Add metadata to image

Also, pin base image to a specific version instead of `latest`.

Signed-off-by: Chris Evich <chris_gitlab@icuc.me>

.gitlab-ci.yml

@@ -37,4 +37,8 @@ build:
             --dockerfile $CI_PROJECT_DIR/Containerfile \
             --destination "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}" \
             --build-arg "BASE_TAG=$BASE_TAG" \
-            --build-arg "FLAVOR=$FLAVOR"
+            --build-arg "FLAVOR=$FLAVOR" \
+            --label "org.opencontainers.image.revision=$CI_COMMIT_SHA" \
+            --label "org.opencontainers.artifact.created=$CI_JOB_STARTED_AT" \
+            --label "org.opencontainers.image.created=$CI_JOB_STARTED_AT" \
+            --label "org.opencontainers.image.version=${IMAGE_TAG}"

Containerfile

@@ -6,9 +6,15 @@
 # https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
 #
 
-ARG FLAVOR="stable"
-ARG BASE_TAG="latest"
-FROM quay.io/podman/$FLAVOR:$BASE_TAG
+ARG BASE_REPO="quay.io"
+ARG BASE_NS="podman"
+ARG BASE_NAME="stable"
+ARG BASE_TAG="v4.3.1"
+FROM $BASE_REPO/$BASE_NS/$BASE_NAME:$BASE_TAG
+# Metadata to identify the base-image FQIN
+LABEL org.opencontainers.image.base.name="$BASE_REPO/$BASE_NS/$BASE_NAME:$BASE_TAG"
+# Identify the repository source for the image.
+LABEL org.opencontainers.image.source="https://gitlab.com/qontainers/pipglr"
 
 # This is a list of packages to remove and/or exclude from the image.
 # Primarily this is done for security reasons, should a runner process