added ability to get image digest back via triangulate

[garethahealy]

Summary

Provides the ability to resolve digest for image without the need to use another tool, such as crane/skopeo

• Ability to retrieve digest from image #3251

Fixes #3034

Documentation

CLI provides self-documentation via extra option on flag.

[haydentherapper]

@garethahealy Thanks for the PR! Looks good, can you rebase and add a comment that demonstrates this in use?

[garethahealy]

rebased

[garethahealy]

usage:

$ ./cosign triangulate --help
Outputs the located cosign image reference. This is the location cosign stores the specified artifact type.

Usage:
cosign triangulate [flags]

Examples:
  cosign triangulate <IMAGE>

Flags:
    --allow-http-registry=false:
	whether to allow using HTTP protocol while connecting to registries. Don't use this for anything but testing

    --allow-insecure-registry=false:
	whether to allow insecure connections to registries (e.g., with expired or self-signed TLS certificates).
	Don't use this for anything but testing

    --attachment-tag-prefix='':
	optional custom prefix to use for attached image tags. Attachment images are tagged as:
	`[AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]`

    -h, --help=false:
	help for triangulate

    --k8s-keychain=false:
	whether to use the kubernetes keychain instead of the default keychain (supports workload identity).

    --type='signature':
	related attachment to triangulate (attestation|sbom|signature|digest), default signature (sbom is deprecated)

Global Flags:
      --output-file string   log output to a file
  -t, --timeout duration     timeout for commands (default 3m0s)
  -d, --verbose              log debug output

$ ./cosign triangulate --type=digest gcr.io/projectsigstore/cosign:v1.13.0
gcr.io/projectsigstore/cosign@sha256:398f441c46e58906dc6d3aaaad22fe63f018dc30acbe13b326e5a016e711301c

[haydentherapper]

Looks great, thank you!

[codecov]

Codecov Report

Merging #3255 (a638314) into main (022fa26) will increase coverage by 0.00%.
The diff coverage is 61.53%.

@@           Coverage Diff           @@
##             main    #3255   +/-   ##
=======================================
  Coverage   30.65%   30.65%           
=======================================
  Files         155      155           
  Lines        9989     9994    +5     
=======================================
+ Hits         3062     3064    +2     
- Misses       6471     6474    +3     
  Partials      456      456           

Files	Coverage Δ
pkg/cosign/fetch.go	0.00% <ø> (ø)
cmd/cosign/cli/options/triangulate.go	0.00% <0.00%> (ø)
pkg/oci/remote/remote.go	36.87% <66.66%> (+0.10%)	⬆️

[haydentherapper]

Can you run make docgen?

[haydentherapper]

Looks good! Not sure why linter is failing, trying to rerun

[haydentherapper]

@cpanato Any guesses why the linter is complaining? we're using the latest golangci-lint version

[garethahealy]

@haydentherapper ; ran linting locally that highlighted an indenting issue - fixed and pushed, hopefully that fixes linting.

green on my fork:

• https://github.com/garethahealy/cosign/actions/runs/6559767123/job/17816015095

[cpanato]

it is all good on the ci side :)