Skip to content

Update attestation docs to new cli commands #1066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gerrod3 wants to merge 1 commit into
base: main
Choose a base branch
from
+13 −12
Open

Update attestation docs to new cli commands #1066

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/user/guides/_SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
* [Upload and Manage Content](upload.md)
* [Publish and Host Python Content](publish.md)
* [Vulnerability Report](vulnerability_report.md)
* [Attestation Hosting](attestation.md)
24 changes: 12 additions & 12 deletions docs/user/guides/attestation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,12 @@ repositories. The provenance objects will be available through the Simple API an
Attestations can be uploaded to Pulp with its package as a JSON list under the field `attestations`.

```bash
att=$(jq '[.]' twine-6.2.0.tar.gz.publish.attestation)
# multiple attestation files can be combined using --slurp and '.', jq --slurp '.' att1 att2 ...
http POST $PULP_API/pulp/api/v3/content/python/packages/ \
repository="$PYTHON_REPO_HREF" \
relative_path=twine-6.2.0.tar.gz \
artifact=$PACKAGE_ARTIFACT_PRN \
attestations:="$att"
pulp python content create \
--relative-path twine-6.2.0.tar.gz \
--file twine-6.2.0.tar.gz \
--repository $REPO_PRN \
--attestation twine-6.2.0.tar.gz.publish.attestation
# --attestation can be specified multiple times to attach many attestations with a package
```

The uploaded attestations can be found in the created Provenance object attached to the content in
Expand Down Expand Up @@ -61,10 +60,11 @@ twine upload --repository-url $PULP_API/pypi/foo/simple/ --attestations dist/*
Provenance content can be directly uploaded to Pulp through its content endpoint.

```bash
http POST $PULP_API/pulp/api/v3/content/python/provenance/ --form \
file@twine.provenance \
package="$PACKAGE_PRN" \
repository="$REPO_PRN"
pulp python content -t provenance create
--file twine.provenance
--package $TWINE_PRN
--repository $REPO_PRN
# you can also specify a package through its sha256
```

Provenance objects are artifactless content, their data is stored in a json field and are unique by
Expand All @@ -75,7 +75,7 @@ one. Since provenance objects are content they can be added, removed, and synced
To sync provenance objects from an upstream repository set the `provenance` field on the remote.

```bash
http PATCH $PULP_API/$FOO_REMOTE_HREF provenance=true
pulp python remote update --name foo --provenance
pulp python repository sync --repository foo --remote foo
```

Expand Down