chore: Update CLI to use errors and Cobra's RunE (#200)

This improves the control flow. When RunE is used, if the error is non-
nil, the error will be shown to the user.

Signed-off-by: James Alseth <[email protected]>

Author: jalseth

sourcetool/cmd/audit.go

@@ -7,7 +7,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"log"
 
 	"github.com/spf13/cobra"
 
@@ -87,11 +86,8 @@ Future:
 * Check the provenance to validate the verifiedLevels in the VSA match expectations
   (i.e. that the VSA was issued correctly)
 `,
-		Run: func(cmd *cobra.Command, args []string) {
-			err := doAudit(auditArgs)
-			if err != nil {
-				log.Fatal(err)
-			}
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doAudit(auditArgs)
 		},
 	}
 )

sourcetool/cmd/checklevel.go

@@ -7,7 +7,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"log"
 	"os"
 
 	"github.com/spf13/cobra"
@@ -39,56 +38,56 @@ var (
 		Long: `Determines the SLSA Source Level of the repo.
 
 This is meant to be run within the corresponding GitHub Actions workflow.`,
-		Run: func(cmd *cobra.Command, args []string) {
-			doCheckLevel(&checkLevelArgs)
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doCheckLevel(&checkLevelArgs)
 		},
 	}
 )
 
-func doCheckLevel(cla *CheckLevelArgs) {
+func doCheckLevel(cla *CheckLevelArgs) error {
 	if err := cla.Validate(); err != nil {
-		log.Fatalf("Error: %v", err)
+		return err
 	}
 
-	ghconnection := ghcontrol.NewGhConnection(
-		cla.owner, cla.repo, ghcontrol.BranchToFullRef(cla.branch),
-	).WithAuthToken(githubToken)
+	ghconnection := ghcontrol.NewGhConnection(cla.owner, cla.repo, ghcontrol.BranchToFullRef(cla.branch)).WithAuthToken(githubToken)
 	ghconnection.Options.AllowMergeCommits = cla.allowMergeCommits
 
 	ctx := context.Background()
 	controlStatus, err := ghconnection.GetBranchControls(ctx, cla.commit, ghconnection.GetFullRef())
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
 	pe := policy.NewPolicyEvaluator()
 	pe.UseLocalPolicy = checkLevelProvArgs.useLocalPolicy
 	verifiedLevels, policyPath, err := pe.EvaluateControl(ctx, ghconnection, controlStatus)
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
 	fmt.Print(verifiedLevels)
 
 	unsignedVsa, err := attest.CreateUnsignedSourceVsa(ghconnection.GetRepoUri(), ghconnection.GetFullRef(), cla.commit, verifiedLevels, policyPath)
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
 	if cla.outputUnsignedVsa != "" {
-		if err = os.WriteFile(cla.outputUnsignedVsa, []byte(unsignedVsa), 0o644); err != nil { //nolint:gosec
-			log.Fatal(err)
+		if err := os.WriteFile(cla.outputUnsignedVsa, []byte(unsignedVsa), 0o644); err != nil { //nolint:gosec
+			return err
 		}
 	}
 
 	if cla.outputVsa != "" {
 		// This will output in the sigstore bundle format.
 		signedVsa, err := attest.Sign(unsignedVsa)
 		if err != nil {
-			log.Fatal(err)
+			return err
 		}
 		err = os.WriteFile(cla.outputVsa, []byte(signedVsa), 0o644) //nolint:gosec
 		if err != nil {
-			log.Fatal(err)
+			return err
 		}
 	}
+
+	return nil
 }
 
 func init() {

sourcetool/cmd/checklevelprov.go

@@ -39,10 +39,8 @@ var (
 	checklevelprovCmd = &cobra.Command{
 		Use:   "checklevelprov",
 		Short: "Checks the given commit against policy using & creating provenance",
-		Run: func(cmd *cobra.Command, args []string) {
-			if err := doCheckLevelProv(checkLevelProvArgs); err != nil {
-				log.Fatal(err)
-			}
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doCheckLevelProv(checkLevelProvArgs)
 		},
 	}
 )

sourcetool/cmd/checktag.go

@@ -34,10 +34,8 @@ var (
 	checktagCmd = &cobra.Command{
 		Use:   "checktag",
 		Short: "Checks to see if the tag operation should be allowed and issues a VSA",
-		Run: func(cmd *cobra.Command, args []string) {
-			if err := doCheckTag(checkTagArgs); err != nil {
-				log.Fatal(err)
-			}
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doCheckTag(checkTagArgs)
 		},
 	}
 )

sourcetool/cmd/createpolicy.go

@@ -6,7 +6,6 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"log"
 
 	"github.com/spf13/cobra"
 
@@ -28,20 +27,21 @@ var (
 		Long: `Creates a SLSA source policy in a local copy of slsa-source-poc.
 
 		The created policy should then be sent as a PR to slsa-framework/slsa-source-poc.`,
-		Run: func(cmd *cobra.Command, args []string) {
-			doCreatePolicy(createPolicyArgs.policyRepoPath, createPolicyArgs.owner, createPolicyArgs.repo, createPolicyArgs.branch)
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doCreatePolicy(createPolicyArgs.policyRepoPath, createPolicyArgs.owner, createPolicyArgs.repo, createPolicyArgs.branch)
 		},
 	}
 )
 
-func doCreatePolicy(policyRepoPath, owner, repo, branch string) {
+func doCreatePolicy(policyRepoPath, owner, repo, branch string) error {
 	ghconnection := ghcontrol.NewGhConnection(owner, repo, ghcontrol.BranchToFullRef(branch)).WithAuthToken(githubToken)
 	ctx := context.Background()
 	outpath, err := policy.CreateLocalPolicy(ctx, ghconnection, policyRepoPath)
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
 	fmt.Printf("Wrote policy to %s\n", outpath)
+	return nil
 }
 
 func init() {

sourcetool/cmd/prov.go

@@ -6,7 +6,6 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"log"
 
 	"github.com/spf13/cobra"
 	"google.golang.org/protobuf/encoding/protojson"
@@ -25,25 +24,26 @@ var (
 	provCmd  = &cobra.Command{
 		Use:   "prov",
 		Short: "Creates provenance for the given commit, but does not check policy.",
-		Run: func(cmd *cobra.Command, args []string) {
-			doProv(provArgs.prevAttPath, provArgs.commit, provArgs.prevCommit, provArgs.owner, provArgs.repo, provArgs.branch)
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doProv(provArgs.prevAttPath, provArgs.commit, provArgs.prevCommit, provArgs.owner, provArgs.repo, provArgs.branch)
 		},
 	}
 )
 
-func doProv(prevAttPath, commit, prevCommit, owner, repo, branch string) {
+func doProv(prevAttPath, commit, prevCommit, owner, repo, branch string) error {
 	ghconnection := ghcontrol.NewGhConnection(owner, repo, ghcontrol.BranchToFullRef(branch)).WithAuthToken(githubToken)
 	ctx := context.Background()
 	pa := attest.NewProvenanceAttestor(ghconnection, getVerifier())
 	newProv, err := pa.CreateSourceProvenance(ctx, prevAttPath, commit, prevCommit, ghconnection.GetFullRef())
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
 	provStr, err := protojson.Marshal(newProv)
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
-	fmt.Printf("%s\n", string(provStr))
+	fmt.Println(string(provStr))
+	return nil
 }
 
 func init() {

sourcetool/cmd/verifycommit.go

@@ -6,7 +6,6 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"log"
 
 	"github.com/spf13/cobra"
 
@@ -24,40 +23,41 @@ var (
 	verifycommitCmd  = &cobra.Command{
 		Use:   "verifycommit",
 		Short: "Verifies the specified commit is valid",
-		Run: func(cmd *cobra.Command, args []string) {
-			doVerifyCommit(verifyCommitArgs.commit, verifyCommitArgs.owner, verifyCommitArgs.repo, verifyCommitArgs.branch, verifyCommitArgs.tag)
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return doVerifyCommit(verifyCommitArgs.commit, verifyCommitArgs.owner, verifyCommitArgs.repo, verifyCommitArgs.branch, verifyCommitArgs.tag)
 		},
 	}
 )
 
-func doVerifyCommit(commit, owner, repo, branch, tag string) {
+func doVerifyCommit(commit, owner, repo, branch, tag string) error {
 	if commit == "" || owner == "" || repo == "" {
-		log.Fatal("Must set commit, owner and repo.")
+		return fmt.Errorf("must set commit, owner and repo")
 	}
 
-	ref := ""
+	var ref string
 	switch {
 	case branch != "":
 		ref = ghcontrol.BranchToFullRef(branch)
 	case tag != "":
 		ref = ghcontrol.TagToFullRef(tag)
 	default:
-		log.Fatal("Must specify either branch or tag.")
+		return fmt.Errorf("must specify either branch or tag")
 	}
 
 	ghconnection := ghcontrol.NewGhConnection(owner, repo, ref).WithAuthToken(githubToken)
 	ctx := context.Background()
 
 	_, vsaPred, err := attest.GetVsa(ctx, ghconnection, getVerifier(), commit, ghconnection.GetFullRef())
 	if err != nil {
-		log.Fatal(err)
+		return err
 	}
 	if vsaPred == nil {
 		fmt.Printf("FAILED: no VSA matching commit '%s' on branch '%s' found in github.com/%s/%s\n", commit, branch, owner, repo)
-		return
+		return nil
 	}
 
 	fmt.Printf("SUCCESS: commit %s verified with %v\n", commit, vsaPred.GetVerifiedLevels())
+	return nil
 }
 
 func init() {