Invert upload flag to allow for not uploading attestation #979
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The
cosign attest
command has an--upload
flag, designed to tell cosign to upload the generated attestation to the registry.However, this bool value is set to
true
by default, which ends up meaning that there's no way to instruct cosign not to upload the generated attestation (IIUC).This PR changes the flag to
--no-upload
, which inverts the logic and behaves as you'd expect. Without the flag, the attestation is uploaded. With the flag, the attestation is not uploaded, and instead, the attestation DSSE is sent to stdout.Note: This is a breaking change for the CLI, since it removes an existing flag. The flag hadn't been affecting cosign's execution, so I'm not sure how many folks were using it. But regardless, I'm happy to approach this a different way to make the change non-breaking, just let me know!
Ticket Link
N/A
Release Note