search

openvex / vexctl

A tool to create, transform and attest VEX metadata
Apache License 2.0
109 stars 21 forks source link

vexctl generate #150

Closed puerco closed 9 months ago

puerco commented 9 months ago

This PR introduces a new subcommand to vexctl: generate

With vexctl generate, users can automate the generation of VEX data from golden templates with known vex statements:

Usage:
  vexctl generate [flags] [product_id]

Examples:
vexctl generate "pkg:apk/wolfi/git

Flags:
      --author string        author to record in the new document (default "Unknown Author")
      --author-role string   optional author role to record in the new document
      --file string          file to write the document to (default is STDOUT)
  -h, --help                 help for generate
      --id string            ID string for the new VEX document (autogenerated by default)
      --init                 initialize a new templates directory in the path specified with -t
  -p, --product string       main identifier of the product, a package URL or another IRI
  -t, --templates string     path to templates directory (default ".openvex/templates")

The subcommand --help flag display a longer help explaining how generation works.

vexctl generate also includes a --init flag to scaffold a new templates directory, it writes an empty openvex document ready to append data and a README.

I will follow up this PR with documentation in the examples repo.

Signed-off-by: Adolfo García Veytia (Puerco) puerco@chainguard.dev

puerco commented 9 months ago

OK, I've const'd away the readme contents. PTAL @cpanato :)