Add OCI standard image labels to Docker images

[Erwan-loot]

Context

Add OCI Image Spec standard labels to all five Dockerfiles published by this repository, and wire the dynamic labels through the two CI workflows.

This PR touches Docker metadata only — no changes to Tika source code, Maven build, tests, or runtime behaviour.

Note: JIRA registration is currently closed, so I was unable to file a tracker issue first. If a JIRA ticket is required, I'm happy to create one once registration reopens, or a maintainer can create it and I'll update the PR title accordingly.

Type

Improvement — Docker metadata only, no functional changes.

Dockerfiles modified

Dockerfile	Published image
tika-server/docker-build/minimal/Dockerfile	apache/tika:X.Y.Z
tika-server/docker-build/full/Dockerfile	apache/tika:X.Y.Z-full
tika-server/docker-build/minimal/Dockerfile.snapshot	apache/tika:X.Y.Z-SNAPSHOT
tika-server/docker-build/full/Dockerfile.snapshot	apache/tika:X.Y.Z-SNAPSHOT-full
tika-grpc/docker-build/Dockerfile	apache/tika-grpc:X.Y.Z

Labels added

Label	Value	Type
org.opencontainers.image.title	"Apache Tika Server" / "Apache Tika Server (full)" / "Apache Tika gRPC Server"	Static
org.opencontainers.image.description	Variant-specific description	Static
org.opencontainers.image.url	https://hub.docker.com/r/apache/tika (or /tika-grpc)	Static
org.opencontainers.image.source	https://github.com/apache/tika	Static
org.opencontainers.image.documentation	https://tika.apache.org/	Static
org.opencontainers.image.vendor	Apache Software Foundation	Static
org.opencontainers.image.licenses	Apache-2.0	Static
org.opencontainers.image.version	${TIKA_VERSION} / ${VERSION}	Dynamic (existing ARG)
org.opencontainers.image.revision	${REVISION} — git SHA at build time	Dynamic (new ARG + CI)
org.opencontainers.image.created	${CREATED} — RFC 3339 build timestamp	Dynamic (new ARG + CI)

The existing maintainer label is preserved as-is in all files.

CI changes

A new Set build metadata step is added to each Docker job in both workflows (docker-release.yml and docker-snapshot.yml). It captures git rev-parse HEAD (the exact checked-out commit, not GITHUB_SHA, so it is correct for the workflow_dispatch-with-source_ref path) and the current UTC timestamp, then passes them as REVISION and CREATED build-args to every docker/build-push-action call.

If REVISION or CREATED are not supplied (e.g. a local docker build without the build-args), the ARGs default to empty strings — the labels are still present but unpopulated, which is harmless.

Benefits

• Dependency bot changelogs: Renovate and Dependabot use org.opencontainers.image.source to link release notes in update PRs
• Registry UI: GHCR, Docker Hub display title, description, license, and source link from OCI labels
• Image provenance: revision + created allow pinpointing the exact source commit and build time for security audits and CVE investigations
• Standardisation: Aligns with OCI Image Spec best practices widely adopted across the container ecosystem

How to verify

After the next CI build, inspect the published image:

docker pull apache/tika:latest
docker inspect apache/tika:latest --format '{{ json .Config.Labels }}' | jq .

All org.opencontainers.image.* keys should be present and populated.

References

• OCI Image Spec — Annotations
• Renovate Docker datasource
• Docker — Manage tags and labels

[Copilot]

Pull request overview

Adds OCI Image Spec–standard labels to the repository’s published Docker images and wires dynamic label values (revision, created) through the Docker CI workflows, improving registry metadata/provenance without affecting Tika runtime behavior.

Changes:

• Add OCI labels (title/description/source/docs/license/version/revision/created) to the five published Dockerfiles while preserving the existing maintainer label.
• Update docker-snapshot.yml and docker-release.yml to compute git SHA + UTC timestamp and pass them as REVISION/CREATED build args to all Docker builds.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
tika-server/docker-build/minimal/Dockerfile.snapshot	Adds OCI labels and new REVISION/CREATED build args for snapshot minimal server image.
tika-server/docker-build/minimal/Dockerfile	Adds OCI labels and new REVISION/CREATED build args for release minimal server image.
tika-server/docker-build/full/Dockerfile.snapshot	Adds OCI labels and new REVISION/CREATED build args for snapshot full server image.
tika-server/docker-build/full/Dockerfile	Adds OCI labels and new REVISION/CREATED build args for release full server image.
tika-grpc/docker-build/Dockerfile	Adds OCI labels and new REVISION/CREATED build args for gRPC image.
.github/workflows/docker-snapshot.yml	Captures git SHA + build timestamp and passes as build args to all snapshot image builds.
.github/workflows/docker-release.yml	Captures git SHA + build timestamp and passes as build args to all release image builds.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[tballison]

We're still using a separate repo for 3.x releases. You're ok with making these changes for our current snapshot images (and hopefully) 4.x?

[tballison]

@nddipiazza wdyt? lgtm, but 🤷‍♂️