Rework image and add labels for container scanning.

Author: Paebbels

.gitattributes

@@ -0,0 +1 @@
+*.sh text eol=lf

.github/workflows/Pipeline.yml

@@ -10,29 +10,38 @@ jobs:
     runs-on: ubuntu-24.04
 
     outputs:
-      base_image_os_version: ${{ steps.variables.outputs.base_image_os_version }}
-      base_image_py_version: ${{ steps.variables.outputs.base_image_py_version }}
-      miktex_image_ns:       ${{ steps.variables.outputs.miktex_image_ns }}
-      miktex_image_name:     ${{ steps.variables.outputs.miktex_image_name }}
-      miktex_image_tag:      ${{ steps.variables.outputs.miktex_image_tag }}
-      miktex_image:          ${{ steps.variables.outputs.miktex_image }}
+      base_image_os_version:    ${{ steps.variables.outputs.base_image_os_version }}
+      base_image_os_codename:   ${{ steps.variables.outputs.base_image_os_codename }}
+      base_image_py_version:    ${{ steps.variables.outputs.base_image_py_version }}
+      miktex_source_repository: ${{ steps.variables.outputs.miktex_source_repository }}
+      miktex_image_ns:          ${{ steps.variables.outputs.miktex_image_ns }}
+      miktex_image_name:        ${{ steps.variables.outputs.miktex_image_name }}
+      miktex_image_tag:         ${{ steps.variables.outputs.miktex_image_tag }}
+      miktex_image:             ${{ steps.variables.outputs.miktex_image }}
 
     steps:
       - name: 🖉 Variables
         id: variables
         run: |
           base_image_name="python"
-          base_image_py_version="3.13"
-          base_image_os_version="bookworm"
+          base_image_os_version="13"
+          base_image_os_codename="trixie"
+          base_image_os_size="-slim"
+          base_image_py_version="3.14"
+
+          miktex_source_repository="${base_image_os_codename}"
 
           image_name="miktex"
           image_tag="latest"
 
           tee "${GITHUB_OUTPUT}" <<EOF
           base_image_name=${base_image_name}
-          base_image_py_version=${base_image_py_version}
           base_image_os_version=${base_image_os_version}
-          base_image=${base_image_name}:${base_image_py_version}-slim-${base_image_os_version}
+          base_image_os_codename=${base_image_os_codename}
+          base_image_py_version=${base_image_py_version}
+          base_image=${base_image_name}:${base_image_py_version}${base_image_os_size}-${base_image_os_codename}
+          
+          miktex_source_repository=${miktex_source_repository}
           
           miktex_image_ns=${{ vars.DOCKERHUB_NAMESPACE }}
           miktex_image_name=${image_name}
@@ -41,7 +50,7 @@ jobs:
           EOF
 
       - name: ⏬ Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 🐋 Building MikTeX image
         id: build
@@ -79,12 +88,34 @@ jobs:
           docker buildx build \
             --file Dockerfile \
             --build-arg IMAGE=${{ steps.variables.outputs.base_image }} \
-            --build-arg OS_VERSION=${{ steps.variables.outputs.base_image_os_version }} \
-            --build-arg PY_VERSION=${{ steps.variables.outputs.base_image_py_version }} \
+            --build-arg MIKTEX_SRC_REPO=${{ steps.variables.outputs.miktex_source_repository }} \
+            --label "org.opencontainers.image.title=MikTeX on Debian ${{ steps.variables.outputs.base_image_os_version }} (${{ steps.variables.outputs.base_image_os_codename }}) + Python ${{ steps.variables.outputs.base_image_py_version }}" \
+            --label "org.opencontainers.image.description=MikTeX on Debian ${{ steps.variables.outputs.base_image_os_version }} (${{ steps.variables.outputs.base_image_os_codename }}) + Python ${{ steps.variables.outputs.base_image_py_version }} image maintained by pyTooling Authors." \
+            --label "org.opencontainers.image.authors=Patrick Lehmann <Paebbels@gmail.com>" \
+            --label "org.opencontainers.image.vendor=pyTooling" \
+            --label "org.opencontainers.image.version=1.0" \
+            --label "org.opencontainers.image.revison=${GITHUB_SHA}" \
+            --label "org.opencontainers.image.created=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
+            --label "org.opencontainers.image.url=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" \
+            --label "org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" \
+            --label "org.opencontainers.image.documentation=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/blob/main/README.md" \
+            --label "org.opencontainers.image.license=MIT" \
+            --label "pyTooling.dockerimages.os.name=Debian" \
+            --label "pyTooling.dockerimages.os.version=${{ steps.variables.outputs.base_image_os_version }}" \
+            --label "pyTooling.dockerimages.os.codename=${{ steps.variables.outputs.base_image_os_codename }}" \
+            --label "pyTooling.dockerimages.os.variant=" \
+            --label "pyTooling.dockerimages.os.packagemanager=apt" \
+            --label "pyTooling.dockerimages.os.fullname=Debian ${{ steps.variables.outputs.base_image_os_version }} (${{ steps.variables.outputs.base_image_os_codename }})" \
+            --label "pyTooling.dockerimages.py.version=${{ steps.variables.outputs.base_image_py_version }}" \
+            --label "pyTooling.dockerimages.application.name=MikTeX" \
             --tag "${{ steps.variables.outputs.miktex_image }}" \
             . 2>&1 \
           | ./Docker.buildx.sh
+          # check return codes from docker incase of error.
 
+          printf -- "Labels of '${{ steps.variables.outputs.miktex_image }}':\n"
+          docker inspect --format='{{json .Config.Labels}}' "${{ steps.variables.outputs.miktex_image }}" | jq
+          
           printf "%s\n" "Docker image '${{ steps.variables.outputs.miktex_image }}' has $(DockerImageSizeUncompressed ${{ steps.variables.outputs.miktex_image }})"
 
       - name: ☑ Checking MikTeX image '${{ steps.variables.outputs.miktex_image }}'
@@ -124,7 +155,7 @@ jobs:
           EOF
 
       - name: ⏬ Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: 🐋 Building MikTeX image for ${{ matrix.name }}
         id: build

Docker.buildx.sh

@@ -20,54 +20,39 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # =============================================================================
-
-# work around for Darwin (Mac OS)
-READLINK=readlink; if [[ $(uname) == "Darwin" ]]; then READLINK=greadlink; fi
+# shellcheck shell=bash
 
 # Save working directory
 WorkingDir=$(pwd)
-ScriptDir="$($READLINK -f $(dirname $0))"
-RootDir="$($READLINK -f $ScriptDir/..)"
-
-ANSI_ENABLE_COLOR() {
-	ENABLECOLOR='-c '
-	ANSI_BLACK=$'\x1b[30m'
-	ANSI_RED=$'\x1b[31m'
-	ANSI_GREEN=$'\x1b[32m'
-	ANSI_YELLOW=$'\x1b[33m'
-	ANSI_BLUE=$'\x1b[34m'
-	ANSI_MAGENTA=$'\x1b[35m'
-	ANSI_CYAN=$'\x1b[36m'
-	ANSI_DARK_GRAY=$'\x1b[90m'
-	ANSI_LIGHT_GRAY=$'\x1b[37m'
-	ANSI_LIGHT_RED=$'\x1b[91m'
-	ANSI_LIGHT_GREEN=$'\x1b[92m'
-	ANSI_LIGHT_YELLOW=$'\x1b[93m'
-	ANSI_LIGHT_BLUE=$'\x1b[94m'
-	ANSI_LIGHT_MAGENTA=$'\x1b[95m'
-	ANSI_LIGHT_CYAN=$'\x1b[96m'
-	ANSI_WHITE=$'\x1b[97m'
-	ANSI_NOCOLOR=$'\x1b[0m'
-
-	# red texts
-	COLORED_ERROR="${ANSI_RED}[ERROR]"
-	COLORED_FAILED="${ANSI_RED}[FAILED]${ANSI_NOCOLOR}"
+ScriptDir="$(readlink -f "$(dirname "$0")")"
+RootDir="$(readlink -f "$ScriptDir/..")"
 
-	# yellow texts
-	COLORED_WARNING="${ANSI_YELLOW}[WARNING]"
+ANSI_BLACK=$'\x1b[30m'
+ANSI_RED=$'\x1b[31m'
+ANSI_GREEN=$'\x1b[32m'
+ANSI_YELLOW=$'\x1b[33m'
+ANSI_BLUE=$'\x1b[34m'
+ANSI_MAGENTA=$'\x1b[35m'
+ANSI_CYAN=$'\x1b[36m'
+ANSI_DARK_GRAY=$'\x1b[90m'
+ANSI_LIGHT_GRAY=$'\x1b[37m'
+ANSI_LIGHT_RED=$'\x1b[91m'
+ANSI_LIGHT_GREEN=$'\x1b[92m'
+ANSI_LIGHT_YELLOW=$'\x1b[93m'
+ANSI_LIGHT_BLUE=$'\x1b[94m'
+ANSI_LIGHT_MAGENTA=$'\x1b[95m'
+ANSI_LIGHT_CYAN=$'\x1b[96m'
+ANSI_WHITE=$'\x1b[97m'
+ANSI_NOCOLOR=$'\x1b[0m'
 
-	# green texts
-	COLORED_PASSED="${ANSI_GREEN}[PASSED]${ANSI_NOCOLOR}"
-	COLORED_DONE="${ANSI_GREEN}[DONE]${ANSI_NOCOLOR}"
-	COLORED_SUCCESSFUL="${ANSI_GREEN}[SUCCESSFUL]${ANSI_NOCOLOR}"
-}
-ANSI_ENABLE_COLOR
+# red texts
+COLORED_ERROR="${ANSI_RED}[ERROR]"
 
 # command line argument processing
 COMMAND=2  # 0-help, 1-unknown option, 2-no arg needed
 INDENT=""
 VERBOSE=0; DEBUG=0
-while [[ $# > 0 ]]; do
+while [[ $# -gt 0 ]]; do
 	key="$1"
 	case $key in
 		-i|--indent)
@@ -126,7 +111,7 @@ Pattern_Tagging='#[0-9]+ naming to (.*?) done'
 Pattern_MIKTEX='#[0-9]+ [0-9]+\.[0-9]+ Installing package'
 
 group=0
-while IFS='\n' read -r line; do
+while IFS=$'\n' read -r line; do
 	if [[ "${line}" =~ $Pattern_FROM ]]; then
 		printf "::group::%s\n" "${INDENT}${ANSI_MAGENTA}${line}${ANSI_NOCOLOR}"
 		group=1

Dockerfile

@@ -1,17 +1,11 @@
 # check=skip=InvalidDefaultArgInFrom;error=true
 
 ARG IMAGE
-ARG OS_VERSION
-ARG PY_VERSION
+ARG MIKTEX_SRC_REPO
 
 FROM ${IMAGE}
-ARG OS_VERSION
-ARG PY_VERSION
+ARG MIKTEX_SRC_REPO
 
-# Meta information
-LABEL maintainer="Patrick Lehmann <Paebbels@gmail.com>"
-LABEL version="0.1"
-LABEL description="MikTeX based on Debian ${OS_VERSION} and Python ${PY_VERSION}."
 
 # Install Debian packages
 RUN apt-get update \
@@ -20,20 +14,18 @@ RUN apt-get update \
     ca-certificates \
     gnupg \
     curl \
- && rm -rf /var/lib/apt/lists/* \
- && apt-get clean
+ && apt-get dist-clean
 
 # Install MikTeX
 RUN curl -fsSL https://miktex.org/download/key | tee /usr/share/keyrings/miktex-keyring.asc > /dev/null
-RUN echo "deb [signed-by=/usr/share/keyrings/miktex-keyring.asc] https://miktex.org/download/debian ${OS_VERSION} universe" | tee /etc/apt/sources.list.d/miktex.list
+RUN echo "deb [signed-by=/usr/share/keyrings/miktex-keyring.asc] https://miktex.org/download/debian ${MIKTEX_SRC_REPO} universe" | tee /etc/apt/sources.list.d/miktex.list
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
     ghostscript \
     make \
     perl \
     miktex \
- && rm -rf /var/lib/apt/lists/* \
- && apt-get clean
+ && apt-get dist-clean
 
 # Install executables like lualatex into /usr/local/bin
 RUN miktexsetup --shared=yes finish
@@ -50,5 +42,3 @@ RUN --mount=type=bind,target=/context \
 ENV MIKTEX_USERCONFIG=/miktex/.miktex/texmfs/config
 ENV MIKTEX_USERDATA=/miktex/.miktex/texmfs/data
 ENV MIKTEX_USERINSTALL=/miktex/.miktex/texmfs/install
-
-ENTRYPOINT ["/bin/bash", "-l"]

Dockerfile.Specific

@@ -1,15 +1,6 @@
 ARG IMAGE
-ARG BASE_VARIANT
-ARG VARIANT
 
 FROM ${IMAGE}
-ARG BASE_VARIANT
-ARG VARIANT
-
-# Meta information
-LABEL maintainer="Patrick Lehmann <Paebbels@gmail.com>"
-LABEL version="0.1"
-LABEL description="MikTeX with preinstalled packages for ${VARIANT} based on ${BASE_VARIANT}."
 
 RUN --mount=type=bind,target=/context \
      miktex --admin --verbose packages update-package-database \