Provide public Verify to import in other applications

[pst]

Is it a goal to allow tl's verify method to be built into other Go applications? I am thinking similarly how Kustomize provides API packages that it then uses itself to provide the CLI's functionality.

My use case is, that I provide release artifacts as zip files for both framework releases and upstream services I package. The kbst CLI scaffolds user repositories from release artifacts and also vendors packaged manifests from catalog artifacts in a user's repository.

Optimally I could use the GitHub action to add release artifacts to the log and have kbst verify artifacts automatically.

Am I on the right track here? I'd be happy to follow this issue up with a PR if this is a direction that you think is useful.

[philips]

Yea, this repo should provide a Go library version overtime. And I would accept a PR for something like that.

The get function from the GitHub action is probably close to what I would want to do except also taking a Reader instead of writing to a file.