Merge pull request #1351 from aemengo/download-sbom

Add new command: pack sbom download
Signed-off-by: David Freilich <[email protected]>

cmd/cmd.go

@@ -79,6 +79,7 @@ func NewPackCommand(logger ConfigurableLogger) (*cobra.Command, error) {
 	rootCmd.AddCommand(commands.InspectImage(logger, imagewriter.NewFactory(), cfg, packClient))
 	rootCmd.AddCommand(commands.NewStackCommand(logger))
 	rootCmd.AddCommand(commands.Rebase(logger, cfg, packClient))
+	rootCmd.AddCommand(commands.NewSBOMCommand(logger, cfg, packClient))
 
 	rootCmd.AddCommand(commands.InspectBuildpack(logger, cfg, packClient))
 	rootCmd.AddCommand(commands.InspectBuilder(logger, cfg, packClient, builderwriter.NewFactory()))

internal/commands/commands.go

@@ -29,6 +29,7 @@ type PackClient interface {
 	YankBuildpack(client.YankBuildpackOptions) error
 	InspectBuildpack(client.InspectBuildpackOptions) (*client.BuildpackInfo, error)
 	PullBuildpack(context.Context, client.PullBuildpackOptions) error
+	DownloadSBOM(name string, options client.DownloadSBOMOptions) error
 }
 
 func AddHelpFlag(cmd *cobra.Command, commandName string) {

internal/commands/download_sbom.go

@@ -0,0 +1,40 @@
+package commands
+
+import (
+	"github.com/spf13/cobra"
+
+	cpkg "github.com/buildpacks/pack/pkg/client"
+	"github.com/buildpacks/pack/pkg/logging"
+)
+
+type DownloadSBOMFlags struct {
+	Remote         bool
+	DestinationDir string
+}
+
+func DownloadSBOM(
+	logger logging.Logger,
+	client PackClient,
+) *cobra.Command {
+	var flags DownloadSBOMFlags
+	cmd := &cobra.Command{
+		Use:     "download <image-name>",
+		Args:    cobra.ExactArgs(1),
+		Short:   "Download SBoM from specified image",
+		Long:    "Download layer containing Structured Bill of Materials (SBoM) from specified image",
+		Example: "pack sbom download buildpacksio/pack",
+		RunE: logError(logger, func(cmd *cobra.Command, args []string) error {
+			img := args[0]
+			options := cpkg.DownloadSBOMOptions{
+				Daemon:         !flags.Remote,
+				DestinationDir: flags.DestinationDir,
+			}
+
+			return client.DownloadSBOM(img, options)
+		}),
+	}
+	AddHelpFlag(cmd, "download")
+	cmd.Flags().BoolVar(&flags.Remote, "remote", false, "Download SBoM of image in remote registry (without pulling image)")
+	cmd.Flags().StringVarP(&flags.DestinationDir, "output-dir", "o", ".", "Path to export SBoM contents.\nIt defaults export to the current working directory.")
+	return cmd
+}

internal/commands/download_sbom_test.go

@@ -0,0 +1,101 @@
+package commands_test
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/heroku/color"
+	"github.com/pkg/errors"
+	"github.com/sclevine/spec"
+	"github.com/sclevine/spec/report"
+	"github.com/spf13/cobra"
+
+	"github.com/buildpacks/pack/internal/commands"
+	"github.com/buildpacks/pack/internal/commands/testmocks"
+	cpkg "github.com/buildpacks/pack/pkg/client"
+	"github.com/buildpacks/pack/pkg/logging"
+	h "github.com/buildpacks/pack/testhelpers"
+)
+
+func TestDownloadSBOMCommand(t *testing.T) {
+	color.Disable(true)
+	defer color.Disable(false)
+	spec.Run(t, "DownloadSBOMCommand", testDownloadSBOMCommand, spec.Parallel(), spec.Report(report.Terminal{}))
+}
+
+func testDownloadSBOMCommand(t *testing.T, when spec.G, it spec.S) {
+	var (
+		command        *cobra.Command
+		logger         logging.Logger
+		outBuf         bytes.Buffer
+		mockController *gomock.Controller
+		mockClient     *testmocks.MockPackClient
+	)
+
+	it.Before(func() {
+		mockController = gomock.NewController(t)
+		mockClient = testmocks.NewMockPackClient(mockController)
+		logger = logging.NewLogWithWriters(&outBuf, &outBuf)
+		command = commands.DownloadSBOM(logger, mockClient)
+	})
+
+	it.After(func() {
+		mockController.Finish()
+	})
+
+	when("#DownloadSBOM", func() {
+		when("happy path", func() {
+			it("returns no error", func() {
+				mockClient.EXPECT().DownloadSBOM("some/image", cpkg.DownloadSBOMOptions{
+					Daemon:         true,
+					DestinationDir: ".",
+				})
+				command.SetArgs([]string{"some/image"})
+
+				err := command.Execute()
+				h.AssertNil(t, err)
+			})
+		})
+
+		when("the remote flag is specified", func() {
+			it("respects the remote flag", func() {
+				mockClient.EXPECT().DownloadSBOM("some/image", cpkg.DownloadSBOMOptions{
+					Daemon:         false,
+					DestinationDir: ".",
+				})
+				command.SetArgs([]string{"some/image", "--remote"})
+
+				err := command.Execute()
+				h.AssertNil(t, err)
+			})
+		})
+
+		when("the output-dir flag is specified", func() {
+			it("respects the output-dir flag", func() {
+				mockClient.EXPECT().DownloadSBOM("some/image", cpkg.DownloadSBOMOptions{
+					Daemon:         true,
+					DestinationDir: "some-destination-dir",
+				})
+				command.SetArgs([]string{"some/image", "--output-dir", "some-destination-dir"})
+
+				err := command.Execute()
+				h.AssertNil(t, err)
+			})
+		})
+
+		when("the client returns an error", func() {
+			it("returns the error", func() {
+				mockClient.EXPECT().DownloadSBOM("some/image", cpkg.DownloadSBOMOptions{
+					Daemon:         true,
+					DestinationDir: ".",
+				}).Return(errors.New("some-error"))
+
+				command.SetArgs([]string{"some/image"})
+
+				err := command.Execute()
+				h.AssertError(t, err, "some-error")
+			})
+		})
+	})
+}

internal/commands/inspect_image.go

@@ -50,6 +50,10 @@ func InspectImage(
 			remote, remoteErr := client.InspectImage(img, false)
 			local, localErr := client.InspectImage(img, true)
 
+			if flags.BOM {
+				logger.Warn("Using the '--bom' flag with 'pack inspect-image <image-name>' is deprecated. Users are encouraged to use 'pack sbom download <image-name>'.")
+			}
+
 			if err := w.Print(logger, sharedImageInfo, local, remote, localErr, remoteErr); err != nil {
 				return err
 			}

internal/commands/sbom.go

@@ -0,0 +1,20 @@
+package commands
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/buildpacks/pack/internal/config"
+	"github.com/buildpacks/pack/pkg/logging"
+)
+
+func NewSBOMCommand(logger logging.Logger, cfg config.Config, client PackClient) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "sbom",
+		Short: "Interact with SBoM",
+		RunE:  nil,
+	}
+
+	cmd.AddCommand(DownloadSBOM(logger, client))
+	AddHelpFlag(cmd, "sbom")
+	return cmd
+}