diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index 226968c..bcac636 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -30,7 +30,7 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD ebc.ctx.GetStringFlagValue(predicate), ebc.ctx.GetStringFlagValue(predicateType), ebc.ctx.GetStringFlagValue(key), - ebc.ctx.GetStringFlagValue(keyId), + ebc.ctx.GetStringFlagValue(keyAlias), ebc.ctx.GetStringFlagValue(project), ebc.ctx.GetStringFlagValue(buildName), ebc.ctx.GetStringFlagValue(buildNumber)) @@ -39,7 +39,7 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(ctx *components.Context) error { if !ctx.IsFlagSet(buildNumber) || assertValueProvided(ctx, buildNumber) != nil { - return errorutils.CheckErrorf("'buildNumber' is a mandatory field for creating a Release Bundle evidence: --%s", buildNumber) + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Release Bundle evidence", buildNumber) } return nil } diff --git a/evidence/cli/command_cli.go b/evidence/cli/command_cli.go index 5a550db..b7e9343 100644 --- a/evidence/cli/command_cli.go +++ b/evidence/cli/command_cli.go @@ -49,6 +49,8 @@ func createEvidence(ctx *components.Context) error { command = NewEvidenceReleaseBundleCommand(ctx, execFunc) case buildName: command = NewEvidenceBuildCommand(ctx, execFunc) + case packageName: + command = NewEvidencePackageCommand(ctx, execFunc) default: return errors.New("unsupported subject") } @@ -109,6 +111,7 @@ func evidenceDetailsByFlags(ctx *components.Context) (*coreConfig.ServerDetails, func platformToEvidenceUrls(rtDetails *coreConfig.ServerDetails) { rtDetails.ArtifactoryUrl = utils.AddTrailingSlashIfNeeded(rtDetails.Url) + "artifactory/" rtDetails.EvidenceUrl = utils.AddTrailingSlashIfNeeded(rtDetails.Url) + "evidence/" + rtDetails.MetadataUrl = utils.AddTrailingSlashIfNeeded(rtDetails.Url) + "metadata/" } func assertValueProvided(c *components.Context, fieldName string) error { diff --git a/evidence/cli/command_cli_test.go b/evidence/cli/command_cli_test.go index fba9e8c..fe4d83e 100644 --- a/evidence/cli/command_cli_test.go +++ b/evidence/cli/command_cli_test.go @@ -93,6 +93,43 @@ func TestCreateEvidence_Context(t *testing.T) { }, expectErr: false, }, + { + name: "ValidContext - Package", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(packageName, packageName), + setDefaultValue(packageVersion, packageVersion), + setDefaultValue(packageRepoName, packageRepoName), + setDefaultValue("url", "url"), + }, + expectErr: false, + }, + { + name: "InvalidContext - Missing package version", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(packageName, packageName), + setDefaultValue(packageRepoName, packageRepoName), + setDefaultValue("url", "url"), + }, + expectErr: true, + }, + { + name: "InvalidContext - Missing package repository key", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(packageName, packageName), + setDefaultValue(packageVersion, packageVersion), + setDefaultValue("url", "url"), + }, + expectErr: true, + }, } for _, tt := range tests { diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index 914557a..87fd0a8 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -23,7 +23,7 @@ func (ecc *evidenceCustomCommand) CreateEvidence(_ *components.Context, serverDe ecc.ctx.GetStringFlagValue(predicate), ecc.ctx.GetStringFlagValue(predicateType), ecc.ctx.GetStringFlagValue(key), - ecc.ctx.GetStringFlagValue(keyId), + ecc.ctx.GetStringFlagValue(keyAlias), ecc.ctx.GetStringFlagValue(subjectRepoPath), ecc.ctx.GetStringFlagValue(subjectSha256)) return ecc.execute(createCmd) diff --git a/evidence/cli/command_package.go b/evidence/cli/command_package.go new file mode 100644 index 0000000..73e937a --- /dev/null +++ b/evidence/cli/command_package.go @@ -0,0 +1,48 @@ +package cli + +import ( + "github.com/jfrog/jfrog-cli-artifactory/evidence" + "github.com/jfrog/jfrog-cli-core/v2/plugins/components" + coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" +) + +type evidencePackageCommand struct { + ctx *components.Context + execute execCommandFunc +} + +func NewEvidencePackageCommand(ctx *components.Context, execute execCommandFunc) EvidenceCommands { + return &evidencePackageCommand{ + ctx: ctx, + execute: execute, + } +} + +func (epc *evidencePackageCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := epc.validateEvidencePackageContext(ctx) + if err != nil { + return err + } + + createCmd := evidence.NewCreateEvidencePackage( + serverDetails, + epc.ctx.GetStringFlagValue(predicate), + epc.ctx.GetStringFlagValue(predicateType), + epc.ctx.GetStringFlagValue(key), + epc.ctx.GetStringFlagValue(keyAlias), + epc.ctx.GetStringFlagValue(packageName), + epc.ctx.GetStringFlagValue(packageVersion), + epc.ctx.GetStringFlagValue(packageRepoName)) + return epc.execute(createCmd) +} + +func (epc *evidencePackageCommand) validateEvidencePackageContext(ctx *components.Context) error { + if !ctx.IsFlagSet(packageVersion) || assertValueProvided(ctx, packageVersion) != nil { + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Package evidence", packageVersion) + } + if !ctx.IsFlagSet(packageRepoName) || assertValueProvided(ctx, packageRepoName) != nil { + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Package evidence", packageRepoName) + } + return nil +} diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index 08fde8c..3c5e34d 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -30,7 +30,7 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, erc.ctx.GetStringFlagValue(predicate), erc.ctx.GetStringFlagValue(predicateType), erc.ctx.GetStringFlagValue(key), - erc.ctx.GetStringFlagValue(keyId), + erc.ctx.GetStringFlagValue(keyAlias), erc.ctx.GetStringFlagValue(project), erc.ctx.GetStringFlagValue(releaseBundle), erc.ctx.GetStringFlagValue(releaseBundleVersion)) @@ -39,7 +39,7 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(ctx *components.Context) error { if !ctx.IsFlagSet(releaseBundleVersion) || assertValueProvided(ctx, releaseBundleVersion) != nil { - return errorutils.CheckErrorf("'releaseBundleVersion' is a mandatory field for creating a Release Bundle evidence: --%s", releaseBundleVersion) + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Release Bundle evidence", releaseBundleVersion) } return nil } diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index cc4c6d5..6e30ccb 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -24,6 +24,9 @@ const ( releaseBundleVersion = "release-bundle-version" buildName = "build-name" buildNumber = "build-number" + packageName = "package-name" + packageVersion = "package-version" + packageRepoName = "package-repo-name" // Unique evidence flags predicate = "predicate" @@ -31,7 +34,7 @@ const ( subjectRepoPath = "subject-repo-path" subjectSha256 = "subject-sha256" key = "key" - keyId = "key-name" + keyAlias = "key-alias" ) // Flag keys mapped to their corresponding components.Flag definition. @@ -48,13 +51,16 @@ var flagsMap = map[string]components.Flag{ releaseBundleVersion: components.NewStringFlag(releaseBundleVersion, "Release Bundle version.", func(f *components.StringFlag) { f.Mandatory = false }), buildName: components.NewStringFlag(buildName, "Build name.", func(f *components.StringFlag) { f.Mandatory = false }), buildNumber: components.NewStringFlag(buildNumber, "Build number.", func(f *components.StringFlag) { f.Mandatory = false }), + packageName: components.NewStringFlag(packageName, "Package name.", func(f *components.StringFlag) { f.Mandatory = false }), + packageVersion: components.NewStringFlag(packageVersion, "Package version.", func(f *components.StringFlag) { f.Mandatory = false }), + packageRepoName: components.NewStringFlag(packageRepoName, "Package repository Name.", func(f *components.StringFlag) { f.Mandatory = false }), predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), subjectSha256: components.NewStringFlag(subjectSha256, "Subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), - keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), + keyAlias: components.NewStringFlag(keyAlias, "Key alias", func(f *components.StringFlag) { f.Mandatory = false }), } var commandFlags = map[string][]string{ @@ -69,12 +75,15 @@ var commandFlags = map[string][]string{ releaseBundleVersion, buildName, buildNumber, + packageName, + packageVersion, + packageRepoName, predicate, predicateType, subjectRepoPath, subjectSha256, key, - keyId, + keyAlias, }, } diff --git a/evidence/cli/utils.go b/evidence/cli/utils.go index 6219f4d..944c5cd 100644 --- a/evidence/cli/utils.go +++ b/evidence/cli/utils.go @@ -12,4 +12,5 @@ var subjectTypes = []string{ subjectRepoPath, releaseBundle, buildName, + packageName, } diff --git a/evidence/create_base.go b/evidence/create_base.go index 4004b7c..80b4bf9 100644 --- a/evidence/create_base.go +++ b/evidence/create_base.go @@ -102,6 +102,15 @@ func (c *createEvidenceBase) createArtifactoryClient() (artifactory.ArtifactoryS return utils.CreateUploadServiceManager(c.serverDetails, 1, 0, 0, false, nil) } +func (c *createEvidenceBase) getFileChecksum(path string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + res, err := artifactoryClient.FileInfo(path) + if err != nil { + log.Warn(fmt.Sprintf("file path '%s' does not exist.", path)) + return "", err + } + return res.Checksums.Sha256, nil +} + func createAndSignEnvelope(payloadJson []byte, key string, keyId string) (*dsse.Envelope, error) { // Load private key from file if ec.key is not a path to a file then try to load it as a key keyFile := []byte(key) diff --git a/evidence/create_package.go b/evidence/create_package.go new file mode 100644 index 0000000..2d39a1c --- /dev/null +++ b/evidence/create_package.go @@ -0,0 +1,129 @@ +package evidence + +import ( + "encoding/json" + "fmt" + "github.com/jfrog/jfrog-cli-artifactory/evidence/model" + "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils" + "github.com/jfrog/jfrog-cli-core/v2/utils/config" + coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/artifactory" + "github.com/jfrog/jfrog-client-go/artifactory/services" + "github.com/jfrog/jfrog-client-go/metadata" + "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/log" +) + +const leadArtifactQueryTemplate = `{ + "query": "{versions(filter: {packageId: \"%s\", name: \"%s\", repositoriesIn: [{name: \"%s\"}]}) { edges { node { repos { name leadFilePath } } } } }" +}` + +type createEvidencePackage struct { + createEvidenceBase + packageName string + packageVersion string + packageRepoName string +} + +func NewCreateEvidencePackage(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, packageName, + packageVersion, packageRepoName string) Command { + return &createEvidencePackage{ + createEvidenceBase: createEvidenceBase{ + serverDetails: serverDetails, + predicateFilePath: predicateFilePath, + predicateType: predicateType, + key: key, + keyId: keyId, + }, + packageName: packageName, + packageVersion: packageVersion, + packageRepoName: packageRepoName, + } +} + +func (c *createEvidencePackage) CommandName() string { + return "create-package-evidence" +} + +func (c *createEvidencePackage) ServerDetails() (*config.ServerDetails, error) { + return c.serverDetails, nil +} + +func (c *createEvidencePackage) Run() error { + artifactoryClient, err := c.createArtifactoryClient() + if err != nil { + log.Error("failed to create Artifactory client", err) + return err + } + metadataClient, err := utils.CreateMetadataServiceManager(c.serverDetails, false) + if err != nil { + return err + } + + packageType, err := c.getPackageType(artifactoryClient) + if err != nil { + return err + } + + leadArtifact, err := c.getPackageVersionLeadArtifact(packageType, metadataClient) + if err != nil { + return err + } + leadArtifactPath := c.buildLeadArtifactPath(leadArtifact) + leadArtifactChecksum, err := c.getFileChecksum(leadArtifactPath, artifactoryClient) + if err != nil { + return err + } + envelope, err := c.createEnvelope(leadArtifactPath, leadArtifactChecksum) + if err != nil { + return err + } + err = c.uploadEvidence(envelope, leadArtifactPath) + if err != nil { + return err + } + + return nil +} + +func (c *createEvidencePackage) getPackageType(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + var request services.RepositoryDetails + err := artifactoryClient.GetRepository(c.packageRepoName, &request) + if err != nil { + return "", errorutils.CheckErrorf("No such package: %s/%s", c.packageRepoName, c.packageVersion) + } + return request.PackageType, nil +} + +func (c *createEvidencePackage) getPackageVersionLeadArtifact(packageType string, metadataClient metadata.Manager) (string, error) { + body, err := metadataClient.GraphqlQuery(c.createQuery(packageType)) + if err != nil { + return "", err + } + + res := &model.MetadataResponse{} + err = json.Unmarshal(body, res) + if err != nil { + return "", err + } + if len(res.Data.Versions.Edges) == 0 { + return "", errorutils.CheckErrorf("No such package: %s/%s", c.packageRepoName, c.packageVersion) + } + + // Fetch the leadFilePath based on repoName + for _, repo := range res.Data.Versions.Edges[0].Node.Repos { + if repo.Name == c.packageRepoName { + return repo.LeadFilePath, nil + } + } + return "", errorutils.CheckErrorf("Can't find lead artifact of pacakge: %s/%s", c.packageRepoName, c.packageVersion) +} + +func (c *createEvidencePackage) createQuery(packageType string) []byte { + packageId := packageType + "://" + c.packageName + return []byte(fmt.Sprintf(leadArtifactQueryTemplate, packageId, c.packageVersion, c.packageRepoName)) +} + +func (c *createEvidencePackage) buildLeadArtifactPath(leadArtifact string) string { + return fmt.Sprintf("%s/%s", c.packageRepoName, leadArtifact) +} diff --git a/evidence/create_package_test.go b/evidence/create_package_test.go new file mode 100644 index 0000000..e61f2b4 --- /dev/null +++ b/evidence/create_package_test.go @@ -0,0 +1,75 @@ +package evidence + +import ( + "github.com/jfrog/jfrog-client-go/metadata" + "testing" + + "github.com/stretchr/testify/assert" +) + +type mockMetadataServiceManagerDuplicateRepositories struct{} + +func (m *mockMetadataServiceManagerDuplicateRepositories) GraphqlQuery(_ []byte) ([]byte, error) { + response := `{"data":{"versions":{"edges":[{"node":{"repos":[{"name":"nuget-local","leadFilePath":"MyLibrary/1.0.0/test.1.0.0.nupkg"},{"name":"local-test","leadFilePath":"MyLibrary/1.0.0/test.1.0.0.nupkg"}]}]}}}}` + return []byte(response), nil +} + +type mockMetadataServiceManagerGoodResponse struct{} + +func (m *mockMetadataServiceManagerGoodResponse) GraphqlQuery(_ []byte) ([]byte, error) { + response := `{"data":{"versions":{"edges":[{"node":{"repos":[{"name":"nuget-local","leadFilePath":"MyLibrary/1.0.0/test.1.0.0.nupkg"}]}}]}}}` + return []byte(response), nil +} + +func TestPackage(t *testing.T) { + tests := []struct { + name string + metadataClientMock metadata.Manager + packageName string + packageVersion string + repoName string + packageType string + expectedLeadArtifactPath string + expectError bool + }{ + { + name: "Get lead artifact successfully", + metadataClientMock: &mockMetadataServiceManagerGoodResponse{}, + packageName: "test", + packageVersion: "1.0.0", + repoName: "nuget-local", + packageType: "nuget", + expectedLeadArtifactPath: "nuget-local/MyLibrary/1.0.0/test.1.0.0.nupkg", + expectError: false, + }, + { + name: "Duplicate package name and version in the same repository", + metadataClientMock: &mockMetadataServiceManagerDuplicateRepositories{}, + packageName: "test", + packageVersion: "1.0.0", + repoName: "nuget-local", + packageType: "nuget", + expectedLeadArtifactPath: "", + expectError: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &createEvidencePackage{ + packageName: tt.packageName, + packageVersion: tt.packageVersion, + packageRepoName: tt.repoName, + } + leadArtifact, err := c.getPackageVersionLeadArtifact(tt.packageType, tt.metadataClientMock) + leadArtifactPath := c.buildLeadArtifactPath(leadArtifact) + if tt.expectError { + assert.Error(t, err) + assert.Empty(t, leadArtifact) + } else { + assert.NoError(t, err) + assert.Equal(t, tt.expectedLeadArtifactPath, leadArtifactPath) + } + }) + } +} diff --git a/evidence/create_release_bundle.go b/evidence/create_release_bundle.go index 8a5101b..ea76cd6 100644 --- a/evidence/create_release_bundle.go +++ b/evidence/create_release_bundle.go @@ -65,7 +65,7 @@ func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryC repoKey := buildRepoKey(c.project) manifestPath := buildManifestPath(repoKey, c.releaseBundle, c.releaseBundleVersion) - manifestChecksum, err := getManifestPathChecksum(manifestPath, artifactoryClient) + manifestChecksum, err := c.getFileChecksum(manifestPath, artifactoryClient) if err != nil { return "", "", err } @@ -83,12 +83,3 @@ func buildRepoKey(project string) string { func buildManifestPath(repoKey, name, version string) string { return fmt.Sprintf("%s/%s/%s/release-bundle.json.evd", repoKey, name, version) } - -func getManifestPathChecksum(manifestPath string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { - res, err := artifactoryClient.FileInfo(manifestPath) - if err != nil { - log.Warn(fmt.Sprintf("release bundle manifest path '%s' does not exist.", manifestPath)) - return "", err - } - return res.Checksums.Sha256, nil -} diff --git a/evidence/model/metadata.go b/evidence/model/metadata.go new file mode 100644 index 0000000..b125482 --- /dev/null +++ b/evidence/model/metadata.go @@ -0,0 +1,26 @@ +package model + +type MetadataResponse struct { + Data VersionsData `json:"data"` +} + +type VersionsData struct { + Versions Versions `json:"versions"` +} + +type Versions struct { + Edges []VersionEdges `json:"edges"` +} + +type VersionEdges struct { + Node VersionNode `json:"node"` +} + +type VersionNode struct { + Repos []Repo `json:"repos"` +} + +type Repo struct { + Name string `json:"name"` + LeadFilePath string `json:"leadFilePath"` +} diff --git a/go.mod b/go.mod index 52e7d8d..33ec79c 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/jfrog/build-info-go v1.9.32 github.com/jfrog/gofrog v1.7.5 - github.com/jfrog/jfrog-cli-core/v2 v2.54.1 + github.com/jfrog/jfrog-cli-core/v2 v2.54.2 github.com/jfrog/jfrog-client-go v1.43.2 github.com/pkg/errors v0.9.1 github.com/secure-systems-lab/go-securesystemslib v0.8.0 @@ -52,7 +52,7 @@ require ( github.com/manifoldco/promptui v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mattn/go-tty v0.0.3 // indirect github.com/minio/sha256-simd v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -81,16 +81,20 @@ require ( github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/tools v0.23.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect + golang.org/x/mod v0.20.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect + golang.org/x/tools v0.24.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67 + +replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376 \ No newline at end of file diff --git a/go.sum b/go.sum index 648b15e..de5734f 100644 --- a/go.sum +++ b/go.sum @@ -94,10 +94,10 @@ github.com/jfrog/build-info-go v1.9.32 h1:PKXAMe84sMdob6eBtwwGz47Fz2cmjMwMPoHW8x github.com/jfrog/build-info-go v1.9.32/go.mod h1:JTGnENexG1jRhKWCkQtZuDb0PerlzlSzF5OmMLG9kfc= github.com/jfrog/gofrog v1.7.5 h1:dFgtEDefJdlq9cqTRoe09RLxS5Bxbe1Ev5+E6SmZHcg= github.com/jfrog/gofrog v1.7.5/go.mod h1:jyGiCgiqSSR7k86hcUSu67XVvmvkkgWTmPsH25wI298= -github.com/jfrog/jfrog-cli-core/v2 v2.54.1 h1:oNIsqUVJ/P17qEcHgj9/c1nfO23stqqj1sHB7ldFNmQ= -github.com/jfrog/jfrog-cli-core/v2 v2.54.1/go.mod h1:o8Ux0XiXWayxBXbtkMd5Vbs2YJZZDNiS9jtN6yQ4Ur8= -github.com/jfrog/jfrog-client-go v1.43.2 h1:NLSTTSFUkrNiSYs8rpRW7/sd6gDTPOi/eMVkGEarXq0= -github.com/jfrog/jfrog-client-go v1.43.2/go.mod h1:JUevXnjHbGL0MIIPs48L/axJMW/q4ioWMR1e1NuVn8w= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67 h1:ev3VOgr5/5dkoBIiX0lMGDPOIeqpyAbD4S9qBV+pkSY= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67/go.mod h1:lXoq+97FVeFUfTJd1oEeqFC6m2yC6ydjoEWwriOLBxQ= +github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376 h1:ablnqrBY67NRA63pIwdEzdm5sKdfCyU+IPTsfzaYhQc= +github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376/go.mod h1:JUevXnjHbGL0MIIPs48L/axJMW/q4ioWMR1e1NuVn8w= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= @@ -131,8 +131,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-tty v0.0.3 h1:5OfyWorkyO7xP52Mq7tB36ajHDG5OHrmBGIS/DtakQI= github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= @@ -207,8 +207,8 @@ github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM= github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= -github.com/vbauerster/mpb/v8 v8.7.4 h1:p4f16iMfUt3PkAC73SCzAtgtSf8TYDqEbJUT3odPrPo= -github.com/vbauerster/mpb/v8 v8.7.4/go.mod h1:r1B5k2Ljj5KJFCekfihbiqyV4VaaRTANYmvWA2btufI= +github.com/vbauerster/mpb/v8 v8.7.5 h1:hUF3zaNsuaBBwzEFoCvfuX3cpesQXZC0Phm/JcHZQ+c= +github.com/vbauerster/mpb/v8 v8.7.5/go.mod h1:bRCnR7K+mj5WXKsy0NWB6Or+wctYGvVwKn6huwvxKa0= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -233,14 +233,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -248,14 +248,14 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -281,15 +281,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -297,14 +297,14 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=