Output Digest When Pushing OCI Artifacts

[duffney]

When pushing an OCI artifact, users often need the digest immediately to proceed with signing workflows or for downstream automation. Both docker push and oras push output the digest as part of their operations, which streamlines integration with signing and verification tools. Without this feature in wkg, users must perform additional steps (like inspecting the registry) to retrieve the digest, which adds unnecessary overhead and slows down secure supply chain workflows.

Proposed Solution: Update wkg to display the artifact digest upon a successful push. This behavior would align wkg with other popular tools (e.g., docker and oras) and enhance usability for security-focused workflows. By outputting the digest, wkg will better support secure supply chain practices, making it easier for users to incorporate artifact verification directly into their CI/CD pipelines.

Something like this would be awesome!

wkg oci push myartifact:v1
Pushed artifact myartifact:v1
Digest: sha256:<digest_here>

[calvinrp]

Happy to accept the PR for this! Small change.

[duffney]

Awesome! I'll start working on a PR. Thank you for the reply. :)