feat: use stdin as an input for predicate

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
sigstore · Sep 20, 2022 · 5e144e3 · 5e144e3
1 parent 0baa044
commit 5e144e3
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/cmd/cosign/cli/attest/attest.go b/cmd/cosign/cli/attest/attest.go
@@ -21,6 +21,7 @@ import (
 	_ "crypto/sha256" // for `crypto.SHA256`
 	"encoding/json"
 	"fmt"
+	"io"
 	"os"
 	"time"
 
@@ -64,7 +65,7 @@ func uploadToTlog(ctx context.Context, sv *sign.SignerVerifier, rekorURL string,
 	return cbundle.EntryToBundle(entry), nil
 }
 
-//nolint
+// nolint
 func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.RegistryOptions, imageRef string, certPath string, certChainPath string,
 	noUpload bool, predicatePath string, force bool, predicateType string, replace bool, timeout time.Duration, noTlogUpload bool) error {
 	// A key file or token is required unless we're in experimental mode!
@@ -116,15 +117,20 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry
 	wrapped := dsse.WrapSigner(sv, types.IntotoPayloadType)
 	dd := cremote.NewDupeDetector(sv)
 
+	var predicate []byte
 	fmt.Fprintln(os.Stderr, "Using payload from:", predicatePath)
-	predicate, err := os.Open(predicatePath)
+	if predicatePath == "-" {
+		predicate, err = io.ReadAll(os.Stdin)
+	} else {
+		predicate, err = os.ReadFile(predicatePath)
+	}
+
 	if err != nil {
 		return err
 	}
-	defer predicate.Close()
 
 	sh, err := attestation.GenerateStatement(attestation.GenerateOpts{
-		Predicate: predicate,
+		Predicate: bytes.NewReader(predicate),
 		Type:      predicateType,
 		Digest:    h.Hex,
 		Repo:      digest.Repository.String(),