Skip to content

feat(containers): embed distribution configs as OCI labels#5460

Merged
leseb merged 11 commits intoogx-ai:mainfrom
eoinfennessy:config-in-oci-labels
Apr 16, 2026
Merged

feat(containers): embed distribution configs as OCI labels#5460
leseb merged 11 commits intoogx-ai:mainfrom
eoinfennessy:config-in-oci-labels

Conversation

@eoinfennessy
Copy link
Copy Markdown
Contributor

@eoinfennessy eoinfennessy commented Apr 7, 2026

Summary

Embeds distribution config files (config.yaml, run-with-postgres-store.yaml, etc.) as base64-encoded OCI labels in distribution container images. This enables consumers to inspect and use the distribution configs for each distribution container.

Changes

  • scripts/generate-config-labels.sh: Encodes all distribution configs as base64 OCI labels with metadata (distribution name, version, default config, configs list)
  • scripts/verify-config-labels.sh: Verifies embedded configs match source files exactly (byte-for-byte comparison, YAML validation)
  • scripts/docker.sh: Generates and embeds labels during local builds
  • .github/workflows/build-distributions.yml: Embeds and verifies labels in CI builds

Label Schema

Metadata:

com.llamastack.distribution.name=ci-tests
com.llamastack.distribution.version=v0.6.1-dev-185-gadb81a7c9-dirty
com.llamastack.distribution.default-config=config.yaml
com.llamastack.distribution.configs=config.yaml,run-with-postgres-store.yaml

Config content (base64-encoded):

com.llamastack.config.config.yaml=<base64>
com.llamastack.config.run-with-postgres-store.yaml=<base64>

Version logic

The version value is calculated using git describe --tags --always --dirty. This produces outputs like the following:

  • v0.6.1 - Built exactly at tag v0.6.1 with no additional commits
  • v0.6.1-185-gadb81a7c9 - Built 185 commits after the last tag (v0.6.1), at commit adb81a7
  • v0.6.1-185-gadb81a7c9-dirty - Same as above, but with uncommitted local changes
  • adb81a7c9 - No tags exist in the repository, shows commit hash only
  • adb81a7c9-dirty - No tags, with uncommitted changes

Testing

Manually verified with ci-tests distribution:

  • ✅ Labels embedded correctly in image
  • ✅ Base64 encoding/decoding preserves exact file content
  • ✅ YAML syntax validation passes
  • ✅ Source file comparison passes
  • ✅ Multiple config variants supported
  • ✅ Labels preserved through docker save/load (air-gap scenario)

Signed-off-by: Eoin Fennessy <efenness@redhat.com>
@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Meta Open Source bot. label Apr 7, 2026
eoinfennessy and others added 4 commits April 7, 2026 14:43
Signed-off-by: Eoin Fennessy <efenness@redhat.com>
Signed-off-by: Eoin Fennessy <efenness@redhat.com>
Signed-off-by: Eoin Fennessy <efenness@redhat.com>
Use cut -d= -f2- instead of -f2 to preserve values containing '='
characters. Decode base64 to a temp file instead of using command
substitution which strips trailing newlines, causing false diff
failures. Fail verification on invalid YAML syntax instead of
silently continuing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Eoin Fennessy <efenness@redhat.com>
@eoinfennessy
Copy link
Copy Markdown
Contributor Author

@leseb leseb added this pull request to the merge queue Apr 16, 2026
Merged via the queue into ogx-ai:main with commit b626078 Apr 16, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CLA Signed This label is managed by the Meta Open Source bot.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants