distribution
Add source and description labels to Dockerfile
Issue
Partially resolves #161
Description
This change adds the source and description (not needed but nice to have) labels needed by GitHub dependabot to update usages of registry container image.
Additional context
- https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file?learn=dependency_version_updates&learnProduct=code-security#docker
- https://github.com/dependabot-fixtures/docker-with-source
I can add a bit of "downstream" perspective here; hopefully it's helpful! :sweat_smile:
See https://github.com/docker-library/official-images/issues/3540, especially https://github.com/docker-library/official-images/issues/3540#issuecomment-530925319:
We don't actively recommend using labels. If an image maintainer wants to have labels, that is fine, but label names should adhere to the image spec: https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md
To expound, labels have really unfortunate inheritance behavior, and thus we actively avoid them in all the images we directly maintain.
You might also find https://github.com/docker-library/cassandra/issues/260 interesting -- the short version is that our new build system (which we're working to roll out across all the images that are part of the Docker Official Images) will automatically inject appropriate annotations (which don't have the same undesirable inheritance behavior of labels) at the point where they can be done so with higher accuracy (effectively injecting metadata about the thing we're building, as we build it, instead of trying to maintain that same data in the code itself and ensure it is accurate over time).
Here is a recent examples of a build with this data injected (see especially the annotations key at the end of the JSON):
https://oci.dag.dev/?image=mongo@sha256:a60951fd120f553fb925a7d32c841e9f268e83c0440e228732ce886573bda204&mt=application%2Fvnd.oci.image.manifest.v1%2Bjson&size=2671
