-
-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
163 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "github.com/carapace-sh/carapace" | ||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| var attestationCmd = &cobra.Command{ | ||
| Use: "attestation [subcommand]", | ||
| Short: "Work with artifact attestations", | ||
| Aliases: []string{"at"}, | ||
| Hidden: true, | ||
| Run: func(cmd *cobra.Command, args []string) {}, | ||
| } | ||
|
|
||
| func init() { | ||
| carapace.Gen(attestationCmd).Standalone() | ||
|
|
||
| rootCmd.AddCommand(attestationCmd) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "github.com/carapace-sh/carapace" | ||
| "github.com/carapace-sh/carapace-bin/completers/gh_completer/cmd/action" | ||
| "github.com/carapace-sh/carapace-bin/pkg/actions/tools/gh" | ||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| var attestation_downloadCmd = &cobra.Command{ | ||
| Use: "download [<file-path> | oci://<image-uri>] [--owner | --repo]", | ||
| Short: "Download an artifact's Sigstore bundle(s) for offline use", | ||
| Run: func(cmd *cobra.Command, args []string) {}, | ||
| } | ||
|
|
||
| func init() { | ||
| carapace.Gen(attestation_downloadCmd).Standalone() | ||
|
|
||
| attestation_downloadCmd.Flags().StringP("digest-alg", "d", "", "The algorithm used to compute a digest of the artifact: {sha256|sha512}") | ||
| attestation_downloadCmd.Flags().StringP("limit", "L", "", "Maximum number of attestations to fetch") | ||
| attestation_downloadCmd.Flags().StringP("owner", "o", "", "a GitHub organization to scope attestation lookup by") | ||
| attestation_downloadCmd.Flags().StringP("repo", "R", "", "Repository name in the format <owner>/<repo>") | ||
| attestationCmd.AddCommand(attestation_downloadCmd) | ||
|
|
||
| carapace.Gen(attestation_downloadCmd).FlagCompletion(carapace.ActionMap{ | ||
| "digest-alg": carapace.ActionValues("sha256", "sha512"), | ||
| "owner": gh.ActionOrganizations(gh.HostOpts{}), | ||
| "repo": action.ActionRepoOverride(attestation_downloadCmd), | ||
| }) | ||
|
|
||
| carapace.Gen(attestation_downloadCmd).PositionalCompletion( | ||
| carapace.ActionFiles(), | ||
| ) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "github.com/carapace-sh/carapace" | ||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| var attestation_inspectCmd = &cobra.Command{ | ||
| Use: "inspect [<file path> | oci://<OCI image URI>] --bundle <path-to-bundle>", | ||
| Short: "Inspect a sigstore bundle", | ||
| Hidden: true, | ||
| Run: func(cmd *cobra.Command, args []string) {}, | ||
| } | ||
|
|
||
| func init() { | ||
| carapace.Gen(attestation_inspectCmd).Standalone() | ||
|
|
||
| attestation_inspectCmd.Flags().StringP("bundle", "b", "", "Path to bundle on disk, either a single bundle in a JSON file or a JSON lines file with multiple bundles") | ||
| attestation_inspectCmd.Flags().StringP("digest-alg", "d", "", "The algorithm used to compute a digest of the artifact: {sha256|sha512}") | ||
| attestation_inspectCmd.Flags().String("format", "", "Output format: {json}") | ||
| attestation_inspectCmd.Flags().StringP("jq", "q", "", "Filter JSON output using a jq `expression`") | ||
| attestation_inspectCmd.Flags().StringP("template", "t", "", "Format JSON output using a Go template; see \"gh help formatting\"") | ||
| attestation_inspectCmd.MarkFlagRequired("bundle") | ||
| attestationCmd.AddCommand(attestation_inspectCmd) | ||
|
|
||
| carapace.Gen(attestation_inspectCmd).FlagCompletion(carapace.ActionMap{ | ||
| "bundle": carapace.ActionFiles(), | ||
| "digest-alg": carapace.ActionValues("sha256", "sha512"), | ||
| "format": carapace.ActionValues("json"), | ||
| }) | ||
|
|
||
| carapace.Gen(attestation_inspectCmd).PositionalCompletion( | ||
| carapace.ActionFiles(), | ||
| ) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "github.com/carapace-sh/carapace" | ||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| var attestation_tufRootVerifyCmd = &cobra.Command{ | ||
| Use: "tuf-root-verify --mirror <mirror-url> --root <root.json>", | ||
| Short: "Verify the TUF repository from a provided TUF root", | ||
| Hidden: true, | ||
| Run: func(cmd *cobra.Command, args []string) {}, | ||
| } | ||
|
|
||
| func init() { | ||
| carapace.Gen(attestation_tufRootVerifyCmd).Standalone() | ||
|
|
||
| attestation_tufRootVerifyCmd.Flags().StringP("mirror", "m", "", "URL to the TUF repository mirror") | ||
| attestation_tufRootVerifyCmd.Flags().StringP("root", "r", "", "Path to the TUF root file on disk") | ||
| attestation_tufRootVerifyCmd.MarkFlagRequired("mirror") | ||
| attestation_tufRootVerifyCmd.MarkFlagRequired("root") | ||
| attestationCmd.AddCommand(attestation_tufRootVerifyCmd) | ||
|
|
||
| carapace.Gen(attestation_tufRootVerifyCmd).FlagCompletion(carapace.ActionMap{ | ||
| "root": carapace.ActionFiles(), | ||
| }) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "github.com/carapace-sh/carapace" | ||
| "github.com/carapace-sh/carapace-bin/completers_release/gh_completer/cmd/action" | ||
| "github.com/carapace-sh/carapace-bin/pkg/actions/tools/gh" | ||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| var attestation_verifyCmd = &cobra.Command{ | ||
| Use: "verify [<file-path> | oci://<image-uri>] [--owner | --repo]", | ||
| Short: "Verify an artifact's integrity using attestations", | ||
| Run: func(cmd *cobra.Command, args []string) {}, | ||
| } | ||
|
|
||
| func init() { | ||
| carapace.Gen(attestation_verifyCmd).Standalone() | ||
|
|
||
| attestation_verifyCmd.Flags().StringP("bundle", "b", "", "Path to bundle on disk, either a single bundle in a JSON file or a JSON lines file with multiple bundles") | ||
| attestation_verifyCmd.Flags().String("cert-identity", "", "Enforce that the certificate's subject alternative name matches the provided value exactly") | ||
| attestation_verifyCmd.Flags().StringP("cert-identity-regex", "i", "", "Enforce that the certificate's subject alternative name matches the provided regex") | ||
| attestation_verifyCmd.Flags().String("cert-oidc-issuer", "", "Issuer of the OIDC token") | ||
| attestation_verifyCmd.Flags().String("custom-trusted-root", "", "Path to a custom trustedroot.json file to use for verification") | ||
| attestation_verifyCmd.Flags().Bool("deny-self-hosted-runners", false, "Fail verification for attestations generated on self-hosted runners.") | ||
| attestation_verifyCmd.Flags().StringP("digest-alg", "d", "", "The algorithm used to compute a digest of the artifact: {sha256|sha512}") | ||
| attestation_verifyCmd.Flags().String("format", "", "Output format: {json}") | ||
| attestation_verifyCmd.Flags().StringP("jq", "q", "", "Filter JSON output using a jq `expression`") | ||
| attestation_verifyCmd.Flags().StringP("limit", "L", "", "Maximum number of attestations to fetch") | ||
| attestation_verifyCmd.Flags().Bool("no-public-good", false, "Only verify attestations signed with GitHub's Sigstore instance") | ||
| attestation_verifyCmd.Flags().StringP("owner", "o", "", "GitHub organization to scope attestation lookup by") | ||
| attestation_verifyCmd.Flags().StringP("repo", "R", "", "Repository name in the format <owner>/<repo>") | ||
| attestation_verifyCmd.Flags().StringP("template", "t", "", "Format JSON output using a Go template; see \"gh help formatting\"") | ||
| attestationCmd.AddCommand(attestation_verifyCmd) | ||
|
|
||
| carapace.Gen(attestation_verifyCmd).FlagCompletion(carapace.ActionMap{ | ||
| "bundle": carapace.ActionFiles(), | ||
| "custom-trusted-root": carapace.ActionFiles(), | ||
| "digest-alg": carapace.ActionValues("sha256", "sha512"), | ||
| "format": carapace.ActionValues("json"), | ||
| "owner": gh.ActionOrganizations(gh.HostOpts{}), | ||
| "repo": action.ActionRepoOverride(attestationCmd), | ||
| }) | ||
|
|
||
| carapace.Gen(attestation_verifyCmd).PositionalCompletion( | ||
| carapace.ActionFiles(), | ||
| ) | ||
| } |