pull over doc updates

Signed-off-by: Meredith Lancaster <malancas@github.com>

pkg/cmd/attestation/download/download.go

@@ -21,35 +21,39 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command {
 	downloadCmd := &cobra.Command{
 		Use:   "download [<file path> | oci://<OCI image URI>]",
 		Args:  cobra.ExactArgs(1),
-		Short: "Download trusted metadata about a binary artifact for offline use",
+		Short: "Download an artifact's Sigstore bundle(s) for offline use",
 		Long: heredoc.Docf(`
-			Download trusted metadata about a binary artifact for offline use.
+			Download an artifact's Sigstore bundle(s) for offline use.
 			
-			The command accepts either:
-			* a relative path to a local artifact
-			* a container image URI (e.g. oci://<my-OCI-URI>) 
+			The command requires either:
+			* a relative path to a local artifact, or
+			* a container image URI (e.g. %[1]soci://<my-OCI-image-URI>%[1]s)
 
-			Note that you must already be authenticated with a container registry 
-			if you provide an OCI image URI as the artifact.
+			Note that if you provide an OCI URI for the artifact you must already
+			be authenticated with a container registry.
 
-			The command also requires you provide either the %[1]s--owner%[1]s or %[1]s--repo%[1]s flag.
-			The value of the %[1]s--owner%[1]s flag should be the name of the GitHub organization 
-			that the artifact is associated with.
-			The value of the %[1]s--repo%[1]s flag should be the name of the GitHub repository 
-			that the artifact is associated with.
+			In addition, the command also requires either:
+			* the %[1]s--owner%[1]s flag (e.g. github), or
+			* the %[1]s--repo%[1]s flag (e.g. github/example).
 
-			Metadata is written to a file in the current directory named after the artifact's digest.
-			For example, if the artifact's digest is "sha256:1234", the metadata will be 
-			written to "sha256:1234.jsonl".
+			The value of the %[1]s--owner%[1]s flag must match the name of the GitHub
+			organization that the artifact is associated with.
+
+			The value of the %[1]s--repo%[1]s flag must match the name of the GitHub
+			repository that the artifact is associated with.
+
+			The corresponding Sigstore bundle(s) will be written to a file in the
+			current directory named after the artifact's digest. For example, if the
+			artifact's digest is "sha256:1234", the file will be named "sha256:1234.jsonl".
 		`, "`"),
 		Example: heredoc.Doc(`
-			# Download trusted metadata for a local artifact associated with a GitHub organization
+			# Download Sigstore bundle(s) for a local artifact associated with a GitHub organization
 			$ gh attestation download <my-artifact> -o <GitHub organization>
 
-			# Download trusted metadata for a local artifact associated with a GitHub repository
+			# Download Sigstore bundle(s) for a local artifact associated with a GitHub repository
 			$ gh attestation download <my-artifact> -R <GitHub repo>
 
-			# Download trusted metadata for an OCI image associated with a GitHub organization
+			# Download Sigstore bundle(s) for an OCI image associated with a GitHub organization
 			$ gh attestation download oci://<my-OCI-image> -o <GitHub organization>
 		`),
 		// PreRunE is used to validate flags before the command is run
@@ -86,7 +90,7 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command {
 				os.Exit(1)
 			}
 			if err := RunDownload(opts); err != nil {
-				opts.Logger.Println(opts.Logger.ColorScheme.Redf("Failed to download the artifact's trusted metadata: %s", err.Error()))
+				opts.Logger.ColorScheme.Redf("Failed to download the artifact's bundle(s): %s", err.Error())
 				os.Exit(1)
 			}
 		},

pkg/cmd/attestation/inspect/inspect.go

@@ -19,35 +19,35 @@ import (
 func NewInspectCmd(f *cmdutil.Factory) *cobra.Command {
 	opts := &Options{}
 	inspectCmd := &cobra.Command{
-		Use:   "inspect [<file path> | oci://<OCI image URI>]",
+		Use:   "inspect [<file path> | oci://<OCI image URI>] --bundle <path-to-bundle>",
 		Args:  cobra.ExactArgs(1),
-		Short: "Inspect an artifact's trusted metadata bundle",
+		Short: "Inspect a sigstore bundle",
 		Long: heredoc.Docf(`
-			Inspect downloaded trusted metadata associated with a given artifact.
+			Inspect a downloaded Sigstore bundle for a given artifact.
 				
-			The command accepts either:
-			* a relative path to a local artifact
-			* a container image URI (e.g. %[1]soci://<my-OCI-image-URI>%[1]s) 
+			The command requires either:
+			* a relative path to a local artifact, or
+			* a container image URI (e.g. %[1]soci://<my-OCI-image-URI>%[1]s)
 
-			Note that you must already be authenticated with a container registry 
-			if you provide an OCI image URI as the artifact.
+			Note that if you provide an OCI URI for the artifact you must already
+			be authenticated with a container registry.
 
-			The command also requires you provide the path a local trusted metadata bundle with 
-			the %[1]s--bundle%[1]s flag.
-			You can download a trusted metadata bundle using the %[1]sdownload%[1]s command.
+			The command also requires the %[1]s--bundle%[1]s flag, which provides a file
+			path to a previously downloaded Sigstore bundle. (See also the %[1]sdownload%[1]s
+			command).
 
 			By default, the command will print information about the bundle in a table format.
 			If the %[1]s--json-result%[1]s flag is provided, the command will print the 
 			information in JSON format.
 		`, "`"),
 		Example: heredoc.Doc(`
-			# Inspect a local artifact bundle and print the results in table format
+			# Inspect a Sigstore bundle and print the results in table format
 			$ gh attestation inspect <my-artifact> --bundle <path-to-bundle>
 
-			# Inspect a local artifact bundle and print the results in JSON format
+			# Inspect a Sigstore bundle and print the results in JSON format
 			$ gh attestation inspect <my-artifact> --bundle <path-to-bundle> --json-result
 
-			# Inspect an OCI image bundle and print the results in table format
+			# Inspect a Sigsore bundle for an OCI artifact, and print the results in table format
 			$ gh attestation inspect oci://<my-OCI-image> --bundle <path-to-bundle>
 		`),
 		PreRunE: func(cmd *cobra.Command, args []string) error {