Cleanup: Add Digest to the SignedEntity interface. (#2960)

🧹 We have worked around the absence of this in the core interface (while implemented in both `Signed{Entity,Image}`) a variety of places.

This allows us to clean up those workarounds downstream.

/kind cleanup

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>

cmd/cosign/cli/copy/copy.go

@@ -66,7 +66,7 @@ func CopyCmd(ctx context.Context, regOpts options.RegistryOptions, srcImg, dstIm
 
 	if err := walk.SignedEntity(gctx, root, func(ctx context.Context, se oci.SignedEntity) error {
 		// Both of the SignedEntity types implement Digest()
-		h, err := se.(interface{ Digest() (v1.Hash, error) }).Digest()
+		h, err := se.Digest()
 		if err != nil {
 			return err
 		}
@@ -119,7 +119,7 @@ func CopyCmd(ctx context.Context, regOpts options.RegistryOptions, srcImg, dstIm
 	}
 
 	// Now that everything has been copied over, update the tag.
-	h, err := root.(interface{ Digest() (v1.Hash, error) }).Digest()
+	h, err := root.Digest()
 	if err != nil {
 		return err
 	}

pkg/oci/interface.go

@@ -15,7 +15,12 @@
 
 package oci
 
+import v1 "github.com/google/go-containerregistry/pkg/v1"
+
 type SignedEntity interface {
+	// Digest returns the sha256 of this image's manifest.
+	Digest() (v1.Hash, error)
+
 	// Signatures returns the set of signatures currently associated with this
 	// entity, or the empty equivalent if none are found.
 	Signatures() (Signatures, error)

pkg/oci/remote/remote.go

@@ -123,12 +123,8 @@ func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error)
 	return o.TargetRepository.Tag(normalize(h, o.TagPrefix, suffix)), nil
 }
 
-type digestable interface {
-	Digest() (v1.Hash, error)
-}
-
 // signatures is a shared implementation of the oci.Signed* Signatures method.
-func signatures(digestable digestable, o *options) (oci.Signatures, error) {
+func signatures(digestable oci.SignedEntity, o *options) (oci.Signatures, error) {
 	h, err := digestable.Digest()
 	if err != nil {
 		return nil, err
@@ -137,7 +133,7 @@ func signatures(digestable digestable, o *options) (oci.Signatures, error) {
 }
 
 // attestations is a shared implementation of the oci.Signed* Attestations method.
-func attestations(digestable digestable, o *options) (oci.Signatures, error) {
+func attestations(digestable oci.SignedEntity, o *options) (oci.Signatures, error) {
 	h, err := digestable.Digest()
 	if err != nil {
 		return nil, err
@@ -146,7 +142,7 @@ func attestations(digestable digestable, o *options) (oci.Signatures, error) {
 }
 
 // attachment is a shared implementation of the oci.Signed* Attachment method.
-func attachment(digestable digestable, attName string, o *options) (oci.File, error) {
+func attachment(digestable oci.SignedEntity, attName string, o *options) (oci.File, error) {
 	// Try using OCI 1.1 behavior
 	if file, err := attachmentExperimentalOCI(digestable, attName, o); err == nil {
 		return file, nil
@@ -201,7 +197,7 @@ func (f *attached) Payload() ([]byte, error) {
 }
 
 // attachmentExperimentalOCI is a shared implementation of the oci.Signed* Attachment method (for OCI 1.1+ behavior).
-func attachmentExperimentalOCI(digestable digestable, attName string, o *options) (oci.File, error) {
+func attachmentExperimentalOCI(digestable oci.SignedEntity, attName string, o *options) (oci.File, error) {
 	h, err := digestable.Digest()
 	if err != nil {
 		return nil, err

pkg/oci/remote/write.go

@@ -103,7 +103,7 @@ func WriteSignatures(repo name.Repository, se oci.SignedEntity, opts ...Option)
 	}
 
 	// Determine the tag to which these signatures should be published.
-	h, err := se.(digestable).Digest()
+	h, err := se.Digest()
 	if err != nil {
 		return err
 	}
@@ -125,7 +125,7 @@ func WriteAttestations(repo name.Repository, se oci.SignedEntity, opts ...Option
 	}
 
 	// Determine the tag to which these signatures should be published.
-	h, err := se.(digestable).Digest()
+	h, err := se.Digest()
 	if err != nil {
 		return err
 	}