feat(ontology): add Image/ImageManifestList labels to GCP and GitLab images

[kunaals]

Type of change

• New feature (non-breaking change that adds functionality)

Summary

Adds ontology labels to GCP Artifact Registry and GitLab container image entities to enable cross-registry unified queries, following the pattern established in PR #2318 for ECR images.

Changes:

Node	Ontology Label(s)	Condition
GCPArtifactRegistryContainerImage	Image	media_type is Docker V2 or OCI manifest
GCPArtifactRegistryContainerImage	ImageManifestList	media_type is manifest list or OCI index
GCPArtifactRegistryPlatformImage	Image	Unconditional (actual platform images)
GitLabContainerImage	Image	type="image"
GitLabContainerImage	ImageManifestList	type="manifest_list"

Why:

• Enables unified querying across container registries (e.g., MATCH (img:Image))
• Leverages conditional labels based on media_type/type to properly distinguish images from manifest lists
• Aligns GCP and GitLab entities with the ontology pattern used by ECR (PR feat(ontology): add image-related ontology labels to ECR entities #2318)

Example queries enabled:

-- Find all images across registries
MATCH (img:Image)
RETURN img.digest, img.architecture

-- Find manifest lists and their platform images
MATCH (ml:ImageManifestList)-[:CONTAINS_IMAGE]->(img:Image)
RETURN ml.digest, img.architecture, img.os

Related issues or links

• Follows pattern from feat(ontology): add image-related ontology labels to ECR entities #2318

How was this tested?

• make test_lint passes
• make test passes (624 tests)
• Verified schema imports and label configuration work correctly

Checklist

General

• I have read the contributing guidelines.
• The linter passes locally (make test_lint).
• I have added/updated tests that prove my fix is effective or my feature works.

Proof of functionality

• New or updated unit/integration tests.

If you are changing a node or relationship

• Updated the schema documentation.

Notes for reviewers

This PR uses conditional labels for GCP based on media_type field rather than a simplified type field (like ECR/GitLab use). The media types are:

Manifest list types → ImageManifestList:

• application/vnd.docker.distribution.manifest.list.v2+json
• application/vnd.oci.image.index.v1+json

Single image types → Image:

• application/vnd.docker.distribution.manifest.v2+json
• application/vnd.oci.image.manifest.v1+json

GCPArtifactRegistryPlatformImage always gets the Image label unconditionally because these nodes represent the actual platform-specific images within a manifest list (they have architecture, os, etc.).

[cubic-dev-ai]

2 issues found across 5 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="cartography/models/gcp/artifact_registry/container_image.py">

<violation number="1" location="cartography/models/gcp/artifact_registry/container_image.py:87">
P1: Rule violated: **Tests and documentation quality**

Document the ontology mapping for GCPArtifactRegistryContainerImage in docs/root/modules/gcp/schema.md. The rule requires a `> **Ontology Mapping**:` note whenever a node adds ExtraNodeLabels, but the section for this node has none after adding Image/ImageManifestList labels.</violation>
</file>

<file name="cartography/models/gitlab/container_images.py">

<violation number="1" location="cartography/models/gitlab/container_images.py:109">
P1: Rule violated: **Tests and documentation quality**

Nodes that add ExtraNodeLabels must be documented in the module schema with an **Ontology Mapping** note. The new Image/ImageManifestList labels for GitLabContainerImage are not documented in docs/root/modules/gitlab/schema.md, violating the documentation requirement in the Tests and documentation quality rule.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Rule violated: Tests and documentation quality

Nodes that add ExtraNodeLabels must be documented in the module schema with an Ontology Mapping note. The new Image/ImageManifestList labels for GitLabContainerImage are not documented in docs/root/modules/gitlab/schema.md, violating the documentation requirement in the Tests and documentation quality rule.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At cartography/models/gitlab/container_images.py, line 109:

<comment>Nodes that add ExtraNodeLabels must be documented in the module schema with an **Ontology Mapping** note. The new Image/ImageManifestList labels for GitLabContainerImage are not documented in docs/root/modules/gitlab/schema.md, violating the documentation requirement in the Tests and documentation quality rule.</comment>

<file context>
@@ -104,3 +106,15 @@ class GitLabContainerImageSchema(CartographyNodeSchema):
             GitLabContainerImageContainsImageRel(),
         ],
     )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(
+        [
+            ConditionalNodeLabel(
</file context>

[cubic-dev-ai]

I've added the missing ontology mapping documentation for GitLabContainerImage in docs/root/modules/gitlab/schema.md.

The node has conditional extra labels (Image and ImageManifestList) defined in the model at line 109, but these were not documented in the schema. I've added an "Ontology Mapping" note following the same pattern used by GCPArtifactRegistryContainerImage in the GCP schema.

Change made:

• Added ontology mapping documentation explaining that GitLabContainerImage has conditional extra labels: Image for single-platform images (type="image") and ImageManifestList for multi-architecture manifest lists (type="manifest_list")

PR: #2343

[jychp]

LGTM