RFE: Containerfile: ARG or LABEL from stdout of a command or file

[allisonkarlitskaya]

I'd like to be able to set dynamic labels on a container according to state internal to the container. This seems like it would be a common request but I wasn't able to find any other issue about this (open or closed).

So here's the request: some way to say something like

LABEL --stdout org.xyz.mylabel "cat /whatever"

or (more generally)

ARG --stdout MYARG "cat /whatever"; or
ARGFROM MYARG cat /whatever

and then later

LABEL org.xyz.mylabel ${MYARG}

or a similar syntax to accomplish the same goal: we'd run a command on the most recent layer of the build and the output of that command would become the value of the ARG or LABEL. Any changes produced on the filesystem by running the command would be discarded.

Alternatively the filesystem could be read-only for the duration of this command, but it seems like it might be useful to have access to install packages or something if some special tooling would be required for computing the label.

In any case, though, this would never result in the creation of a new layer. Only setting a label.

The ARG format seems like it could be substantially more powerful and would be my first choice, but it might be more difficult to implement. In that case, my real use case: I want to set a label.

[nalind]

I think the more common pattern is to use a build argument to provide a value for a label, and determine or decide on the value to give to that build argument before invoking the build.

[allisonkarlitskaya]

Indeed, my current build is doing this but we're trying to turn the build into a single Containerfile.

You can read more about this here: containers/composefs-rs#34

We want to be able to set a containers.composefs.fsverity label to the fsverity digest which we will calculate from inside of the container build itself.