Skip to content
This repository was archived by the owner on Jun 26, 2024. It is now read-only.
This repository was archived by the owner on Jun 26, 2024. It is now read-only.

Extract data from .bindl-lock.yaml #55

Open
Open
Extract data from .bindl-lock.yaml#55
Labels
uxEnsures a good time when using the product
@wilsonehusin

Description

@wilsonehusin
wilsonehusin
opened on Apr 12, 2022

I would like a command (e.g. bindl export) to extract data available in .bindl-lock.yaml to a file or STDOUT. This would help users to independently verify signatures that we store in .bindl-lock.yaml.

Roughly speaking, how do we make it easy to do a workflow like (not verbatim) the following:

❯ bindl get goreleaser
❯ bindl export goreleaser.cosign[0].artifact > goreleaser-checksums.txt
❯ bindl export goreleaser.cosign[0].certificate > goreleaser-checksums.txt.pem
❯ bindl export goreleaser.cosign[0].signature > goreleaser-checksums.txt.sig
❯ cosign verify-blob goreleaser-checksums.txt \
    --signature goreleaser-checksums.txt.sig \
    --cert goreleaser-checksums.txt.pem

Metadata

Metadata

Assignees

No one assigned

    Labels

    uxEnsures a good time when using the product

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions