merge main into cose

.dev.goreleaser.yml

@@ -0,0 +1,31 @@
+builds:
+  - main: ./cmd/notation
+    id: notation
+    binary: notation
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - amd64
+      - arm64
+    ignore:
+      - goos: windows
+        goarch: arm64
+    ldflags:
+      - -s -w -X {{.ModulePath}}/internal/version.Version={{.Version}} -X {{.ModulePath}}/internal/version.BuildMetadata=
+archives:
+  - format: tar.gz
+    format_overrides:
+      - goos: windows
+        format: zip
+    files:
+      - LICENSE
+release:
+  prerelease: true
+  header: |
+    ## Notation Weekly Dev Build ({{ .Date }})
+
+    Welcome to this Weekly Dev Build!

.github/workflows/dev-release.yml

@@ -0,0 +1,43 @@
+name: dev-release
+
+on:
+  schedule:
+    - cron: '0 16 * * 0'  # at 16:00 on Sunday (UTC)
+
+jobs:
+  build:
+    name: Weekly Release Notation Binaries
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        go-version: [1.18]
+      fail-fast: true
+    steps:
+      - name: Set up Go ${{ matrix.go-version }}
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set Git User
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+      - name: Create Version Tag
+        run: |
+          # get project version: <SemVer>.dev.<YYYYMMDD>
+          export TAG_VERSION=`cat ./internal/version/version.go | grep "Version = " | awk -F '"' '{print $2}'`.dev.`date +%Y%m%d`
+
+          # create new tag
+          git tag -af $TAG_VERSION -m "For weekly build"
+          git push origin $TAG_VERSION
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release -f ./.dev.goreleaser.yml --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-github.yml

@@ -20,6 +20,12 @@ jobs:
           go-version: ${{ matrix.go-version }}
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set GoReleaser Previous Tag To Be Last Non Weekly Release
+        run: |
+          pre_tag=`git tag --sort=-creatordate --list 'v*' | grep -v dev | head -2 | tail -1`
+          echo "GORELEASER_PREVIOUS_TAG=$pre_tag" >> $GITHUB_ENV
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v3
         with:

cmd/notation/cert_gen.go

@@ -43,14 +43,13 @@ func generateTestCert(opts *certGenerateTestOpts) error {
 	fmt.Println("generated certificates expiring on", rsaLeafCertTuple.Cert.NotAfter.Format(time.RFC3339))
 
 	// write private key
-	keyPath := dir.Path.Localkey(name, dir.KeyExtension)
+	keyPath, certPath := dir.Path.Localkey(name)
 	if err := osutil.WriteFileWithPermission(keyPath, keyBytes, 0600, false); err != nil {
 		return fmt.Errorf("failed to write key file: %v", err)
 	}
 	fmt.Println("wrote key:", keyPath)
 
 	// write self-signed certificate
-	certPath := dir.Path.Localkey(name, dir.CertificateExtension)
 	if err := osutil.WriteFileWithPermission(certPath, append(leafBytes, rootBytes...), 0644, false); err != nil {
 		return fmt.Errorf("failed to write certificate file: %v", err)
 	}

go.mod

@@ -5,13 +5,13 @@ go 1.18
 require (
 	github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f
 	github.com/docker/docker-credential-helpers v0.6.4
-	github.com/notaryproject/notation-core-go v0.0.0-20220811064831-ab66bb390904
-	github.com/notaryproject/notation-go v0.9.0-alpha.1.0.20220811081659-2ec835dc30c3
+	github.com/notaryproject/notation-core-go v0.0.0-20220825082354-b97da9ba79dd
+	github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220824075203-d5b91e16156d
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
-	github.com/veraison/go-cose v1.0.0-rc.1
-	oras.land/oras-go/v2 v2.0.0-rc.1.0.20220727034506-eb13fdfeefa6
+	github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83
+	oras.land/oras-go/v2 v2.0.0-rc.2
 )
 
 require (

go.sum

@@ -11,10 +11,10 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/notaryproject/notation-core-go v0.0.0-20220811064831-ab66bb390904 h1:MpDQVpCqDWUFZbk70aDr3nF0px5zqcVHHqd4VLjbrH4=
-github.com/notaryproject/notation-core-go v0.0.0-20220811064831-ab66bb390904/go.mod h1:KcUBZtOH3r3moiIbQ2h2ZJZ9QCOZ+W0rxHP8KBVnCbY=
-github.com/notaryproject/notation-go v0.9.0-alpha.1.0.20220811081659-2ec835dc30c3 h1:KfZmyvigvFBB8gfULmTjagGbV9qOitEoCZ9iehaQDic=
-github.com/notaryproject/notation-go v0.9.0-alpha.1.0.20220811081659-2ec835dc30c3/go.mod h1:0OMz09CoVfwMfaPQLS7uLzBkduhXoCuGAZ9AMCR5JoE=
+github.com/notaryproject/notation-core-go v0.0.0-20220825082354-b97da9ba79dd h1:iiVUK2KzisgTZ/78IHxVijHzUDrDzI0BoFUJy1oLffg=
+github.com/notaryproject/notation-core-go v0.0.0-20220825082354-b97da9ba79dd/go.mod h1:vRFI64uedpKUChiadJ/2q8jJNdKtxHa7Er1JbSnm8AY=
+github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220824075203-d5b91e16156d h1:W5zUgwJcrTf83MBpp1vMDVgHLXw9ygmnVU0F6rS8dAs=
+github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220824075203-d5b91e16156d/go.mod h1:paAgugG2Hh9Zi6WJGfHk1Kk+ubOVxNmCab9nCU3P++4=
 github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU=
 github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -31,8 +31,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/veraison/go-cose v1.0.0-rc.1 h1:4qA7dbFJGvt7gcqv5MCIyCQvN+NpHFPkW7do3EeDLb8=
-github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4=
+github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs=
+github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
@@ -43,5 +43,5 @@ golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBc
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-oras.land/oras-go/v2 v2.0.0-rc.1.0.20220727034506-eb13fdfeefa6 h1:fbJtzJbpZCtdaAvjPvjlTf8CGsUE1+mClxyh/MPne6I=
-oras.land/oras-go/v2 v2.0.0-rc.1.0.20220727034506-eb13fdfeefa6/go.mod h1:IZRIoIJqkAH6x0pL3tVnpyPUyZgthjSyPcH2kgJvBMo=
+oras.land/oras-go/v2 v2.0.0-rc.2 h1:dks9BxPg6HQOxn5+jVNuTFl45FuYvHfLQ6wcP7hVRdE=
+oras.land/oras-go/v2 v2.0.0-rc.2/go.mod h1:IZRIoIJqkAH6x0pL3tVnpyPUyZgthjSyPcH2kgJvBMo=

internal/version/version.go

@@ -2,7 +2,7 @@ package version
 
 var (
 	// Version shows the current notation version, optionally with pre-release.
-	Version = "v0.7.1-alpha.1"
+	Version = "v0.10.0-alpha.3"
 
 	// BuildMetadata stores the build metadata.
 	BuildMetadata = "unreleased"

specs/notation-cli.md

@@ -67,7 +67,12 @@ COMMANDS:
    help, h     Shows a list of commands or help for one command
 
 OPTIONS:
-   --help, -h  show help (default: false)
+   --username value, -u value    Username for registry operations [$NOTATION_USERNAME]
+   --password value, -p value    Password for registry operations [$NOTATION_PASSWORD]
+   --help, -h                    show help (default: false)
+
+GLOBAL ARGUMENTS
+   --plain-http                  Registry access via plain HTTP (default: false)
 ```
 
 ## certificate
@@ -123,7 +128,12 @@ USAGE:
    notation list [command options] <reference>
 
 OPTIONS:
-   --help, -h                  show help (default: false)
+   --username value, -u value    Username for registry operations [$NOTATION_USERNAME]
+   --password value, -p value    Password for registry operations [$NOTATION_PASSWORD]
+   --help, -h                    show help (default: false)
+
+GLOBAL ARGUMENTS
+   --plain-http                  Registry access via plain HTTP (default: false)
 ```
 
 ## login
@@ -154,6 +164,9 @@ notation login -u <user> -p <password> registry.example.com
 
 # Login using $NOTATION_USERNAME $NOTATION_PASSWORD variables
 notation login registry.example.com
+
+NOTES
+Once login is completed, then -u -p is no longer required for any notation commands against the registry server authenticated.
 ```
 
 ## plugin
@@ -185,9 +198,14 @@ USAGE:
    notation pull [command options] <reference>
 
 OPTIONS:
+   --username value, -u value  Username for registry operations [$NOTATION_USERNAME]
+   --password value, -p value  Password for registry operations [$NOTATION_PASSWORD]
    --strict                    Pull the signature without lookup the manifest (default: false)
    --output value, -o value    Write signature to a specific path
    --help, -h                  Show help (default: false)
+
+GLOBAL ARGUMENTS
+   --plain-http                Registry access via plain HTTP (default: false)
 ```
 
 ## push
@@ -201,8 +219,13 @@ USAGE:
    notation push [command options] <reference>
 
 OPTIONS:
+   --username value, -u value             Username for registry operations [$NOTATION_USERNAME]
+   --password value, -p value             Password for registry operations [$NOTATION_PASSWORD]
    --signature value, -s value, -f value  signature files  (accepts multiple inputs)
    --help, -h                             show help (default: false)
+
+GLOBAL ARGUMENTS
+   --plain-http                           Registry access via plain HTTP (default: false)
 ```
 
 ## sign
@@ -227,7 +250,12 @@ OPTIONS:
    --push                       push after successful signing (default: true)
    --push-reference value       different remote to store signature
    --media-type value           specify the media type of the manifest read from file or stdin (default: "application/vnd.docker.distribution.manifest.v2+json")
+   --username value, -u value   Username for registry operations [$NOTATION_USERNAME]
+   --password value, -p value   Password for registry operations [$NOTATION_PASSWORD]
    --help, -h                   show help (default: false)
+
+GLOBAL ARGUMENTS
+   --plain-http                 Registry access via plain HTTP (default: false)
 ```
 
 ## verify
@@ -247,5 +275,10 @@ OPTIONS:
    --pull                                 pull remote signatures before verification (default: true)
    --local, -l                            reference is a local file (default: false)
    --media-type value                     specify the media type of the manifest read from file or stdin (default: "application/vnd.docker.distribution.manifest.v2+json")
+   --username value, -u value             Username for registry operations [$NOTATION_USERNAME]
+   --password value, -p value             Password for registry operations [$NOTATION_PASSWORD]
    --help, -h                             show help (default: false)
+
+GLOBAL ARGUMENTS
+   --plain-http                           Registry access via plain HTTP (default: false)
 ```