feat: oci-labels recommendation

RULES.md

@@ -7,6 +7,7 @@
 *  [D6:questionable-expose](#d6questionable-expose)
 *  [D7:tagged-latest](#d7tagged-latest)
 *  [D7:tagged-latest-builder](#d7tagged-latest-builder)
+*  [D9:oci-labels](#d9oci-labels)
 *  [DA:maintainer-deprecated](#damaintainer-deprecated)
 *  [DC:avoid-sudo](#dcavoid-sudo)
 *  [DC:consider-multistage](#dcconsider-multistage)
@@ -88,6 +89,15 @@ Using `latest` images in builders is not recommended (builds are not repeatable)
 Priority: **Low**  
 Analyzes: <kbd><a href="https://docs.docker.com/engine/reference/builder/#from">FROM</a></kbd>
 
+## D9:oci-labels
+
+> _Consider using common annotations defined by Open Containers Initiative_
+
+Open Containers Initiative defines a common set of annotations which expose as labels on containers
+
+Priority: **Medium**  
+Analyzes: <kbd><a href="https://docs.docker.com/engine/reference/builder/#label">LABEL</a></kbd>
+
 ## DA:maintainer-deprecated
 
 > _MAINTAINER is deprecated_

docked_test.go

@@ -494,6 +494,25 @@ func TestDocked_AnalyzeWithRuleList(t *testing.T) {
 			want: AnalysisResult{NotEvaluated: singleValidation("D2:single-cmd", model.Success)},
 		},
 		// endregion questionable-expose
+
+		// region oci-labels
+		{
+			name: "oci-labels",
+			args: args{
+				config:   Config{SkipDefaultRules: true, IncludeRules: []string{"D9:oci-labels"}},
+				location: "./testdata/oci_labels.dockerfile",
+			},
+			want: AnalysisResult{Evaluated: singleValidation("D9:oci-labels", model.Success)},
+		},
+		{
+			name: "oci-labels [minimal]",
+			args: args{
+				config:   Config{SkipDefaultRules: true, IncludeRules: []string{"D9:oci-labels"}},
+				location: "./testdata/minimal.dockerfile",
+			},
+			want: AnalysisResult{NotEvaluated: singleValidation("D9:oci-labels", model.Recommendation)},
+		},
+		// endregion oci-labels
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

model/rules/oci_labels.go

@@ -0,0 +1,50 @@
+package rules
+
+import (
+	"strings"
+
+	"github.com/jimschubert/docked/model"
+	"github.com/jimschubert/docked/model/docker/commands"
+	"github.com/jimschubert/docked/model/validations"
+)
+
+func openContainersAnnotations() validations.Rule {
+	r := validations.MultiContextRule{
+		Name:     "oci-labels",
+		Summary:  "Consider using common annotations defined by Open Containers Initiative",
+		Details:  "Open Containers Initiative defines a common set of annotations which expose as labels on containers",
+		Priority: model.MediumPriority,
+		Commands: []commands.DockerCommand{commands.Label},
+		Evaluator: validations.MultiContextFullEvaluator{
+			Fn: func(mcr *validations.MultiContextRule) *validations.ValidationResult {
+				if mcr == nil || mcr.ContextCache == nil {
+					return &validations.ValidationResult{
+						Result:  model.Skipped,
+						Details: mcr.GetSummary(),
+					}
+				}
+				result := model.Recommendation
+				validationContexts := make([]validations.ValidationContext, 0)
+				for _, nodeValidationContext := range *mcr.ContextCache {
+					if strings.Contains(nodeValidationContext.Node.Original, "org.opencontainers") {
+						result = model.Success
+					} else {
+						nodeValidationContext.Context.HasRecommendations = true
+					}
+					validationContexts = append(validationContexts, nodeValidationContext.Context)
+				}
+
+				return &validations.ValidationResult{
+					Result:   result,
+					Details:  mcr.GetSummary(),
+					Contexts: validationContexts,
+				}
+			},
+		},
+	}
+	return &r
+}
+
+func init() {
+	AddRule(openContainersAnnotations())
+}

testdata/oci_labels.dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+LABEL org.opencontainers.image.authors="me@example.com"
+LABEL org.opencontainers.image.licenses="Apache 2.0"