-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
move verify-dockerfile
to dockerfile verify
#662
Conversation
/cc @mattmoor |
Signed-off-by: Jake Sanders <jsand@google.com>
d71d5c7
to
0905767
Compare
/cc @developer-guy |
I'm thinking that my concerns about maintainability we'd be taking on by adding new commands and functionality for image discovery would be at least partially ameliorated by formally separating functionality out into different commands. This lets us avoid a situation where we have to support a cross-product of functionality for both a) processing dockerfiles and b) signing/verifying images under a single surface |
return &ffcli.Command{ | ||
Name: "dockerfile", | ||
ShortUsage: "cosign dockerfile", | ||
ShortHelp: "Provides utilities for attaching artifacts to other artifacts in a registry", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sounds wrong
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package dockerfile |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for putting this into its own package 🤩 cli
is getting crowded
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, been splitting subcommand groups into their own folders
Signed-off-by: Jake Sanders <jsand@google.com>
BREAKING
This command group lets us begin splitting up image discovery from image signature creation/verification. Another subcommand I'm imagining is:
dockerfile resolve-images
which resolvesFROM image:tag
s toFROM image@sha256:digest
and either outputs the list of image digests (e.g. for something likecosign dockerfile resolve-images $FILE | xargs cosign verify
) or outputs a re-written file (to STDOUT or in-place).