MCPcopy
hub / github.com/cli/cli / fetchBundleFromAttestations

Method fetchBundleFromAttestations

pkg/cmd/attestation/api/client.go:185–221  ·  view source on GitHub ↗
(attestations []*Attestation)

Source from the content-addressed store, hash-verified

183}
184
185func (c *LiveClient) fetchBundleFromAttestations(attestations []*Attestation) ([]*Attestation, error) {
186 fetched := make([]*Attestation, len(attestations))
187 g := errgroup.Group{}
188 for i, a := range attestations {
189 g.Go(func() error {
190 if a.Bundle == nil && a.BundleURL == "" {
191 return fmt.Errorf("attestation has no bundle or bundle URL")
192 }
193
194 // for now, we fall back to the bundle field if the bundle URL is empty
195 if a.BundleURL == "" {
196 c.logger.VerbosePrintf("Bundle URL is empty. Falling back to bundle field\n\n")
197 fetched[i] = &Attestation{
198 Bundle: a.Bundle,
199 }
200 return nil
201 }
202
203 // otherwise fetch the bundle with the provided URL
204 b, err := c.getBundle(a.BundleURL)
205 if err != nil {
206 return fmt.Errorf("failed to fetch bundle with URL: %w", err)
207 }
208 fetched[i] = &Attestation{
209 Bundle: b,
210 }
211
212 return nil
213 })
214 }
215
216 if err := g.Wait(); err != nil {
217 return nil, err
218 }
219
220 return fetched, nil
221}
222
223func (c *LiveClient) getBundle(url string) (*bundle.Bundle, error) {
224 c.logger.VerbosePrintf("Fetching attestation bundle with bundle URL\n\n")

Calls 4

getBundleMethod · 0.95
VerbosePrintfMethod · 0.80
ErrorfMethod · 0.65
WaitMethod · 0.65