Add --validate-sha flag for Docker push command

Author: agrasth

buildtools/cli.go

@@ -3,15 +3,16 @@ package buildtools
 import (
 	"errors"
 	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
 	"github.com/jfrog/jfrog-cli-artifactory/artifactory/commands/python"
 	"github.com/jfrog/jfrog-cli-artifactory/artifactory/commands/setup"
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/ioutils"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
 	setupdocs "github.com/jfrog/jfrog-cli/docs/buildtools/setup"
-	"os"
-	"strconv"
-	"strings"
 
 	"github.com/jfrog/jfrog-cli-artifactory/artifactory/commands/container"
 	"github.com/jfrog/jfrog-cli-artifactory/artifactory/commands/dotnet"
@@ -768,7 +769,7 @@ func pullCmd(c *cli.Context, image string) error {
 	if show, err := cliutils.ShowGenericCmdHelpIfNeeded(c, c.Args(), "dockerpullhelp"); show || err != nil {
 		return err
 	}
-	_, rtDetails, _, skipLogin, filteredDockerArgs, buildConfiguration, err := extractDockerOptionsFromArgs(c.Args())
+	_, rtDetails, _, skipLogin, _, filteredDockerArgs, buildConfiguration, err := extractDockerOptionsFromArgs(c.Args())
 	if err != nil {
 		return err
 	}
@@ -791,24 +792,24 @@ func pushCmd(c *cli.Context, image string) (err error) {
 	if show, err := cliutils.ShowCmdHelpIfNeeded(c, c.Args()); show || err != nil {
 		return err
 	}
-	threads, rtDetails, detailedSummary, skipLogin, filteredDockerArgs, buildConfiguration, err := extractDockerOptionsFromArgs(c.Args())
+	threads, rtDetails, detailedSummary, skipLogin, validateSha, filteredDockerArgs, buildConfiguration, err := extractDockerOptionsFromArgs(c.Args())
 	if err != nil {
 		return
 	}
 	printDeploymentView := log.IsStdErrTerminal()
-	PushCommand := container.NewPushCommand(containerutils.DockerClient)
-	PushCommand.SetThreads(threads).SetDetailedSummary(detailedSummary || printDeploymentView).SetCmdParams(filteredDockerArgs).SetSkipLogin(skipLogin).SetBuildConfiguration(buildConfiguration).SetServerDetails(rtDetails).SetImageTag(image)
-	supported, err := PushCommand.IsGetRepoSupported()
+	pushCommand := container.NewPushCommand(containerutils.DockerClient)
+	pushCommand.SetThreads(threads).SetDetailedSummary(detailedSummary || printDeploymentView).SetCmdParams(filteredDockerArgs).SetSkipLogin(skipLogin).SetBuildConfiguration(buildConfiguration).SetServerDetails(rtDetails).SetImageTag(image).SetValidateSha(validateSha)
+	supported, err := pushCommand.IsGetRepoSupported()
 	if err != nil {
 		return err
 	}
 	if !supported {
 		return cliutils.NotSupportedNativeDockerCommand("docker-push")
 	}
-	err = commands.Exec(PushCommand)
-	result := PushCommand.Result()
+	err = commands.Exec(pushCommand)
+	result := pushCommand.Result()
 	defer cliutils.CleanupResult(result, &err)
-	err = cliutils.PrintCommandSummary(PushCommand.Result(), detailedSummary, printDeploymentView, false, err)
+	err = cliutils.PrintCommandSummary(pushCommand.Result(), detailedSummary, printDeploymentView, false, err)
 	return
 }
 
@@ -824,7 +825,7 @@ func dockerNativeCmd(c *cli.Context) error {
 	if show, err := cliutils.ShowCmdHelpIfNeeded(c, c.Args()); show || err != nil {
 		return err
 	}
-	_, _, _, _, cleanArgs, _, err := extractDockerOptionsFromArgs(c.Args())
+	_, _, _, _, _, cleanArgs, _, err := extractDockerOptionsFromArgs(c.Args())
 	if err != nil {
 		return err
 	}
@@ -833,7 +834,7 @@ func dockerNativeCmd(c *cli.Context) error {
 }
 
 // Remove all the none docker CLI flags from args.
-func extractDockerOptionsFromArgs(args []string) (threads int, serverDetails *coreConfig.ServerDetails, detailedSummary, skipLogin bool, cleanArgs []string, buildConfig *build.BuildConfiguration, err error) {
+func extractDockerOptionsFromArgs(args []string) (threads int, serverDetails *coreConfig.ServerDetails, detailedSummary, skipLogin bool, validateSha bool, cleanArgs []string, buildConfig *build.BuildConfiguration, err error) {
 	cleanArgs = append([]string(nil), args...)
 	var serverId string
 	cleanArgs, serverId, err = coreutils.ExtractServerIdFromCommand(cleanArgs)
@@ -856,6 +857,11 @@ func extractDockerOptionsFromArgs(args []string) (threads int, serverDetails *co
 	if err != nil {
 		return
 	}
+	// Extract validateSha flag
+	cleanArgs, validateSha, err = coreutils.ExtractBoolFlagFromArgs(cleanArgs, "validate-sha")
+	if err != nil {
+		return
+	}
 	cleanArgs, buildConfig, err = build.ExtractBuildDetailsFromArgs(cleanArgs)
 	return
 }

docs/buildtools/dockerpush/help.go

@@ -8,5 +8,16 @@ func GetDescription() string {
 
 func GetArguments() string {
 	return `	docker push args
-		The docker push args to run docker push.`
+		The docker push args to run docker push.
+		
+	--validate-sha
+		Set to true to enable SHA-based validation during Docker push.
+		When enabled, manifest validation will use the image's SHA digest instead of name:tag.
+		This is useful when pushing to virtual repositories where the tag might exist with different content in higher priority repositories.
+		The SHA digest is automatically determined from the local image.
+		
+		With this flag, the CLI will:
+		1. Use the local image's SHA digest for validation instead of the tag
+		2. Attempt to find the image in the repository by SHA if tag-based lookup fails
+		3. Continue the operation even if a digest mismatch is detected, with appropriate warnings`
 }

utils/cliutils/commandsflags.go

@@ -2,10 +2,11 @@ package cliutils
 
 import (
 	"fmt"
-	"github.com/jfrog/jfrog-cli-artifactory/cliutils/flagkit"
 	"sort"
 	"strconv"
 
+	"github.com/jfrog/jfrog-cli-artifactory/cliutils/flagkit"
+
 	commonCliUtils "github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 
@@ -345,6 +346,7 @@ const (
 	// Build tool flags
 	deploymentThreads = "deployment-threads"
 	skipLogin         = "skip-login"
+	validateSha       = "validate-sha"
 
 	// Unique docker promote flags
 	dockerPromotePrefix = "docker-promote-"
@@ -1704,6 +1706,10 @@ var flagsMap = map[string]cli.Flag{
 		Name:  ApplicationKey,
 		Usage: "[Optional] JFrog ApplicationKey Key` ` ",
 	},
+	validateSha: cli.BoolFlag{
+		Name:  validateSha,
+		Usage: "[Default: false] Set to true to enable SHA validation during Docker push.` `",
+	},
 }
 
 var commandFlags = map[string][]string{
@@ -1823,12 +1829,10 @@ var commandFlags = map[string][]string{
 		BuildName, BuildNumber, deploymentThreads, Project, detailedSummary, xrayScan, xrOutput,
 	},
 	Docker: {
-		BuildName, BuildNumber, module, Project,
-		serverId, skipLogin, threads, detailedSummary, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, vuln,
+		url, user, password, accessToken, sshPassphrase, sshKeyPath, serverId, ClientCertPath, ClientCertKeyPath, Project, skipLogin, validateSha,
 	},
 	DockerPush: {
-		BuildName, BuildNumber, module, Project,
-		serverId, skipLogin, threads, detailedSummary,
+		url, user, password, accessToken, sshPassphrase, sshKeyPath, serverId, ClientCertPath, ClientCertKeyPath, Project, skipLogin, validateSha,
 	},
 	DockerPull: {
 		BuildName, BuildNumber, module, Project,
@@ -1840,7 +1844,7 @@ var commandFlags = map[string][]string{
 	},
 	ContainerPush: {
 		BuildName, BuildNumber, module, url, user, password, accessToken, sshPassphrase, sshKeyPath,
-		serverId, skipLogin, threads, Project, detailedSummary,
+		serverId, skipLogin, threads, Project, detailedSummary, validateSha,
 	},
 	ContainerPull: {
 		BuildName, BuildNumber, module, url, user, password, accessToken, sshPassphrase, sshKeyPath,