deprecate COSIGN_REPOSITORY in favor of provenanceRepository

Signed-off-by: saisatishkarra <saisatish.karra@konghq.com>
slsa-framework · Jan 22, 2024 · 93ddb5d · 93ddb5d
1 parent 36bf836
commit 93ddb5d
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 32 deletions.
diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go
@@ -76,7 +76,7 @@ func verifyArtifactCmd() *cobra.Command {
 }
 
 func verifyImageCmd() *cobra.Command {
-	o := &verify.VerifyImageOptions{}
+	o := &verify.VerifyOptions{}
 
 	cmd := &cobra.Command{
 		Use: "verify-image [flags] image",

diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go
@@ -38,8 +38,9 @@ type VerifyOptions struct {
 	BuildWorkflowInputs workflowInputs
 	BuilderID           string
 	/* Other */
-	ProvenancePath  string
-	PrintProvenance bool
+	ProvenancePath       string
+	ProvenanceRepository string
+	PrintProvenance      bool
 }
 
 var _ Interface = (*VerifyOptions)(nil)
@@ -67,31 +68,16 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.ProvenancePath, "provenance-path", "",
 		"path to a provenance file")
 
+	cmd.Flags().StringVar(&o.ProvenanceRepository, "provenance-repository", "",
+		"image repository for provenance with format: <registry>/<repository>")
+
 	cmd.Flags().BoolVar(&o.PrintProvenance, "print-provenance", false,
 		"[optional] print the verified provenance to stdout")
 
 	cmd.MarkFlagRequired("source-uri")
 	cmd.MarkFlagsMutuallyExclusive("source-versioned-tag", "source-tag")
 }
 
-// VerifyImageOptions is the top-level options for the `verifyImage` command
-
-type VerifyImageOptions struct {
-	VerifyOptions
-	/* Other */
-	ProvenanceRepository string
-}
-
-var _ Interface = (*VerifyImageOptions)(nil)
-
-// AddFlags implements Interface.
-func (o *VerifyImageOptions) AddFlags(cmd *cobra.Command) {
-	o.VerifyOptions.AddFlags(cmd)
-
-	cmd.Flags().StringVar(&o.ProvenanceRepository, "provenance-repository", "",
-		"image repository for provenance with format: <registry>/<repository>. When set, overrides COSIGN_REPOSITORY environment variable")
-}
-
 // VerifyNpmOptions is the top-level options for the `verifyNpmPackage` command.
 type VerifyNpmOptions struct {
 	VerifyOptions

diff --git a/cli/slsa-verifier/verify/verify_image.go b/cli/slsa-verifier/verify/verify_image.go
@@ -72,10 +72,7 @@ func (c *VerifyImageCommand) Exec(ctx context.Context, artifacts []string) (*uti
 		}
 	}
 
-	var verifiedProvenance []byte
-	var outBuilderID *utils.TrustedBuilderID
-
-	verifiedProvenance, outBuilderID, err = verifiers.VerifyImage(ctx, artifacts[0], provenance, provenanceOpts, builderOpts)
+	verifiedProvenance, outBuilderID, err := verifiers.VerifyImage(ctx, artifacts[0], provenance, provenanceOpts, builderOpts)
 
 	if err != nil {
 		return nil, err

diff --git a/verifiers/internal/gha/verifier.go b/verifiers/internal/gha/verifier.go
@@ -257,17 +257,11 @@ func (v *GHAVerifier) VerifyImage(ctx context.Context,
 
 	var provenanceTargetRepository name.Repository
 	// Consume input for --provenance-repository when set
-	if *provenanceOpts.ExpectedProvenanceRepository != "" {
+	if provenanceOpts.ExpectedProvenanceRepository != nil {
 		provenanceTargetRepository, err = name.NewRepository(*provenanceOpts.ExpectedProvenanceRepository)
 		if err != nil {
 			return nil, nil, err
 		}
-	} else {
-		// If user input --provenance-repository is empty, look for COSIGN_REPOSITORY environment
-		provenanceTargetRepository, err = ociremote.GetEnvTargetRepository()
-		if err != nil {
-			return nil, nil, err
-		}
 	}
 
 	registryClientOpts := []ociremote.Option{}