STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #9022 from cli/andyfeller/attestation-beta-usage

Browse source 
Add beta designation on attestation command set
This commit is contained in:
Andy Feller 2024-04-29 14:57:56 -04:00 committed by GitHub
commit f5430ced2d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
pkg/cmd/attestation/attestation.go
View file

@ -1,6 +1,7 @@
package attestation
import (
"github.com/MakeNowJust/heredoc"
"github.com/cli/cli/v2/pkg/cmd/attestation/download"
"github.com/cli/cli/v2/pkg/cmd/attestation/inspect"
"github.com/cli/cli/v2/pkg/cmd/attestation/tufrootverify"
@ -15,7 +16,11 @@ func NewCmdAttestation(f *cmdutil.Factory) *cobra.Command {
Use: "attestation [subcommand]",
Short: "Work with artifact attestations",
Aliases: []string{"at"},
Long: "Download and verify artifact attestations.",
Long: heredoc.Doc(`
# NOTE: This feature is currently in beta, and subject to change.
Download and verify artifact attestations.
`),
}
root.AddCommand(download.NewDownloadCmd(f, nil))

2
pkg/cmd/attestation/download/download.go
View file

@ -23,6 +23,8 @@ func NewDownloadCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Comman
Args: cmdutil.ExactArgs(1, "must specify file path or container image URI, as well as one of --owner or --repo"),
Short: "Download an artifact's Sigstore bundle(s) for offline use",
Long: heredoc.Docf(`
# NOTE: This feature is currently in beta, and subject to change.
Download an artifact's attestations, aka Sigstore bundle(s), for offline use.
The command requires either:

6
pkg/cmd/attestation/inspect/inspect.go
View file

@ -23,8 +23,10 @@ func NewInspectCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command
Hidden: true,
Short: "Inspect a sigstore bundle",
Long: heredoc.Docf(`
# NOTE: This feature is currently in beta, and subject to change.
Inspect a downloaded Sigstore bundle for a given artifact.
The command requires either:
* a relative path to a local artifact, or
* a container image URI (e.g. %[1]soci://<my-OCI-image-URI>%[1]s)
@ -37,7 +39,7 @@ func NewInspectCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command
command).
By default, the command will print information about the bundle in a table format.
If the %[1]s--json-result%[1]s flag is provided, the command will print the
If the %[1]s--json-result%[1]s flag is provided, the command will print the
information in JSON format.
`, "`"),
Example: heredoc.Doc(`

8
pkg/cmd/attestation/tufrootverify/tufrootverify.go
View file

@ -24,12 +24,14 @@ func NewTUFRootVerifyCmd(f *cmdutil.Factory, runF func() error) *cobra.Command {
Short: "Verify the TUF repository from a provided TUF root",
Hidden: true,
Long: heredoc.Docf(`
# NOTE: This feature is currently in beta, and subject to change.
Verify a TUF repository with a local TUF root.
The command requires you provide the %[1]s--mirror%[1]s flag, which should be the URL
The command requires you provide the %[1]s--mirror%[1]s flag, which should be the URL
of the TUF repository mirror.
The command also requires you provide the %[1]s--root%[1]s flag, which should be the
The command also requires you provide the %[1]s--root%[1]s flag, which should be the
path to the TUF root file.
GitHub relies on TUF to securely deliver the trust root for our signing authority.

2
pkg/cmd/attestation/verify/verify.go
View file

@ -25,6 +25,8 @@ func NewVerifyCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command
Args: cmdutil.ExactArgs(1, "must specify file path or container image URI, as well as one of --owner or --repo"),
Short: "Verify an artifact's integrity using attestations",
Long: heredoc.Docf(`
# NOTE: This feature is currently in beta, and subject to change.
Verify the integrity and provenance of an artifact using its associated
cryptographically signed attestations.