Skip to content

Commit

Permalink
feat: add output caps, tests, docs
Browse files Browse the repository at this point in the history
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
  • Loading branch information
developer-guy authored and Dentrax committed Oct 5, 2022
1 parent 218d828 commit 3bd2369
Show file tree
Hide file tree
Showing 8 changed files with 108 additions and 14 deletions.
14 changes: 9 additions & 5 deletions cmd/cosign/cli/dockerfile.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,15 @@ func dockerfileResolve() *cobra.Command {
o := &options.ResolveDockerfileOptions{}

cmd := &cobra.Command{
Use: "resolve",
Short: "",
Long: ``,
Example: ``,
Args: cobra.ExactArgs(1),
Use: "resolve",
Short: "Resolve the digest of the images and rewrites them with fully qualified image reference",
Long: ``,
Example: ` cosign dockerfile resolve Dockerfile
# specify output file
cosign dockerfile resolve -o Dockerfile.edited Dockerfile
`,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
v := &dockerfile.ResolveDockerfileCommand{
Output: o.Output,
Expand Down
25 changes: 22 additions & 3 deletions cmd/cosign/cli/dockerfile/resolve.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
// Copyright 2021 The Sigstore Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package dockerfile

import (
Expand All @@ -6,12 +20,13 @@ import (
"context"
"flag"
"fmt"
"github.com/google/go-containerregistry/pkg/name"
"github.com/sigstore/cosign/pkg/oci/remote"
"io"
"os"
"strings"

"github.com/google/go-containerregistry/pkg/name"
"github.com/sigstore/cosign/pkg/oci/remote"

"github.com/pkg/errors"
)

Expand All @@ -38,7 +53,11 @@ func (c *ResolveDockerfileCommand) Exec(ctx context.Context, args []string) erro
return fmt.Errorf("failed extracting images from Dockerfile: %w", err)
}

fmt.Fprintln(os.Stderr, string(resolvedDockerfile))
if c.Output != "" {
_ = os.WriteFile(c.Output, resolvedDockerfile, 0600)
} else {
_, _ = fmt.Fprintln(os.Stdout, string(resolvedDockerfile))
}

return nil
}
Expand Down
14 changes: 14 additions & 0 deletions cmd/cosign/cli/dockerfile/resolve_test.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
// Copyright 2021 The Sigstore Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package dockerfile

import (
Expand Down
1 change: 0 additions & 1 deletion cmd/cosign/cli/dockerfile/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@ func getImagesFromDockerfile(dockerfile io.Reader) ([]string, error) {
fileScanner := bufio.NewScanner(dockerfile)
for fileScanner.Scan() {
line := strings.TrimSpace(fileScanner.Text())
// what about the COPY --from=image:tag cases?
if strings.HasPrefix(strings.ToUpper(line), "FROM") {
switch image := getImageFromLine(line); image {
case "scratch":
Expand Down
23 changes: 19 additions & 4 deletions cmd/cosign/cli/options/dockerfile.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,25 @@
//
// Copyright 2021 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package options

import (
"github.com/spf13/cobra"
)

// ResolveDockerfileOptions is the top level wrapper for the `verify blob` command.
// ResolveDockerfileOptions is the top level wrapper for the `dockerfile resolve` command.
type ResolveDockerfileOptions struct {
Output string
}
Expand All @@ -13,6 +28,6 @@ var _ Interface = (*ResolveDockerfileOptions)(nil)

// AddFlags implements Interface
func (o *ResolveDockerfileOptions) AddFlags(cmd *cobra.Command) {
cmd.Flags().StringVar(&o.Output, "output", "",
"output an updated Dockerfile to file")
}
cmd.Flags().StringVarP(&o.Output, "output", "o",
"", "output an updated Dockerfile to file")
}
3 changes: 2 additions & 1 deletion doc/cosign_dockerfile.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

37 changes: 37 additions & 0 deletions doc/cosign_dockerfile_resolve.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions test/e2e_test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,16 @@ go test -tags=e2e -race $(go list ./... | grep -v third_party/)

# Test `cosign dockerfile verify`
export COSIGN_EXPERIMENTAL=true

./cosign dockerfile verify ./test/testdata/single_stage.Dockerfile
if (./cosign dockerfile verify ./test/testdata/unsigned_build_stage.Dockerfile); then false; fi
./cosign dockerfile verify --base-image-only ./test/testdata/unsigned_build_stage.Dockerfile
./cosign dockerfile verify ./test/testdata/fancy_from.Dockerfile
test_image="ghcr.io/distroless/alpine-base" ./cosign dockerfile verify ./test/testdata/with_arg.Dockerfile

# Test dockerfile resolve and verify
./cosign dockerfile resolve -o ./test/testdata/fancy_from.Dockerfile.resolved ./test/testdata/fancy_from.Dockerfile
./cosign dockerfile verify --key ${DISTROLESS_PUB_KEY} ./test/testdata/fancy_from.Dockerfile.resolved
# Image exists, but is unsigned
if (test_image="ubuntu" ./cosign dockerfile verify ./test/testdata/with_arg.Dockerfile); then false; fi
./cosign dockerfile verify ./test/testdata/with_lowercase.Dockerfile
Expand Down

0 comments on commit 3bd2369

Please sign in to comment.