moved to shared lib

2025-05-30 13:43:07 -07:00 · 2025-05-30 13:43:07 -07:00 · bf4b793eff
commit bf4b793eff
parent 56f8877097
9 changed files with 41 additions and 44 deletions
--- a/pkg/cmd/release/attestation/attestation.go
+++ b/pkg/cmd/release/attestation/attestation.go
--- a/pkg/cmd/release/attestation/options.go
+++ b/pkg/cmd/release/attestation/options.go
@ -1,4 +1,4 @@
-package attestation
+package shared

 import (
 	"fmt"
--- a/pkg/cmd/release/attestation/options_test.go
+++ b/pkg/cmd/release/attestation/options_test.go
@ -1,4 +1,4 @@
-package attestation
+package shared

 import (
 	"errors"
--- a/pkg/cmd/release/attestation/policy.go
+++ b/pkg/cmd/release/attestation/policy.go
@ -1,4 +1,4 @@
-package attestation
+package shared

 import (
 	"fmt"
--- a/pkg/cmd/release/attestation/policy_test.go
+++ b/pkg/cmd/release/attestation/policy_test.go
@ -1,4 +1,4 @@
-package attestation
+package shared

 import (
 	"testing"
--- a/pkg/cmd/release/verify-asset/verify-asset.go
+++ b/pkg/cmd/release/verify-asset/verify-asset.go
@ -14,15 +14,14 @@ import (
 	"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
 	att_io "github.com/cli/cli/v2/pkg/cmd/attestation/io"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
-	"github.com/cli/cli/v2/pkg/cmd/release/attestation"
 	"github.com/cli/cli/v2/pkg/cmd/release/shared"

 	"github.com/cli/cli/v2/pkg/cmdutil"
 	"github.com/spf13/cobra"
 )

-func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*attestation.AttestOptions) error) *cobra.Command {
-	opts := &attestation.AttestOptions{}
+func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*shared.AttestOptions) error) *cobra.Command {
+	opts := &shared.AttestOptions{}

 	cmd := &cobra.Command{
 		Use:    "verify-asset <tag> <file-path>",
@ -56,14 +55,14 @@ func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*attestation.AttestOptions)
 				return err
 			}

-			*opts = attestation.AttestOptions{
+			*opts = shared.AttestOptions{
 				TagName:       opts.TagName,
 				AssetFilePath: opts.AssetFilePath,
 				Repo:          baseRepo.RepoOwner() + "/" + baseRepo.RepoName(),
 				APIClient:     api.NewLiveClient(httpClient, hostname, logger),
 				Limit:         10,
 				Owner:         baseRepo.RepoOwner(),
-				PredicateType: attestation.ReleasePredicateType,
+				PredicateType: shared.ReleasePredicateType,
 				Logger:        logger,
 				HttpClient:    httpClient,
 				BaseRepo:      baseRepo,
@ -86,7 +85,7 @@ func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*attestation.AttestOptions)

 			opts.TrustedRoot = td

-			ec, err := attestation.NewEnforcementCriteria(opts)
+			ec, err := shared.NewEnforcementCriteria(opts)
 			if err != nil {
 				opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to build policy information"))
 				return err
@ -109,7 +108,7 @@ func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*attestation.AttestOptions)
 	return cmd
 }

-func verifyAssetRun(opts *attestation.AttestOptions) error {
+func verifyAssetRun(opts *shared.AttestOptions) error {
 	ctx := context.Background()

 	if opts.SigstoreVerifier == nil {
@ -156,7 +155,7 @@ func verifyAssetRun(opts *attestation.AttestOptions) error {
 	opts.Logger.Printf("Resolved %s to %s\n", opts.TagName, releaseRefDigest.DigestWithAlg())

 	// Attestation fetching
-	attestations, logMsg, err := attestation.GetAttestations(opts, releaseRefDigest.DigestWithAlg())
+	attestations, logMsg, err := shared.GetAttestations(opts, releaseRefDigest.DigestWithAlg())
 	if err != nil {
 		if errors.Is(err, api.ErrNoAttestationsFound) {
 			opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ No attestations found for subject %s\n"), releaseRefDigest.DigestWithAlg())
@ -167,13 +166,13 @@ func verifyAssetRun(opts *attestation.AttestOptions) error {
 	}

 	// Filter attestations by tag
-	filteredAttestations, err := attestation.FilterAttestationsByTag(attestations, opts.TagName)
+	filteredAttestations, err := shared.FilterAttestationsByTag(attestations, opts.TagName)
 	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
 		return err
 	}

-	filteredAttestations, err = attestation.FilterAttestationsByFileDigest(filteredAttestations, opts.Repo, opts.TagName, fileDigest.Digest())
+	filteredAttestations, err = shared.FilterAttestationsByFileDigest(filteredAttestations, opts.Repo, opts.TagName, fileDigest.Digest())
 	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
 		return err
@ -187,7 +186,7 @@ func verifyAssetRun(opts *attestation.AttestOptions) error {
 	opts.Logger.Printf("Loaded %s from GitHub API\n", text.Pluralize(len(filteredAttestations), "attestation"))

 	// Verify attestations
-	verified, errMsg, err := attestation.VerifyAttestations(*releaseRefDigest, filteredAttestations, opts.SigstoreVerifier, opts.EC)
+	verified, errMsg, err := shared.VerifyAttestations(*releaseRefDigest, filteredAttestations, opts.SigstoreVerifier, opts.EC)

 	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red(errMsg))
--- a/pkg/cmd/release/verify-asset/verify-asset_test.go
+++ b/pkg/cmd/release/verify-asset/verify-asset_test.go
@ -9,7 +9,7 @@ import (
 	"github.com/cli/cli/v2/pkg/cmd/attestation/io"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/test"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
-	"github.com/cli/cli/v2/pkg/cmd/release/attestation"
+	"github.com/cli/cli/v2/pkg/cmd/release/shared"
 	"github.com/cli/cli/v2/pkg/cmdutil"
 	"github.com/cli/cli/v2/pkg/iostreams"
 	"github.com/stretchr/testify/assert"
@ -17,7 +17,7 @@ import (

 	"github.com/cli/cli/v2/internal/ghrepo"

-	"github.com/cli/cli/v2/pkg/cmd/release/shared"
+	attestation "github.com/cli/cli/v2/pkg/cmd/release/shared"
 	"github.com/cli/cli/v2/pkg/httpmock"
 )

@ -72,8 +72,8 @@ func TestNewCmdVerifyAsset_Args(t *testing.T) {
 				},
 			}

-			var opts *attestation.AttestOptions
-			cmd := NewCmdVerifyAsset(f, func(o *attestation.AttestOptions) error {
+			var opts *shared.AttestOptions
+			cmd := NewCmdVerifyAsset(f, func(o *shared.AttestOptions) error {
 				opts = o
 				return nil
 			})
@ -106,7 +106,7 @@ func Test_verifyAssetRun_Success(t *testing.T) {
 	baseRepo, err := ghrepo.FromFullName("owner/repo")
 	require.NoError(t, err)

-	opts := &attestation.AttestOptions{
+	opts := &shared.AttestOptions{
 		TagName:          tagName,
 		AssetFilePath:    test.NormalizeRelativePath("../../attestation/test/data/github_release_artifact.zip"),
 		Repo:             "owner/repo",
@ -115,12 +115,12 @@ func Test_verifyAssetRun_Success(t *testing.T) {
 		Logger:           io.NewHandler(ios),
 		APIClient:        api.NewTestClient(),
 		SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
-		PredicateType:    attestation.ReleasePredicateType,
+		PredicateType:    shared.ReleasePredicateType,
 		HttpClient:       &http.Client{Transport: fakeHTTP},
 		BaseRepo:         baseRepo,
 	}

-	ec, err := attestation.NewEnforcementCriteria(opts)
+	ec, err := shared.NewEnforcementCriteria(opts)
 	require.NoError(t, err)
 	opts.EC = ec
 	opts.Clean()
--- a/pkg/cmd/release/verify/verify.go
+++ b/pkg/cmd/release/verify/verify.go
@ -14,7 +14,6 @@ import (
 	"github.com/cli/cli/v2/pkg/cmd/attestation/auth"
 	att_io "github.com/cli/cli/v2/pkg/cmd/attestation/io"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
-	"github.com/cli/cli/v2/pkg/cmd/release/attestation"
 	"github.com/cli/cli/v2/pkg/cmd/release/shared"

 	"github.com/cli/cli/v2/pkg/cmdutil"
@ -22,8 +21,8 @@ import (
 	"github.com/spf13/cobra"
 )

-func NewCmdVerify(f *cmdutil.Factory, runF func(*attestation.AttestOptions) error) *cobra.Command {
-	opts := &attestation.AttestOptions{}
+func NewCmdVerify(f *cmdutil.Factory, runF func(*shared.AttestOptions) error) *cobra.Command {
+	opts := &shared.AttestOptions{}

 	cmd := &cobra.Command{
 		Use:    "verify [<tag>]",
@ -52,13 +51,13 @@ func NewCmdVerify(f *cmdutil.Factory, runF func(*attestation.AttestOptions) erro
 				return err
 			}

-			*opts = attestation.AttestOptions{
+			*opts = shared.AttestOptions{
 				TagName:       opts.TagName,
 				Repo:          baseRepo.RepoOwner() + "/" + baseRepo.RepoName(),
 				APIClient:     api.NewLiveClient(httpClient, hostname, logger),
 				Limit:         10,
 				Owner:         baseRepo.RepoOwner(),
-				PredicateType: attestation.ReleasePredicateType,
+				PredicateType: shared.ReleasePredicateType,
 				Logger:        logger,
 				HttpClient:    httpClient,
 				BaseRepo:      baseRepo,
@ -79,7 +78,7 @@ func NewCmdVerify(f *cmdutil.Factory, runF func(*attestation.AttestOptions) erro
 			}
 			opts.TrustedRoot = td

-			ec, err := attestation.NewEnforcementCriteria(opts)
+			ec, err := shared.NewEnforcementCriteria(opts)
 			if err != nil {
 				opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to build policy information"))
 				return err
@ -98,7 +97,7 @@ func NewCmdVerify(f *cmdutil.Factory, runF func(*attestation.AttestOptions) erro
 	return cmd
 }

-func verifyRun(opts *attestation.AttestOptions) error {
+func verifyRun(opts *shared.AttestOptions) error {
 	ctx := context.Background()

 	if opts.SigstoreVerifier == nil {
@ -135,7 +134,7 @@ func verifyRun(opts *attestation.AttestOptions) error {
 	opts.Logger.Printf("Resolved %s to %s\n", opts.TagName, releaseRefDigest.DigestWithAlg())

 	// Attestation fetching
-	attestations, logMsg, err := attestation.GetAttestations(opts, releaseRefDigest.DigestWithAlg())
+	attestations, logMsg, err := shared.GetAttestations(opts, releaseRefDigest.DigestWithAlg())
 	if err != nil {
 		if errors.Is(err, api.ErrNoAttestationsFound) {
 			opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ No attestations found for subject %s\n"), releaseRefDigest.DigestWithAlg())
@ -146,7 +145,7 @@ func verifyRun(opts *attestation.AttestOptions) error {
 	}

 	// Filter attestations by predicate tag
-	filteredAttestations, err := attestation.FilterAttestationsByTag(attestations, opts.TagName)
+	filteredAttestations, err := shared.FilterAttestationsByTag(attestations, opts.TagName)
 	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
 		return err
@ -160,7 +159,7 @@ func verifyRun(opts *attestation.AttestOptions) error {
 	opts.Logger.Printf("Loaded %s from GitHub API\n", text.Pluralize(len(filteredAttestations), "attestation"))

 	// Verify attestations
-	verified, errMsg, err := attestation.VerifyAttestations(*releaseRefDigest, filteredAttestations, opts.SigstoreVerifier, opts.EC)
+	verified, errMsg, err := shared.VerifyAttestations(*releaseRefDigest, filteredAttestations, opts.SigstoreVerifier, opts.EC)

 	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red(errMsg))
--- a/pkg/cmd/release/verify/verify_test.go
+++ b/pkg/cmd/release/verify/verify_test.go
@ -9,7 +9,6 @@ import (
 	"github.com/cli/cli/v2/pkg/cmd/attestation/api"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/io"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
-	"github.com/cli/cli/v2/pkg/cmd/release/attestation"
 	"github.com/cli/cli/v2/pkg/cmd/release/shared"
 	"github.com/cli/cli/v2/pkg/cmdutil"
 	"github.com/cli/cli/v2/pkg/httpmock"
@ -61,8 +60,8 @@ func TestNewCmdVerify_Args(t *testing.T) {
 				},
 			}

-			var opts *attestation.AttestOptions
-			cmd := NewCmdVerify(f, func(o *attestation.AttestOptions) error {
+			var opts *shared.AttestOptions
+			cmd := NewCmdVerify(f, func(o *shared.AttestOptions) error {
 				opts = o
 				return nil
 			})
@ -89,7 +88,7 @@ func Test_verifyRun_Success(t *testing.T) {
 	baseRepo, err := ghrepo.FromFullName("owner/repo")
 	require.NoError(t, err)

-	opts := &attestation.AttestOptions{
+	opts := &shared.AttestOptions{
 		TagName:          tagName,
 		Repo:             "owner/repo",
 		Owner:            "owner",
@ -99,10 +98,10 @@ func Test_verifyRun_Success(t *testing.T) {
 		SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 		HttpClient:       &http.Client{Transport: fakeHTTP},
 		BaseRepo:         baseRepo,
-		PredicateType:    attestation.ReleasePredicateType,
+		PredicateType:    shared.ReleasePredicateType,
 	}

-	ec, err := attestation.NewEnforcementCriteria(opts)
+	ec, err := shared.NewEnforcementCriteria(opts)
 	require.NoError(t, err)
 	opts.EC = ec

@ -122,7 +121,7 @@ func Test_verifyRun_Failed_With_Invalid_Tag(t *testing.T) {
 	baseRepo, err := ghrepo.FromFullName("owner/repo")
 	require.NoError(t, err)

-	opts := &attestation.AttestOptions{
+	opts := &shared.AttestOptions{
 		TagName:          tagName,
 		Repo:             "owner/repo",
 		Owner:            "owner",
@ -130,13 +129,13 @@ func Test_verifyRun_Failed_With_Invalid_Tag(t *testing.T) {
 		Logger:           io.NewHandler(ios),
 		APIClient:        api.NewFailTestClient(),
 		SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
-		PredicateType:    attestation.ReleasePredicateType,
+		PredicateType:    shared.ReleasePredicateType,

 		HttpClient: &http.Client{Transport: fakeHTTP},
 		BaseRepo:   baseRepo,
 	}

-	ec, err := attestation.NewEnforcementCriteria(opts)
+	ec, err := shared.NewEnforcementCriteria(opts)
 	require.NoError(t, err)
 	opts.EC = ec

@ -156,7 +155,7 @@ func Test_verifyRun_Failed_NoAttestation(t *testing.T) {
 	baseRepo, err := ghrepo.FromFullName("owner/repo")
 	require.NoError(t, err)

-	opts := &attestation.AttestOptions{
+	opts := &shared.AttestOptions{
 		TagName:          tagName,
 		Repo:             "owner/repo",
 		Owner:            "owner",
@ -166,10 +165,10 @@ func Test_verifyRun_Failed_NoAttestation(t *testing.T) {
 		SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 		HttpClient:       &http.Client{Transport: fakeHTTP},
 		BaseRepo:         baseRepo,
-		PredicateType:    attestation.ReleasePredicateType,
+		PredicateType:    shared.ReleasePredicateType,
 	}

-	ec, err := attestation.NewEnforcementCriteria(opts)
+	ec, err := shared.NewEnforcementCriteria(opts)
 	require.NoError(t, err)
 	opts.EC = ec