in cmd/push.go [37:147]
func pushCmd() *cobra.Command {
var opts pushOpts
var pushCmd = &cobra.Command{
Use: "push",
Short: "Push the SPDX SBOM to the registry",
Long: `Push the SDPX with the annotations to an OCI registry
Example - Push an SPDX SBOM to a registry
obom push -f spdx.json localhost:5000/spdx:latest
Example - Push an SPDX SBOM to a registry with annotations
obom push -f spdx.json localhost:5000/spdx:latest --annotation key1=value1 --annotation key2=value2
Example - Push an SPDX SBOM to a registry with strict SPDX parsing disabled
obom push -f spdx.json localhost:5000/spdx:latest --disable-strict
Example - Push an SPDX SBOM to a registry with annotations
obom push -f spdx.json localhost:5000/spdx:latest --annotation key1=value1 --annotation key2=value2
Example - Push an SPDX SBOM to a registry with annotations and credentials
obom push -f spdx.json localhost:5000/spdx:latest --annotation key1=value1 --annotation key2=value2 --username user --password pass
Example - Push an SPDX SBOM to a registry with attached artifacts where the key is the artifactType and the value is the path to the artifact
obom push -f spdx.json localhost:5000/spdx:latest --attach vnd.example.artifactType=/path/to/artifact --attach vnd.example.artifactType=/path/to/artifact2
`,
Run: func(cmd *cobra.Command, args []string) {
// get the reference as the first argument
opts.reference = args[0]
// validate if reference is valid
ref, err := registry.ParseReference(opts.reference)
if err != nil {
fmt.Println("Error parsing reference:", err)
os.Exit(1)
}
// parse the annotations from the flags
inputAnnotations, err := parseAnnotationFlags(opts.ManifestAnnotations)
if err != nil {
fmt.Println("Error parsing annotations:", err)
os.Exit(1)
}
// parse the attach artifacts from the flags
attachArtifacts, err := parseAttachArtifactFlags(opts.attachArtifacts)
if err != nil {
fmt.Println("Error parsing attach artifacts:", err)
os.Exit(1)
}
// set the strict mode to the opposite of the disableStrict flag
strict := !opts.disableStrict
sbom, desc, bytes, err := obom.LoadSBOMFromFile(opts.filename, strict)
if err != nil {
fmt.Println("Error loading SBOM:", err)
os.Exit(1)
}
print.PrintSBOMSummary(sbom, desc)
annotations, err := obom.GetAnnotations(sbom)
if err != nil {
fmt.Println("Error getting annotations:", err)
os.Exit(1)
}
// merge the input annotations with the annotations from the SBOM
for k, v := range inputAnnotations {
annotations[k] = v
}
// get the credentials resolver
resolver, err := getCredentialsResolver(ref.Registry, opts.username, opts.password)
if err != nil {
fmt.Println("Error getting credentials resolver:", err)
os.Exit(1)
}
repo, err := getRemoteRepoTarget(opts.reference, resolver)
if err != nil {
fmt.Println("Error getting remote repository:", err)
os.Exit(1)
}
fmt.Printf("Pushing SBOM to %s@%s...\n", opts.reference, desc.Digest)
subject, err := obom.PushSBOM(sbom.Document, desc, bytes, opts.reference, annotations, opts.pushSummary, attachArtifacts, repo)
if err != nil {
fmt.Println("Error pushing SBOM:", err)
os.Exit(1)
}
fmt.Printf("SBOM pushed to %s@%s\n", opts.reference, subject.Digest)
},
}
pushCmd.Flags().StringVarP(&opts.filename, "file", "f", "", "Path to the SPDX SBOM file")
pushCmd.MarkFlagRequired("file")
pushCmd.Flags().StringArrayVarP(&opts.ManifestAnnotations, "annotation", "a", nil, "manifest annotations")
pushCmd.Flags().StringVarP(&opts.username, "username", "u", "", "Username for the registry")
pushCmd.Flags().StringVarP(&opts.password, "password", "p", "", "Password for the registry")
pushCmd.Flags().BoolVarP(&opts.pushSummary, "pushSummary", "s", false, "Push summary blob to the registry")
pushCmd.Flags().BoolVarP(&opts.disableStrict, "disable-strict", "r", false, "Disable strict SPDX parsing as per the SPDX specification. When disabled, obom will fall back to a simple JSON parsing strategy")
pushCmd.Flags().StringArrayVarP(&opts.attachArtifacts, "attach", "t", nil, "Attach artifacts to the SBOM")
// Add positional argument called reference to pushCmd
pushCmd.Args = cobra.ExactArgs(1)
return pushCmd
}