docker: add OCI image labels for version and build date#21653
Merged
Conversation
Contributor
Author
|
heads up! The labeler failure is not from this PR, it is a broken config in labeler.yml that's been failing on every PR. fix is included here, just needs a merge. |
taronaeo
reviewed
Apr 9, 2026
Member
taronaeo
left a comment
taronaeo
left a comment
There was a problem hiding this comment.
Seems like a good addition to me :)
|
Can you also some other image labels?
These labels are documented at https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys They're useful for both people to use manually and for automated systems to use (for example, Renovate uses this information to create better PR descriptions). |
ssam18
force-pushed
the
docker/oci-image-labels
branch
from
e3053a7 to
8064797
Compare
github-actions
Bot
added
the
devops
CISC
reviewed
Apr 9, 2026
Member
CISC
left a comment
CISC
left a comment
There was a problem hiding this comment.
Add id: checkout to the checkout step so we can get the right SHA.
Please provide a successful run of the job (disable s390x).
CISC
reviewed
Apr 9, 2026
ssam18
force-pushed
the
docker/oci-image-labels
branch
from
8064797 to
b973ae5
Compare
EZForever
added a commit
to EZForever/llama.cpp-static
that referenced
this pull request
Apr 21, 2026
Contributor
Author
|
can we merge this PR? |
Member
Where's the successful run? |
Contributor
Author
|
Successful run here: https://github.com/ssam18/llama.cpp/actions/runs/24752990085 Triggered from a throwaway branch off this PR with the s390x matrix entry removed (since the s390x runner isn't available on the fork). The PR branch itself is unchanged. |
Member
|
The labels don't seem to be applied: |
Contributor
Author
please check now. |
Member
You forgot to disable s390x. |
Contributor
Author
Thanks for calling that out. The earlier test image only had the Dockerfile LABEL changes, and GHCR does not show those on the package page because they live in the image config. The follow-up commit is the one that propagates the OCI metadata to the manifest and multi-arch index, which is what GHCR actually displays. Also, s390x was removed only on the temporary test branch to work around fork runner limits; the PR branch intentionally keeps it unchanged. |
ssam18
force-pushed
the
docker/oci-image-labels
branch
from
efc0228 to
49c762f
Compare
ssam18
force-pushed
the
docker/oci-image-labels
branch
from
49c762f to
699547c
Compare
taronaeo
reviewed
May 17, 2026
Member
taronaeo
left a comment
taronaeo
left a comment
There was a problem hiding this comment.
Thanks for pinging again.
While this is a good addition to identify problematic versions, org.opencontainers.image.url should not be hardcoded to ggml-org/llama.cpp as forks can also run the same workflow. org.opencontainers.image.url should be pointing to the forked repository instead. Likewise for org.opencontainers.image.source.
The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit.
Contributor
Author
|
Thanks for the review. Pushed a fix that makes the OCI url and source come from a build arg so the workflow can pass the actual repository url, which means forks running this workflow will get labels pointing at their own fork. Also reverted the intel runtime versions back to upstream values since the bump was unrelated to this change. |
taronaeo
approved these changes
May 18, 2026
CISC
approved these changes
May 18, 2026
Member
CISC
left a comment
CISC
left a comment
There was a problem hiding this comment.
Can we get a test run (without s390x)?
Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
Contributor
Author
|
Test run done on the fork with Run https://github.com/ssam18/llama.cpp/actions/runs/26034918114 Added a Confirmed the OCI annotations actually land on the resulting manifest index, here is the vulkan server tag for reference |
taronaeo
approved these changes
May 18, 2026
Jcfunk
added a commit
to Jcfunk/llama.cpp
that referenced
this pull request
May 19, 2026
* master: (100 commits) Agent update hexagon: add support for TRI op (ggml-org#22822) ggml-hexagon: add PAD op HVX kernel (ggml-org#23078) docker : add OCI image labels for version and build date (ggml-org#21653) common : remove hf cache migration (ggml-org#23266) ui: Update KaTeX package and clean up logs from `sass` warnings (ggml-org#23275) feat: add scroll-to-bottom button to chat + prevent forced scroll down (ggml-org#23270) ui: Refactor models store, MCP service, and gate logs behind VITE_DEBUG (ggml-org#23236) ui: Centralize monospace font styles in app.css (ggml-org#23272) webui: fix Tailwind v4 utility classes missing when built via cmake (ggml-org#23253) llama: initialize pre-norm embedding mask flag (ggml-org#23256) add myself to conversion (ggml-org#23261) ci : added kleidiai-server to server-self-hosted workflow (ggml-org#22435) scripts : allow wc2wt with an existing branch (ggml-org#23189) sycl: scalar SWAR byte-subtract in Q6_K MMVQ dot product (ggml-org#22156) sycl: route small f32 matmuls to oneMKL, bypass oneDNN (ggml-org#22150) sycl : fix error when use -mg 1 error (ggml-org#23140) update bid to match each layers MTP source (ggml-org#23237) cmake : do not check for bin install dir (ggml-org#23234) feat: Support d_conv=15 for ssm-conv.cu (ggml-org#23017) ...
kgrama
pushed a commit
to kgrama/llama.cpp
that referenced
this pull request
May 19, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
xxmustafacooTR
pushed a commit
to xxPlayground/llama-cpp-turboquant
that referenced
this pull request
May 19, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
rsenthilkumar6
pushed a commit
to rsenthilkumar6/llama.cpp
that referenced
this pull request
May 19, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
ArberSephirotheca
pushed a commit
to ArberSephirotheca/llama.cpp
that referenced
this pull request
May 19, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
fhnmor21
pushed a commit
to fhnmor21/llama-cpp-turboquant
that referenced
this pull request
May 19, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
dbrain
pushed a commit
to dbrain/hbd-llama-cpp-turboquant
that referenced
this pull request
May 21, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
baramofme
pushed a commit
to baramofme/llama-cpp-turboquant
that referenced
this pull request
May 23, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
srossitto79
pushed a commit
to srossitto79/llama.cpp
that referenced
this pull request
May 23, 2026
) * docker: add OCI image labels to all published images * docker: propagate OCI labels as manifest and index annotations * docker: drop hardcoded org URL and revert accidental intel version bump The OCI image url and source are now driven by build args with a sensible default. The workflow passes the actual repository url so fork builds get labels pointing at the fork instead of upstream. Also restores the IGC, compute runtime, and IGDGMM versions in the intel Dockerfile labeled stage which I accidentally bumped in the first commit. * docker: add skip_s390x workflow_dispatch input for fast test runs Lets maintainers and PR authors trigger the docker workflow without the s390x build target, which depends on the IBM Z runner and is by far the slowest job in the matrix. The flag filters the s390x row out of the build matrix before merge_matrix is derived, so the merge job sees a consistent shape too. Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> --------- Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Running a container and not knowing which version you're on is a frustrating experience, especially when trying to decide whether to pull a newer image. This adds
org.opencontainers.image.createdandorg.opencontainers.image.versionlabels to all published Docker images, populated from the build timestamp and the existing version tag generated during CI. Users can now rundocker inspect <image>to instantly see what version they're running. Fixes #21645