From 1fb0c85b19722724187a266a42440a6d1cc0569d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= <jcchavezs@gmail.com>
Date: Thu, 31 Jul 2025 23:21:09 +0200
Subject: [PATCH] feat: includes sha on the image labels
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>
---
 .github/workflows/reusable_build_docker.yaml | 3 +++
 docker/falco/Dockerfile                      | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml
index a0c5a06c..bbb61a9f 100644
--- a/.github/workflows/reusable_build_docker.yaml
+++ b/.github/workflows/reusable_build_docker.yaml
@@ -46,6 +46,7 @@ jobs:
           docker build -f docker/falco/Dockerfile -t docker.io/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }} \
             --build-arg VERSION_BUCKET=bin${{ inputs.bucket_suffix }} \
             --build-arg FALCO_VERSION=${{ inputs.version }} \
+            --build-arg FALCO_COMMIT_SHA=${{ github.sha }} \
             --build-arg TARGETARCH=${TARGETARCH} \
             .
             docker save docker.io/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }} --output /tmp/falco-${{ inputs.arch }}.tar
@@ -55,6 +56,7 @@ jobs:
           docker build -f docker/falco-debian/Dockerfile -t docker.io/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-debian \
             --build-arg VERSION_BUCKET=deb${{ inputs.bucket_suffix }} \
             --build-arg FALCO_VERSION=${{ inputs.version }} \
+            --build-arg FALCO_COMMIT_SHA=${{ github.sha }} \
             --build-arg TARGETARCH=${TARGETARCH} \
             .
             docker save docker.io/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-debian --output /tmp/falco-${{ inputs.arch }}-debian.tar
@@ -72,6 +74,7 @@ jobs:
           docker build -f docker/driver-loader-buster/Dockerfile -t docker.io/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}-buster \
             --build-arg VERSION_BUCKET=deb${{ inputs.bucket_suffix }} \
             --build-arg FALCO_VERSION=${{ inputs.version }} \
+            --build-arg FALCO_COMMIT_SHA=${{ github.sha }} \
             --build-arg TARGETARCH=${TARGETARCH} \
             .
             docker save docker.io/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}-buster --output /tmp/falco-driver-loader-${{ inputs.arch }}-buster.tar
diff --git a/docker/falco/Dockerfile b/docker/falco/Dockerfile
index 574ad14e..5dd1f040 100644
--- a/docker/falco/Dockerfile
+++ b/docker/falco/Dockerfile
@@ -1,10 +1,13 @@
 FROM cgr.dev/chainguard/wolfi-base
 
+ARG FALCO_COMMIT_SHA
+
 LABEL org.opencontainers.image.authors='The Falco Authors https://falco.org' \
       org.opencontainers.image.url='https://falco.org' \
       org.opencontainers.image.source='https://github.com/falcosecurity/falco' \
       org.opencontainers.image.vendor='Falco Organization' \
       org.opencontainers.image.licenses='Apache-2.0' \
+      org.opencontainers.image.revision=${FALCO_COMMIT_SHA} \
       maintainer="cncf-falco-dev@lists.cncf.io"
 
 LABEL usage="docker run -i -t --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /proc:/host/proc:ro  -v /etc:/host/etc:ro falcosecurity/falco:latest"