Skip to content

docs: clarify --artifact-type=docker requires registry digest#834

Merged
AlexKantor87 merged 4 commits intomainfrom
docs/clarify-docker-registry-requirement
Apr 28, 2026
Merged

docs: clarify --artifact-type=docker requires registry digest#834
AlexKantor87 merged 4 commits intomainfrom
docs/clarify-docker-registry-requirement

Conversation

@AlexKantor87
Copy link
Copy Markdown
Contributor

@AlexKantor87 AlexKantor87 commented Apr 28, 2026

Summary

Companion to kosli-dev/docs#183.

A customer hit Error: repo digest unavailable for the image, has it been pushed to or pulled from a registry? after running kosli attest artifact ... --artifact-type=docker in CI, where the image was built but never pushed. Locally the same command appeared to work because the image had been pulled earlier and the digest was cached on the machine.

The constraint that --artifact-type=docker needs a registry-resident image was only stated in the error message itself. The long descriptions of every attest command (via fingerprintDesc) and kosli fingerprint describe the four artifact types but don't surface this requirement.

This PR adds a Note: paragraph to:

  • fingerprintDesc in cmd/kosli/root.go — flows into the long help of attest artifact, attest generic, attest snyk, attest sonar, attest junit, attest jira, attest custom, and the PR-attest commands.
  • fingerprintLongDesc in cmd/kosli/fingerprint.gokosli fingerprint directly.

The note covers the registry requirement and points at --artifact-type=oci and --artifact-type=dir as alternatives.

Out of scope

Not changing the short flag description (artifactTypeFlag constant) — it's terse on purpose and shows in many help screens. The detail belongs in the long description.

Test plan

  • make build passes
  • go vet ./cmd/kosli/... passes
  • kosli attest artifact --help shows the new note
  • kosli fingerprint --help shows the new note
  • CI lint and integration tests pass
  • After merge + next release, the auto-generated client_reference/kosli_attest_artifact.md in kosli-dev/docs will pick this up via the update-cli-docs workflow

🤖 Generated with Claude Code

@claude
Copy link
Copy Markdown
Contributor

claude Bot commented Apr 28, 2026
edited
Loading

Claude finished @mbevc1's task in 2m 28s —— View job

PR Review: docs: clarify --artifact-type=docker requires registry digest

  • Run static analysis (build, vet, mod tidy)
  • Review changed files
  • Check for the failing test mentioned by mbevc1
  • Post review feedback

Static Analysis

All checks pass:

  • go build ./... — clean
  • go vet ./... — clean
  • go mod tidy — no drift

Review

Overall: This looks good. The PR is well-scoped — it adds documentation for a real customer pain point without changing any runtime behavior. The two approved reviews and mbevc1's test-data fix (commits 413507b0 and 8c9410a5) have addressed the CI failure.

What I checked:

  1. Consistency — The note in root.go (fingerprintDesc) and fingerprint.go (fingerprintLongDesc) convey the same information. The fingerprint.go version is a bit more concise, which makes sense since that constant already has surrounding context about docker/registry fingerprinting. Both follow the existing ^…^ caret-marker convention for inline code in help text.

  2. Test datacmd/kosli/testdata/output/docs/mintlify/artifact.md correctly uses backticks (the rendered form of ^ markers) and matches the expected output for the docs generation test. mbevc1's fix commits have this aligned.

  3. Scope — The fingerprintDesc constant flows into all attest commands and the fingerprint command. No other test data files reference this text, so no additional golden files need updating.

  4. Trailing whitespace fix — The diff also cleans up a trailing space on line 45 of root.go (flag, or flag, or). Minor but welcome.

No bugs, security issues, or missing edge cases — this is a pure documentation change. LGTM.

@AlexKantor87 AlexKantor87 enabled auto-merge (squash) April 28, 2026 15:33
AlexKantor87 and others added 2 commits April 28, 2026 17:16
@AlexKantor87 @claude @mbevc1
docs: clarify --artifact-type=docker requires registry digest
55dfdd0 
A customer hit "repo digest unavailable for the image, has it been
pushed to or pulled from a registry?" after kosli attest artifact with
--artifact-type=docker in CI, where the image was built but never
pushed. The constraint that the docker artifact type requires a
registry-resident image was only stated in the error itself.

Add a note to the long descriptions of attest commands (via
fingerprintDesc) and kosli fingerprint, covering the constraint and
pointing at oci and dir as alternatives.

Help-text only; no behaviour change. Auto-generated docs in
kosli-dev/docs will pick this up on the next CLI release.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@AlexKantor87 @claude @mbevc1
docs: drop dir suggestion from artifact-type=docker note
7848fbd 
Source-dir fingerprinting only works as an end-to-end identity if the
runtime side also fingerprints the source dir. Standard Kosli runtime
reporters fingerprint the running image, so suggesting dir as a generic
swap is misleading — the attested and running artifacts would never
link. Push and oci are the safe answers for the typical case.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@mbevc1 mbevc1 force-pushed the docs/clarify-docker-registry-requirement branch from d13ef90 to 7848fbd Compare April 28, 2026 16:16
@mbevc1
Copy link
Copy Markdown
Contributor

mbevc1 commented Apr 28, 2026
edited
Loading

Failing test, cmd/kosli/testdata/output/docs/mintlify/artifact.md needs updating as well. Adding a fix!

@mbevc1 mbevc1 requested a review from tooky April 28, 2026 17:09
@AlexKantor87 AlexKantor87 merged commit 346ca39 into main Apr 28, 2026
20 checks passed
@AlexKantor87 AlexKantor87 deleted the docs/clarify-docker-registry-requirement branch April 28, 2026 18:18
github-actions Bot pushed a commit that referenced this pull request Apr 29, 2026
@tooky @claude
Release: docs: clarify --artifact-type=docker requires registry digest (
e450fac 
#834)

* docs: clarify --artifact-type=docker requires registry digest

A customer hit "repo digest unavailable for the image, has it been
pushed to or pulled from a registry?" after kosli attest artifact with
--artifact-type=docker in CI, where the image was built but never
pushed. The constraint that the docker artifact type requires a
registry-resident image was only stated in the error itself.

Add a note to the long descriptions of attest commands (via
fingerprintDesc) and kosli fingerprint, covering the constraint and
pointing at oci and dir as alternatives.

Help-text only; no behaviour change. Auto-generated docs in
kosli-dev/docs will pick this up on the next CLI release.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs: drop dir suggestion from artifact-type=docker note

Source-dir fingerprinting only works as an end-to-end identity if the
runtime side also fingerprints the source dir. Standard Kosli runtime
reporters fingerprint the running image, so suggesting dir as a generic
swap is misleading — the attested and running artifacts would never
link. Push and oci are the safe answers for the typical case.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tooky tooky tooky approved these changes

@mbevc1 mbevc1 mbevc1 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AlexKantor87 @mbevc1 @tooky