feat: attach: allow passing multiple payloads

Fixed #2052 Signed-off-by: Furkan <[email protected]> Co-authored-by: Batuhan <[email protected]>
sigstore · Jul 20, 2022 · 7731763 · 7731763
1 parent 8f2c36d
commit 7731763
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 14 deletions.
diff --git a/cmd/cosign/cli/attach.go b/cmd/cosign/cli/attach.go
@@ -84,12 +84,16 @@ func attachAttestation() *cobra.Command {
 	o := &options.AttachAttestationOptions{}
 
 	cmd := &cobra.Command{
-		Use:     "attestation",
-		Short:   "Attach attestation to the supplied container image",
-		Example: "  cosign attach attestation <image uri>",
-		Args:    cobra.ExactArgs(1),
+		Use:   "attestation",
+		Short: "Attach attestation to the supplied container image",
+		Example: `  cosign attach attestation --attestation <payload path> <image uri>
+
+  # attach multiple attestations to a container image
+  cosign attach attestation --attestation <payload path> --attestation <payload path> <image uri>`,
+
+		Args: cobra.MinimumNArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return attach.AttestationCmd(cmd.Context(), o.Registry, o.Attestation, args[0])
+			return attach.AttachCmd(cmd.Context(), o.Registry, o.Attestations, args[0])
 		},
 	}
 

diff --git a/cmd/cosign/cli/attach/attestation.go → cmd/cosign/cli/attach/attach.go b/cmd/cosign/cli/attach/attestation.go → cmd/cosign/cli/attach/attach.go
@@ -29,12 +29,22 @@ import (
 	"github.com/sigstore/cosign/pkg/types"
 )
 
-func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signedPayload, imageRef string) error {
+func AttachCmd(ctx context.Context, regOpts options.RegistryOptions, signedPayloads []string, imageRef string) error {
 	ociremoteOpts, err := regOpts.ClientOpts(ctx)
 	if err != nil {
 		return fmt.Errorf("constructing client options: %w", err)
 	}
 
+	for _, payload := range signedPayloads {
+		if err := attach(ociremoteOpts, payload, imageRef); err != nil {
+			return fmt.Errorf("attaching payload from %s: %v", payload, err)
+		}
+	}
+
+	return nil
+}
+
+func attach(remoteOpts []ociremote.Option, signedPayload, imageRef string) error {
 	fmt.Fprintln(os.Stderr, "Using payload from:", signedPayload)
 	payload, err := os.ReadFile(signedPayload)
 	if err != nil {
@@ -62,7 +72,7 @@ func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signed
 	if err != nil {
 		return err
 	}
-	digest, err := ociremote.ResolveDigest(ref, ociremoteOpts...)
+	digest, err := ociremote.ResolveDigest(ref, remoteOpts...)
 	if err != nil {
 		return err
 	}
@@ -77,7 +87,7 @@ func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signed
 		return err
 	}
 
-	se, err := ociremote.SignedEntity(digest, ociremoteOpts...)
+	se, err := ociremote.SignedEntity(digest, remoteOpts...)
 	if err != nil {
 		return err
 	}
@@ -88,5 +98,5 @@ func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signed
 	}
 
 	// Publish the signatures associated with this entity
-	return ociremote.WriteAttestations(digest.Repository, newSE, ociremoteOpts...)
+	return ociremote.WriteAttestations(digest.Repository, newSE, remoteOpts...)
 }
diff --git a/cmd/cosign/cli/options/attach.go b/cmd/cosign/cli/options/attach.go
@@ -104,14 +104,14 @@ func (o *AttachSBOMOptions) MediaType() (types.MediaType, error) {
 
 // AttachAttestationOptions is the top level wrapper for the attach attestation command.
 type AttachAttestationOptions struct {
-	Attestation string
-	Registry    RegistryOptions
+	Attestations []string
+	Registry     RegistryOptions
 }
 
 // AddFlags implements Interface
 func (o *AttachAttestationOptions) AddFlags(cmd *cobra.Command) {
 	o.Registry.AddFlags(cmd)
 
-	cmd.Flags().StringVar(&o.Attestation, "attestation", "",
+	cmd.Flags().StringArrayVarP(&o.Attestations, "attestation", "", nil,
 		"path to the attestation envelope")
 }
diff --git a/doc/cosign_attach_attestation.md b/doc/cosign_attach_attestation.md