From 07903a3dabc450e70886ac57c5577d3324d0253f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Strausmann?=
 <strausmannservices@googlemail.com>
Date: Sun, 10 May 2026 20:31:34 +0000
Subject: [PATCH] fix(ci): emit org.opencontainers.image.description as index
 annotation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

GHCR shows "No description provided" on the package page because the
description annotation only lives on the per-platform manifests, not on
the multi-arch index. The package UI reads from the index level.

`docker/metadata-action` controls which manifest levels get annotations
via the `DOCKER_METADATA_ANNOTATIONS_LEVELS` env var. Default is
`manifest` only; setting it to `manifest,index` adds the second level.
We also have to forward the resulting annotation list through
`docker/build-push-action`'s `annotations:` input — the action doesn't
pick it up implicitly.

After this change the next docker-publish run will produce manifest
indexes with annotations on both levels, and GHCR's package page will
display the description without further intervention.
---
 .github/workflows/docker-publish.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index e96e4e9..5845c66 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -16,6 +16,14 @@ permissions:
 
 env:
   REGISTRY_GHCR: ghcr.io
+  # By default docker/metadata-action emits annotations with the `manifest:`
+  # prefix only — that lands on per-platform manifests but NOT on the multi-
+  # arch manifest list (the "index"). GHCR's package UI reads the package
+  # description from `index:org.opencontainers.image.description`; without
+  # the index level, the package page shows "No description provided".
+  # Setting this env var makes the action emit BOTH levels so per-platform
+  # inspectors and registry UIs see the metadata.
+  DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
 
 jobs:
   publish:
@@ -115,6 +123,11 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          # Pass through the annotations metadata-action computed (with both
+          # manifest:* and index:* levels, see DOCKER_METADATA_ANNOTATIONS_LEVELS
+          # at the workflow root). Without this the package shows up on GHCR
+          # with "No description provided".
+          annotations: ${{ steps.meta.outputs.annotations }}
           # Build-args flow into the Dockerfile's ARG VERSION / REVISION /
           # BUILD_DATE, which the Dockerfile then bakes into both OCI image
           # labels (via LABEL) and runtime ENV vars (HUB_VERSION, …) so the