From ab448cf38e7c1f0740b3cc2448284775e39d9661 Mon Sep 17 00:00:00 2001
From: Gavin Mogan <github@gavinmogan.com>
Date: Wed, 9 Oct 2024 06:01:36 -0700
Subject: [PATCH] doc: add standard opencontainer docker labels (#2800)

---
 CHANGELOG.md |  2 ++
 Dockerfile   | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d2b4ba8..aa90a413 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@
 
 ## Changes since v7.7.1
 
+- [#2800](https://github.com/oauth2-proxy/oauth2-proxy/pull/2800) Add some opencontainer labels to docker image (@halkeye)
+
 # V7.7.1
 
 ## Release Highlights
diff --git a/Dockerfile b/Dockerfile
index 59ffda36..ebbdce4e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 # This ARG has to be at the top, otherwise the docker daemon does not known what to do with FROM ${RUNTIME_IMAGE}
 ARG RUNTIME_IMAGE=gcr.io/distroless/static:nonroot
+# version is shared between mutiple buildstages
+ARG VERSION
 
 # All builds should be done using the platform native to the build node to allow
 #  cache sharing of the go mod download step.
@@ -19,7 +21,6 @@ COPY . .
 
 # Arguments go here so that the previous steps can be cached if no external
 #  sources have changed.
-ARG VERSION
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 
@@ -33,7 +34,7 @@ ARG BUILDPLATFORM
 #  automatically set by the docker engine.
 RUN case ${TARGETPLATFORM} in \
          "linux/amd64")  GOARCH=amd64  ;; \
-         # arm64 and arm64v8 are equivilant in go and do not require a goarm
+         # arm64 and arm64v8 are equivalent in go and do not require a goarm
          # https://github.com/golang/go/wiki/GoArm
          "linux/arm64" | "linux/arm/v8")  GOARCH=arm64  ;; \
          "linux/ppc64le")  GOARCH=ppc64le  ;; \
@@ -46,7 +47,17 @@ RUN case ${TARGETPLATFORM} in \
 
 # Copy binary to runtime image
 FROM ${RUNTIME_IMAGE}
+ARG VERSION
+
 COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
 COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
 
+LABEL org.opencontainers.image.licenses=MIT \
+      org.opencontainers.image.description="A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers." \
+      org.opencontainers.image.documentation=https://oauth2-proxy.github.io/oauth2-proxy/ \
+      org.opencontainers.image.source=https://github.com/oauth2-proxy/oauth2-proxy \
+      org.opencontainers.image.url=https://quay.io/oauth2-proxy/oauth2-proxy \
+      org.opencontainers.image.title=oauth2-proxy \
+      org.opencontainers.image.version=${VERSION}
+
 ENTRYPOINT ["/bin/oauth2-proxy"]