Skip to content

Include attachments in create-evidence output#58

Merged
mnsboev merged 1 commit into
mainfrom
create-evidence-attachments-output
May 11, 2026
Merged

Include attachments in create-evidence output#58
mnsboev merged 1 commit into
mainfrom
create-evidence-attachments-output

Conversation

@mnsboev

@mnsboev mnsboev commented May 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • Add an Attachments []CreateResponseAttachment field to model.CreateResponse, mirroring the evidence service AttachmentView schema (name, sha256, type, download_path) so the create response body unmarshals directly.
  • Render attachment rows in the create-evidence table output (attachment.<field> for one attachment, attachments[i].<field> for multiple). Empty fields are skipped, matching the existing field rendering convention.
  • download_path is intentionally JSON-only: it's a long opaque string that distorts the table layout without offering eyeball value; scripted callers that need it should use --format json.
  • Tests cover JSON output (full attachment incl. download_path), table output (single/empty-fields/multiple attachments), download_path is asserted to NOT leak into the table, and uploadEvidence faithfully passes through server-returned attachments.

What it looks like

--format table (single attachment):

│ provider_id       │ jfrog                                            │
│ attachment.name   │ slsa-provenance-1774941162594-c092e7b4.json      │
│ attachment.sha256 │ 7dbd94658f313ccfc811e28ad40408c48666dc9a19233... │
│ attachment.type   │ application/json                                 │

--format json (truncated):

{
  ...,
  "attachments": [
    {
      "name": "slsa-provenance-1774941162594-c092e7b4.json",
      "sha256": "7dbd94658f313ccfc811e28ad40408c48666dc9a19233d0a278140557d9a573f",
      "type": "application/json",
      "download_path": "my-repo/.evidence/76ce53.../7dbd94.../slsa-provenance-...json"
    }
  ]
}

Test plan

  • go build ./... clean
  • go vet ./... clean on affected packages
  • go test ./evidence/model/... ./evidence/create/... ./evidence/cli/command/... -count=1348 passed
  • Manual: run jf evd create --attach-artifactory-path ... --format json against a current evidence service; confirm attachments[] is populated with name/sha256/type/download_path
  • Manual: same with --format table; confirm three attachment.* rows appear and download_path is absent
  • Manual: run jf evd create without any --attach-* flag; confirm output is unchanged from current behavior (no attachments key in JSON, no attachment rows in table)

@mnsboev @cursoragent
Include attachments in create-evidence output
c22c139 
Surface attachment metadata returned by the evidence service in both
JSON (full record incl. download_path) and table (name/sha256/type)
formats of `jf evd create --format ...`, so callers can confirm which
attachment was linked.

The `CreateResponseAttachment` struct mirrors the evidence service
`AttachmentView` schema 1:1, so the response body unmarshals directly
without any client-side transformation.

Co-authored-by: Cursor <cursoragent@cursor.com>
@mnsboev mnsboev deployed to frogbot May 11, 2026 06:58 — with GitHub Actions Active
@mnsboev mnsboev added the improvement General improvements to the codebase label May 11, 2026
@github-actions

github-actions Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

👍 Frogbot scanned this pull request and did not find any new security issues.

selalererjfrog
selalererjfrog reviewed May 11, 2026
View reviewed changes
Comment thread evidence/cli/command/command_cli.go
selalererjfrog
selalererjfrog reviewed May 11, 2026
View reviewed changes
Comment thread evidence/cli/command/command_cli.go
@mnsboev mnsboev merged commit 3916087 into main May 11, 2026
21 of 22 checks passed
@mnsboev mnsboev deleted the create-evidence-attachments-output branch May 11, 2026 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@selalererjfrog selalererjfrog selalererjfrog approved these changes

Assignees

No one assigned

Labels

improvement General improvements to the codebase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mnsboev @selalererjfrog