Extract data from `.bindl-lock.yaml` #55

wilsonehusin · 2022-04-12T06:05:36Z

I would like a command (e.g. bindl export) to extract data available in .bindl-lock.yaml to a file or STDOUT. This would help users to independently verify signatures that we store in .bindl-lock.yaml.

Roughly speaking, how do we make it easy to do a workflow like (not verbatim) the following:

❯ bindl get goreleaser
❯ bindl export goreleaser.cosign[0].artifact > goreleaser-checksums.txt
❯ bindl export goreleaser.cosign[0].certificate > goreleaser-checksums.txt.pem
❯ bindl export goreleaser.cosign[0].signature > goreleaser-checksums.txt.sig
❯ cosign verify-blob goreleaser-checksums.txt \
    --signature goreleaser-checksums.txt.sig \
    --cert goreleaser-checksums.txt.pem

The text was updated successfully, but these errors were encountered:

wilsonehusin mentioned this issue Apr 12, 2022

✨ Implement cosign verification #54

Merged

wilsonehusin added the ux Ensures a good time when using the product label Apr 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Extract data from `.bindl-lock.yaml` #55

Extract data from `.bindl-lock.yaml` #55

wilsonehusin commented Apr 12, 2022

Extract data from .bindl-lock.yaml #55

Extract data from .bindl-lock.yaml #55

Comments

wilsonehusin commented Apr 12, 2022

Extract data from `.bindl-lock.yaml` #55

Extract data from `.bindl-lock.yaml` #55