Heroku Buildpacks with the CNB lifecycle creator - how to specifiy custom image labels?

Question

We're using Heroku Buildpacks inside a GitLab CI/CD pipeline by triggering a job running the heroku builder image and then invoking the /cnb/lifecycle/creator directly, instead of using the pack CLI. This is because be can't use docker in docker on our container orchestrator.

This all works fine and dandy, but we're facing the problem of not being able to specify any custom labels that will be added to the produced image. By default, these labels are added:

• io.buildpacks.lifecycle.metadata
• io.buildpacks.build.metadata
• io.buildpacks.project.metadata

But we'd also like to add the following labels:

• org.opencontainers.image.revision
• org.opencontainers.image.url
• org.opencontainers.image.source
• org.opencontainers.image.version
• org.opencontainers.image.licenses
• org.opencontainers.image.authors

Unfortunately there seems to be no way to specify this. The creator doesn't offer any configuration parameter to do this, neither the pack CLI as far as I could tell. When using Paketo buildpacks, there is indeed a designated buildpack to solve this: https://github.com/paketo-buildpacks/image-labels

Is there any way to do something similiar when using Heroku buildpacks?

Answer 1

You can use the Paketo image-labels buildpack with the Heroku buildpacks. Here's an example of doing this from the pack CLI:

$ pack build --builder heroku/buildpacks:20 --buildpack paketo-buildpacks/image-labels my-app

With the CLI you can add more --buildpack options as needed.

If you want to codify this, you can create a project.toml and use the io.buildpacks.post.group to always run the image-labels buildpack at the end.

If you're using creator binary, you can provide it a group.toml https://github.com/buildpacks/spec/blob/main/platform.md#inputs-3

Answer 2

Here's a more detailed answer on how to achieve this:

1. Create a custom builder image which contains heroku buildpacks as well as the desired image labels buildpack by paketo
2. Run the lifecycle executables in the specified order manually
3. Add an entry for the image labels buildpack to the group.toml AFTER the detector has run

Heres an example Dockerfile for building a custom builder image:

# paketo
FROM paketobuildpacks/builder:base as paketo

# heroku
FROM heroku/builder-classic:22

USER root

COPY --from=paketo /cnb/buildpacks/paketo-buildpacks_image-labels /cnb/buildpacks/paketo-buildpacks_image-labels

COPY group.toml /opt/group.toml

SHELL ["/bin/bash", "-c"]

USER 1000

This is what the file under /opt/group.toml looks like:

[[group]]
    description = "A Cloud Native Buildpack that enables configuration of labels on the created image"
    homepage = "https://github.com/paketo-buildpacks/image-labels"
    id = "paketo-buildpacks/image-labels"
    keywords = ["image-labels", "labels"]
    name = "Paketo Image Labels Buildpack"
    version = "4.2.0"
    sbom-formats = ["application/vnd.cyclonedx+json", "application/vnd.syft+json"]
    api = "0.7"

Then you can run the lifecycle as follows:

export CNB_LAYERS_DIR=${BP_LAYERS_PATH}
export CNB_GROUP_PATH=${BP_LAYERS_PATH}/group.toml

/cnb/lifecycle/detector -layers=${BP_LAYERS_PATH} -platform=${BP_PLATFORM_PATH} -app=.

# add additional logic for image-label-buildpack
[ -f /opt/group.toml ] && echo "$(cat /opt/group.toml)" >> ${CNB_GROUP_PATH}

export BP_LAST_VERSION=${BP_IMAGE_VERSION}
/cnb/lifecycle/analyzer -uid=$(id -u) -gid=0 -cache-dir=${BP_CACHE_PATH} -layers=${BP_LAYERS_PATH} -analyzed=${BP_LAYERS_PATH}/analyzed.toml ${BP_REGISTRY}/${BP_IMAGE_NAME}:${BP_LAST_VERSION}

/cnb/lifecycle/restorer -uid=$(id -u) -gid=0 -cache-dir=${BP_CACHE_PATH} -layers=${BP_LAYERS_PATH} -group=${BP_LAYERS_PATH}/group.toml

/cnb/lifecycle/builder -layers=${BP_LAYERS_PATH} -platform=${BP_PLATFORM_PATH} -app=. -group=${BP_LAYERS_PATH}/group.toml

/cnb/lifecycle/exporter -uid=$(id -u) -gid=0 -cache-dir=${BP_CACHE_PATH} -layers=${BP_LAYERS_PATH} -app=. -analyzed=${BP_LAYERS_PATH}/analyzed.toml -run-image=${BP_RUN_IMAGE} ${BP_REGISTRY}/${BP_IMAGE_NAME}:${BP_IMAGE_VERSION}

Make sure to fill the env variables with sane values as defined by the platform spec .