Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inappropriate printing to STDOUT #2510

Open
znewman01 opened this issue Dec 5, 2022 · 2 comments
Open

Inappropriate printing to STDOUT #2510

znewman01 opened this issue Dec 5, 2022 · 2 comments
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@znewman01
Copy link
Contributor

Generally, in Cosign we try to make STDOUT have the output of the command: the (often machine-readable) result of execution. We put status messages, errors, etc. on STDERR.

This is a common convention for CLI tools and a nice thing to do for scriptability.

However, we're pretty sloppy sometimes.

I'm looking mostly at:

But even some of the ones that are actually correct just work by spitting out to STDOUT in the middle of command execution:

My proposal is the following:

  1. Have the CLI top-level entry point print the output of the command. That is, something like SaveCmd would be implemented as a function with a return value, and then we'd hook into Cobra to print the output (if we need to stream output, we could use channels or something).
  2. Ban (using Forbidigo) any calls to fmt.Print{f,ln} in the Cosign codebase.
  3. Implement a "Cosign output" package. Instead of fmt.Fprintln(os.Stderr, "warning: foo") directly, Cosign code would call Warn(). Same for any other common output patterns. (That is, calling code can assign semantics to its output which helps make sure it goes to the right place).
  4. Ban (most) other fmt.* calls (we can keep fmt.Sprint*).

This has a number of benefits:

  • Supporting multiple formats easily and consistently (you could pass --format=jsonl or --format=csv) without requiring support from every command
  • Testability: parsing STDOUT is hard. Right now that's part of the reason that the cmd/ directory is under-tested.
  • Enforce consistent output: of course, this fixes the STDOUT/STDERR thing. But it also starts to unify the output across the whole tool. If we wanted to start putting all STDERR output in red, we could do that in one place easily. If we want to "tee" all output to a log file, we can do that.
@znewman01 znewman01 added bug Something isn't working good first issue Good for newcomers labels Dec 5, 2022
@eddiezane
Copy link
Member

The way we handle this in kubectl and gitsign is by encapsulating the streams which has the added bonus of being really easy to mock in tests.

@znewman01
Copy link
Contributor Author

The way we handle this in kubectl and gitsign is by encapsulating the streams which has the added bonus of being really easy to mock in tests.

Yeah I think this is also a good idea and can be implemented at the same time we do (3) above.

znewman01 added a commit to znewman01/cosign that referenced this issue Dec 7, 2022
@znewman01
Add versioning policy.
702f96e 
Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 mentioned this issue Dec 7, 2022
Merged
5 tasks
znewman01 added a commit to znewman01/cosign that referenced this issue Dec 7, 2022
@znewman01
Add versioning policy.
07b3a9e 
Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>
znewman01 added a commit to znewman01/cosign that referenced this issue Dec 7, 2022
@znewman01
Add versioning policy.
c904794 
Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>
znewman01 added a commit to znewman01/cosign that referenced this issue Dec 19, 2022
@znewman01
Add versioning policy.
72e3026 
Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 mentioned this issue Dec 23, 2022
Merged
znewman01 added a commit to znewman01/cosign that referenced this issue Jan 2, 2023
@znewman01
Add versioning policy.
97ef361 
Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 mentioned this issue Jan 10, 2023
Merged
znewman01 added a commit to znewman01/cosign that referenced this issue Jan 14, 2023
@znewman01
Add versioning policy.
154e727 
Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>
znewman01 added a commit that referenced this issue Jan 17, 2023
@znewman01
Add versioning policy. (#2519)
6dc6ad2 
* Add versioning policy.

Addresses (does not fix) #2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows #2365.

After getting approval on this PR, I will update #2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also #2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>

* Reword private-by-default for Sigstore API

Signed-off-by: Zachary Newman <[email protected]>

* Minor rewordings

Signed-off-by: Zachary Newman <[email protected]>

* Another minor rewording

Signed-off-by: Zachary Newman <[email protected]>

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 mentioned this issue Jan 17, 2023
Open
@znewman01 znewman01 mentioned this issue Feb 27, 2023
Closed
@znewman01 znewman01 mentioned this issue Mar 15, 2023
Merged
dmitris pushed a commit to dmitris/cosign that referenced this issue Mar 24, 2023
@znewman01 @dmitris
Add versioning policy. (sigstore#2519)
dcf6607 
* Add versioning policy.

Addresses (does not fix) sigstore#2518.

This follows [Proposal: Cosign Versioning][versioning-proposal], which in turn
follows sigstore#2365.

After getting approval on this PR, I will update sigstore#2518 to include a checklist
containing the following (possibly linking to separate bugs):

- [ ] (docs) Communicate the new version policy to Cosign users.
- [ ] (process/CI) Separate CLI and API releases (with different tagging schemes).
- [ ] (process/CI) Use gorelease or similar to catch breaking API changes.
- [ ] (code) Add library support for deprecations (see also sigstore#2510)
- [ ] (testing) E2E testing for old Cosign versions (Also client libraries, once they're stable).

[versioning-proposal]: https://docs.google.com/document/d/1urWUPhtzXKWqL9CoaEw4Z35v5IDl9yrTRQ40XlYekOo/edit#

Signed-off-by: Zachary Newman <[email protected]>

* Reword private-by-default for Sigstore API

Signed-off-by: Zachary Newman <[email protected]>

* Minor rewordings

Signed-off-by: Zachary Newman <[email protected]>

* Another minor rewording

Signed-off-by: Zachary Newman <[email protected]>

Signed-off-by: Zachary Newman <[email protected]>
@znewman01 znewman01 mentioned this issue Mar 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@znewman01 @eddiezane