MCPcopy
hub / github.com/cli/cli / runVerify

Function runVerify

pkg/cmd/attestation/verify/verify.go:264–349  ·  view source on GitHub ↗
(opts *Options)

Source from the content-addressed store, hash-verified

262}
263
264func runVerify(opts *Options) error {
265 ec, err := newEnforcementCriteria(opts)
266 if err != nil {
267 opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to build verification policy"))
268 return err
269 }
270
271 if err := ec.Valid(); err != nil {
272 opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Invalid verification policy"))
273 return err
274 }
275
276 artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm)
277 if err != nil {
278 opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ Loading digest for %s failed\n"), opts.ArtifactPath)
279 return err
280 }
281
282 opts.Logger.Printf("Loaded digest %s for %s\n", artifact.DigestWithAlg(), artifact.URL)
283
284 attestations, logMsg, err := getAttestations(opts, *artifact)
285 if err != nil {
286 if ok := errors.Is(err, api.ErrNoAttestationsFound); ok {
287 opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ No attestations found for subject %s\n"), artifact.DigestWithAlg())
288 return err
289 }
290 // Print the message signifying failure fetching attestations
291 opts.Logger.Println(opts.Logger.ColorScheme.Red(logMsg))
292 return err
293 }
294 // Print the message signifying success fetching attestations
295 opts.Logger.Println(logMsg)
296
297 // print information about the policy that will be enforced against attestations
298 opts.Logger.Println("\nThe following policy criteria will be enforced:")
299 opts.Logger.Println(ec.BuildPolicyInformation())
300
301 verified, errMsg, err := verifyAttestations(*artifact, attestations, opts.SigstoreVerifier, ec)
302 if err != nil {
303 opts.Logger.Println(opts.Logger.ColorScheme.Red(errMsg))
304 return err
305 }
306
307 opts.Logger.Println(opts.Logger.ColorScheme.Green("✓ Verification succeeded!\n"))
308
309 // If an exporter is provided with the --json flag, write the results to the terminal in JSON format
310 if opts.exporter != nil {
311 // print the results to the terminal as an array of JSON objects
312 if err = opts.exporter.Write(opts.Logger.IO, verified); err != nil {
313 opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to write JSON output"))
314 return err
315 }
316 return nil
317 }
318
319 opts.Logger.Printf("The following %s matched the policy criteria\n\n", text.Pluralize(len(verified), "attestation"))
320
321 // Otherwise print the results to the terminal

Callers 7

NewVerifyCmdFunction · 0.85
TestVerifyIntegrationFunction · 0.85
TestJSONOutputFunction · 0.85
TestRunVerifyFunction · 0.85

Calls 14

DigestWithAlgMethod · 0.95
PluralizeFunction · 0.92
newEnforcementCriteriaFunction · 0.85
getAttestationsFunction · 0.85
verifyAttestationsFunction · 0.85
extractAttestationDetailFunction · 0.85
PrintlnMethod · 0.80
RedMethod · 0.80
ValidMethod · 0.80
GreenMethod · 0.80
PrintBulletPointsMethod · 0.80