Provide BININFO_* docker build arguments to ghcr container workflow

[felix-kaestner]

The resulting changes make to the pipeline:

diff --git a/.github/workflows/container-registry-ghcr.yaml b/.github/workflows/container-registry-ghcr.yaml
index 73910f5..1755f62 100644
--- a/.github/workflows/container-registry-ghcr.yaml
+++ b/.github/workflows/container-registry-ghcr.yaml
@@ -44,6 +44,12 @@ jobs:
             type=semver,pattern=v{{major}}
             # https://github.com/docker/metadata-action#typesha
             type=sha,format=long
+      - name: Extract build-args for Docker
+        id: build_args
+        run: |
+          echo "version=$(git describe --tags --always --abbrev=7)" >> $GITHUB_OUTPUT
+          echo "commit=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT
+          echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
@@ -51,6 +57,10 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
+          build-args: |
+            BININFO_VERSION=${{ steps.build_args.outputs.version }}
+            BININFO_COMMIT_HASH=${{ steps.build_args.outputs.commit }}
+            BININFO_BUILD_DATE=${{ steps.build_args.outputs.date }}
           context: .
           labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64

[coveralls]

coverage: 3.35%. remained the same
when pulling 2885728 on feat/provide-bininfo-build-args
into 28cdfbb on main.

[majewsky]

Anything we can help with here? The changeset seems fine to me.

[felix-kaestner]

Anything we can help with here? The changeset seems fine to me.

Thanks for the offer, but I don't think so. I just haven't found the time to fully test my changes. Once I have done that, I would simply put the PR to non-draft and let you know, if that's okay.

[github-actions]

Merging this branch will not change overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/sapcc/go-makefile-maker/internal/ghworkflow	0.00% (ø)

---

Coverage by file

Changed files (no unit tests)

Changed File	Coverage Δ	Total	Covered	Missed	🤖
github.com/sapcc/go-makefile-maker/internal/ghworkflow/workflow_ghcr.go	0.00% (ø)	0	0	0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

[felix-kaestner]

@SuperSandro2000 @majewsky the motivation of this change was to provide the BININFO_BUILD_DATE, BININFO_COMMIT_HASH and BININFO_VERSION build-arguments to the docker build process, as they are used to form the org.opencontainers.image.X labels in the default Dockerfile:

go-makefile-maker/internal/dockerfile/Dockerfile.tmpl

Lines 86 to 91 in e110ceb

	ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION
	LABEL source_repository="{{ .Config.Metadata.URL }}" \
	org.opencontainers.image.url="{{ .Config.Metadata.URL }}" \
	org.opencontainers.image.created=${BININFO_BUILD_DATE} \
	org.opencontainers.image.revision=${BININFO_COMMIT_HASH} \
	org.opencontainers.image.version=${BININFO_VERSION}

However, it turns out that the docker/metadata-action step used on the workflow automatically provides all opencontainers standard annotations (https://github.com/opencontainers/image-spec/blob/master/annotations.md) as per https://github.com/docker/metadata-action/blob/ed95091677497158a9ff38b314264cd965388d5e/src/meta.ts#L541-L550

So there is actually no need to pass these build arguments, as these labels will already be correctly formulated. As an example with the current workflow (https://github.com/ironcore-dev/network-operator/blob/main/.github/workflows/container-registry-ghcr.yaml):

$ d inspect ghcr.io/ironcore-dev/network-operator:sha-eac4b0affc163a2f45453cd8cf2b3264f654bb7c | jq .[0].Config.Labels
{
  "org.opencontainers.image.created": "2026-01-29T07:49:34.147Z",
  "org.opencontainers.image.description": "Kubernetes operator for automating network device provisioning",
  "org.opencontainers.image.licenses": "Apache-2.0",
  "org.opencontainers.image.revision": "eac4b0affc163a2f45453cd8cf2b3264f654bb7c",
  "org.opencontainers.image.source": "https://github.com/ironcore-dev/network-operator",
  "org.opencontainers.image.title": "network-operator",
  "org.opencontainers.image.url": "https://github.com/ironcore-dev/network-operator",
  "org.opencontainers.image.version": "edge",
  "source_repository": "https://github.com/ironcore-dev/network-operator"
}

So unless you see this differently, I'd say we can close this PR.

[SuperSandro2000]

I think right now we require to have git installed in the container and need to copy the .git directory. I think with this we could get a step closer to remove the need for that.

[felix-kaestner]

I think right now we require to have git installed in the container and need to copy the .git directory. I think with this we could get a step closer to remove the need for that.

I think git itself would still be required, as I would expect it to be used by go get as per https://go.dev/wiki/GoGetTools#installing-version-control-tools-for-go-get. But sure, it might eliminate the need for copying the .git directory, which could then also be added to the .dockerignore.