Fix version number in Docker builds

We were getting an unclean git repo inside of the Docker build
which is where setuptools_scm determines the version number. 
This happend because our .dockerignore was excluding some directories that 
exist in the git repo but aren't required in the docker image.

That's reasonable, but it makes it impossible to determine the version
number correctly inside of the docker build.

This change add a docker ARG, and determines the version number in the GitHub
Actions workflow before building the image.

Closes #897

Author: omad

.dockerignore

@@ -10,6 +10,10 @@ docker-compose.*.yml
 **/__pycache__
 **/*.py[cod]
 
+#Git/VCS
+.git
+.jj
+
 # CI / distribution / packaging
 **/*.egg-info
 .github

.github/workflows/docker.yml

@@ -51,25 +51,27 @@ jobs:
           username: gadockersvc
           image_tag: ${{ env.UNSTABLE_TAG }},latest
           password: "${{ secrets.DockerPassword }}"
-          build_extra_args: "--build-arg=ENVIRONMENT=deployment"
+          build_extra_args: "--build-arg=ENVIRONMENT=deployment --build-arg=EXPLORER_VERSION=${{ env.UNSTABLE_TAG }}"
 
-      # This section is for releases
+      ##############################
+      # Only For GitHub Releases!  #
+      ##############################
       - name: Get and log tag for this build if it exists
         if: github.event_name == 'release'
         run: |
           set -ex
-          RELEASE=$(git describe --abbrev=0 --tags)
-          echo "RELEASE=$RELEASE" >> $GITHUB_ENV
+          RELEASE_VERSION=$(git describe --abbrev=0 --tags)
+          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
 
       - name: Build and Push release if we have a tag
         uses: whoan/docker-build-with-cache-action@d8d3ad518e7ac382b880720d0751815e656fe032 # v8.1.0
         if: github.event_name == 'release'
         with:
           image_name: ${{ env.IMAGE_NAME }}
-          image_tag: ${{ env.RELEASE }}
+          image_tag: ${{ env.RELEASE_VERSION }}
           username: gadockersvc
           password: "${{ secrets.DockerPassword }}"
-          build_extra_args: "--build-arg=ENVIRONMENT=deployment"
+          build_extra_args: "--build-arg=ENVIRONMENT=deployment --build-arg=EXPLORER_VERSION=${{ env.RELEASE_VERSION }}"
 
       - name: Update Docker Hub Description
         uses: peter-evans/dockerhub-description@1b9a80c056b620d92cedb9d9b5a223409c68ddfa # v5.0.0

Dockerfile

@@ -59,6 +59,8 @@ RUN --mount=type=cache,id=opendatacube-uv-cache,target=/root/.cache \
 COPY --link . /build/
 
 ARG ENVIRONMENT=deployment
+ARG EXPLORER_VERSION=""
+ENV SETUPTOOLS_SCM_PRETEND_VERSION=${EXPLORER_VERSION}
 # The deployment image should not have binaries that aid an attacker to get their
 # rootkit in place, and uv downloads over the network. There is no conditional
 # copy in Docker, so truncate the uv binaries to 0 bytes to render them harmless
@@ -74,6 +76,9 @@ RUN --mount=type=cache,id=opendatacube-uv-cache,target=/root/.cache \
 
 FROM base
 
+ARG EXPLORER_VERSION=""
+LABEL org.opencontainers.image.version=${EXPLORER_VERSION}
+
 # Add login-script for UID/GID-remapping.
 COPY --chown=root:root --link docker/files/remap-user.sh /usr/local/bin/remap-user.sh