -8,6 +8,12 @@ FROM alpine:3.22
 ARG CONTAINER_APP_VERSION
 ARG TRANSMISSION_VERSION=${CONTAINER_APP_VERSION}

+LABEL org.opencontainers.image.title="Transmission"
+LABEL org.opencontainers.image.description="Transmission BitTorrent daemon"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"
+
 # Transmission 4.1.x is only in edge; base OS stays on stable 3.22
 RUN apk add --no-cache \
    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
--- a/containers/unpoller/Dockerfile
+++ b/containers/unpoller/Dockerfile
@ -26,9 +26,12 @@ RUN go build -ldflags="-s -w \

 FROM alpine:3.22

+ARG CONTAINER_APP_VERSION
 LABEL org.opencontainers.image.title="UnPoller"
 LABEL org.opencontainers.image.description="UniFi metrics exporter for Prometheus"
-LABEL org.opencontainers.image.source="https://github.com/unpoller/unpoller"
+LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
+LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
+LABEL org.opencontainers.image.vendor="blumeops"

 RUN apk add --no-cache ca-certificates tzdata

--- a/docs/changelog.d/+oci-labels.infra.md
+++ b/docs/changelog.d/+oci-labels.infra.md
@ -0,0 +1 @@
+Standardize OCI labels across all container Dockerfiles with consistent title, description, version, source, and vendor metadata.
				`@ -0,0 +1 @@`
				`Standardize OCI labels across all container Dockerfiles with consistent title, description, version, source, and vendor metadata.`