install/aleph: include the image labels in aleph#2043
Open
jbtrystram wants to merge 1 commit intobootc-dev:mainfrom
Open
install/aleph: include the image labels in aleph#2043jbtrystram wants to merge 1 commit intobootc-dev:mainfrom
jbtrystram wants to merge 1 commit intobootc-dev:mainfrom
Conversation
github-actions
bot
added
area/install
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request enhances the installation provenance data stored in .bootc-aleph.json. It adds the manifest digest, target image reference, and OCI labels of the installed image, providing more useful information about the image's origin. It also intelligently skips serializing the source image reference when it appears to be a temporary local path, which is common in build environments like osbuild. The changes are well-implemented, with corresponding updates to the data structures and documentation. The code looks correct and improves the utility of the provenance file.
Note: Security Review did not run due to the size of the PR.
cgwalters
previously approved these changes
Mar 4, 2026
Collaborator
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
Looks OK, just one nit. Could also use a test in the tmt readonly tests.
Collaborator
|
Missing DCO |
Include the container labels in the aleph file, since they often contain
useful information about the image provenance, such as the source
commit the image was build from.
Also we skip serializing the source image reference if it start with
`/tmp` since this is a good signal it was source from a local copy
of an image, e.g. in an osbuild environnement.
Whith this, a build of Fedora CoreOS through osbuild goes from:
```
{
"image": "/tmp/tmpb29j6pi3/image",
"kernel": "6.18.12-200.fc43.x86_64",
"selinux": "disabled",
"timestamp": null,
"version": "43.20260301.20.dev1"
}
```
to
```
{
"digest": "sha256:07bf537cc4e4d208eb0b978f76e5046e55529ce6192b982d8c1a41fa1d61b95a",
"kernel": "6.18.13-200.fc43.x86_64",
"labels": {
"com.coreos.inputhash": "fe9883169714c593d98058606e886b9747710ed15ab1b9cdbd7fa538fb435b3c",
"com.coreos.osname": "fedora-coreos",
"com.coreos.stream": "testing-devel",
"containers.bootc": "1",
"io.buildah.version": "1.42.2",
"org.opencontainers.image.description": "Fedora CoreOS testing-devel",
"org.opencontainers.image.revision": "233fe18749c7d2749581e4307c4cac60967acde4",
"org.opencontainers.image.source": "git@github.com:jbtrystram/fedora-coreos-config.git",
"org.opencontainers.image.title": "Fedora CoreOS testing-devel",
"org.opencontainers.image.version": "43.20260301.20.dev1",
"ostree.bootable": "1",
"ostree.commit": "89635f7cba9de932fc60d71a6bded65ad0db06a35c9d016da03ca7ade9ba4736",
"ostree.final-diffid": "sha256:12787d84fa137cd5649a9005efe98ec9d05ea46245fdc50aecb7dd007f2035b1"
},
"selinux": "disabled",
"target-image": "ostree-image-signed:docker://quay.io/fedora/fedora-coreos:testing-devel",
"timestamp": null,
"version": "43.20260301.20.dev1"
}
```
which is way more useful.
See bootc-dev#2038
Assisted-by: OpenCode(Opus 4.6)
Signed-off-by: jbtrystram <jbtrystram@redhat.com>
jbtrystram
force-pushed
the
aleph-labels
branch
from
ac5ce03 to
9078370
Compare
Contributor
Author
Added a test and signed-off the commit |
jbtrystram
added a commit
to jbtrystram/coreos-assembler
that referenced
this pull request
Mar 10, 2026
Until we get bootc-dev/bootc#2043 released let's use the osbuild aleph stage to get the data we want in the aleph. We can remove that stage entirely when bootc create a nicer aleph. See bootc-dev/bootc#2038
jbtrystram
added a commit
to jbtrystram/coreos-assembler
that referenced
this pull request
Mar 10, 2026
Until we get bootc-dev/bootc#2043 released let's use the osbuild aleph stage to get the data we want in the aleph. We can remove that stage entirely when bootc create a nicer aleph. See bootc-dev/bootc#2038
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Include the container labels in the aleph file, since they often contain useful information about the image provenance, such as the source commit the image was build from.
Also we skip serializing the source image reference if it start with
/tmpsince this is a good signal it was source from a local copy of an image, e.g. in an osbuild environnement.Whith this, a build of Fedora CoreOS through osbuild goes from:
to
which is way more useful.
See #2038
Assisted-by: OpenCode(Opus 4.6)