feat(cli): retrieve worklowRun by attestation digest (#425)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/cmd/workflow_workflow_run_describe.go

@@ -16,6 +16,7 @@
 package cmd
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"os"
@@ -32,7 +33,7 @@ const formatStatement = "statement"
 const formatAttestation = "attestation"
 
 func newWorkflowWorkflowRunDescribeCmd() *cobra.Command {
-	var runID, publicKey string
+	var runID, attestationDigest, publicKey string
 	var verifyAttestation bool
 	// TODO: Replace by retrieving key from rekor
 	const signingKeyEnvVarName = "CHAINLOOP_SIGNING_PUBLIC_KEY"
@@ -44,10 +45,15 @@ func newWorkflowWorkflowRunDescribeCmd() *cobra.Command {
 			if verifyAttestation && publicKey == "" {
 				return errors.New("a public key needs to be provided for verification")
 			}
+
+			if runID == "" && attestationDigest == "" {
+				return errors.New("either a run ID or the attestation digest needs to be provided")
+			}
+
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			res, err := action.NewWorkflowRunDescribe(actionOpts).Run(runID, verifyAttestation, publicKey)
+			res, err := action.NewWorkflowRunDescribe(actionOpts).Run(context.Background(), runID, attestationDigest, verifyAttestation, publicKey)
 			if err != nil {
 				return err
 			}
@@ -57,8 +63,7 @@ func newWorkflowWorkflowRunDescribeCmd() *cobra.Command {
 	}
 
 	cmd.Flags().StringVar(&runID, "id", "", "workflow Run ID")
-	err := cmd.MarkFlagRequired("id")
-	cobra.CheckErr(err)
+	cmd.Flags().StringVar(&attestationDigest, "digest", "", "content digest of the attestation")
 
 	cmd.Flags().BoolVar(&verifyAttestation, "verify", false, "verify the attestation")
 	cmd.Flags().StringVar(&publicKey, "key", "", fmt.Sprintf("public key used to verify the attestation. Note: You can also use env variable %s", signingKeyEnvVarName))

app/cli/internal/action/workflow_run_describe.go

@@ -80,11 +80,17 @@ func NewWorkflowRunDescribe(cfg *ActionsOpts) *WorkflowRunDescribe {
 	return &WorkflowRunDescribe{cfg}
 }
 
-func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey string) (*WorkflowRunItemFull, error) {
+func (action *WorkflowRunDescribe) Run(ctx context.Context, runID string, digest string, verify bool, publicKey string) (*WorkflowRunItemFull, error) {
 	client := pb.NewWorkflowRunServiceClient(action.cfg.CPConnection)
-	resp, err := client.View(context.Background(), &pb.WorkflowRunServiceViewRequest{
-		Ref: &pb.WorkflowRunServiceViewRequest_Id{Id: runID},
-	})
+
+	req := &pb.WorkflowRunServiceViewRequest{}
+	if digest != "" {
+		req.Ref = &pb.WorkflowRunServiceViewRequest_Digest{Digest: digest}
+	} else if runID != "" {
+		req.Ref = &pb.WorkflowRunServiceViewRequest_Id{Id: runID}
+	}
+
+	resp, err := client.View(ctx, req)
 	if err != nil {
 		return nil, err
 	}
@@ -113,7 +119,7 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri
 	}
 
 	if verify {
-		if err := verifyEnvelope(context.Background(), envelope, publicKey); err != nil {
+		if err := verifyEnvelope(ctx, envelope, publicKey); err != nil {
 			action.cfg.Logger.Debug().Err(err).Msg("verifying the envelope")
 			return nil, errors.New("invalid signature, did you provide the right key?")
 		}