Handle multiple results from run

Signed-off-by: John Kjell <[email protected]>

cmd/run.go

@@ -68,11 +68,6 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
 		return fmt.Errorf("no signers found")
 	}
 
-	out, err := loadOutfile(ro.OutFilePath)
-	if err != nil {
-		return fmt.Errorf("failed to open out file: %w", err)
-	}
-
 	timestampers := []timestamp.Timestamper{}
 	for _, url := range ro.TimestampServers {
 		timestampers = append(timestampers, timestamp.NewTimestamper(timestamp.TimestampWithUrl(url)))
@@ -109,7 +104,7 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
 			continue
 		}
 
-		attestor, err = registry.SetOptions(attestor, setters...)
+		attestor, err := registry.SetOptions(attestor, setters...)
 		if err != nil {
 			return fmt.Errorf("failed to set attestor option for %v: %w", attestor.Type(), err)
 		}
@@ -124,8 +119,7 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
 		roHashes = append(roHashes, cryptoutil.DigestValue{Hash: hash, GitOID: false})
 	}
 
-	defer out.Close()
-	result, err := witness.Run(
+	results, err := witness.ExportedRun(
 		ro.StepName,
 		signers[0],
 		witness.RunWithAttestors(attestors),
@@ -136,23 +130,30 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
 		return err
 	}
 
-	signedBytes, err := json.Marshal(&result.SignedEnvelope)
-	if err != nil {
-		return fmt.Errorf("failed to marshal envelope: %w", err)
-	}
+	for _, result := range results {
+		signedBytes, err := json.Marshal(&result.SignedEnvelope)
+		if err != nil {
+			return fmt.Errorf("failed to marshal envelope: %w", err)
+		}
 
-	if _, err := out.Write(signedBytes); err != nil {
-		return fmt.Errorf("failed to write envelope to out file: %w", err)
-	}
+		out, err := loadOutfile(ro.OutFilePath + result.AttestorName + ".json")
+		if err != nil {
+			return fmt.Errorf("failed to open out file: %w", err)
+		}
+		defer out.Close()
 
-	if ro.ArchivistaOptions.Enable {
-		archivistaClient := archivista.New(ro.ArchivistaOptions.Url)
-		if gitoid, err := archivistaClient.Store(ctx, result.SignedEnvelope); err != nil {
-			return fmt.Errorf("failed to store artifact in archivista: %w", err)
-		} else {
-			log.Infof("Stored in archivista as %v\n", gitoid)
+		if _, err := out.Write(signedBytes); err != nil {
+			return fmt.Errorf("failed to write envelope to out file: %w", err)
 		}
-	}
 
+		if ro.ArchivistaOptions.Enable {
+			archivistaClient := archivista.New(ro.ArchivistaOptions.Url)
+			if gitoid, err := archivistaClient.Store(ctx, result.SignedEnvelope); err != nil {
+				return fmt.Errorf("failed to store artifact in archivista: %w", err)
+			} else {
+				log.Infof("Stored in archivista as %v\n", gitoid)
+			}
+		}
+	}
 	return nil
 }

go.mod

@@ -1,6 +1,8 @@
 module github.com/in-toto/witness
 
-go 1.19
+go 1.21
+
+toolchain go1.21.4
 
 require (
 	github.com/in-toto/go-witness v0.2.3
@@ -56,6 +58,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
 	github.com/in-toto/archivista v0.2.0 // indirect
+	github.com/in-toto/attestation v1.0.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -118,3 +121,5 @@ replace github.com/sigstore/rekor => github.com/testifysec/rekor v0.4.0-dsse-int
 replace github.com/gin-gonic/gin v1.5.0 => github.com/gin-gonic/gin v1.7.7
 
 replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
+
+replace github.com/in-toto/go-witness => ../go-witness