Invert upload flag to allow for not uploading attestation

cmd/cosign/cli/attest.go

@@ -70,7 +70,7 @@ func Attest() *cobra.Command {
 				OIDCClientSecret:         o.OIDC.ClientSecret,
 			}
 			for _, img := range args {
-				if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.Upload, o.Predicate.Path, o.Force, o.Predicate.Type); err != nil {
+				if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.NoUpload, o.Predicate.Path, o.Force, o.Predicate.Type); err != nil {
 					return errors.Wrapf(err, "signing %s", img)
 				}
 			}

cmd/cosign/cli/attest/attest.go

@@ -19,7 +19,6 @@ import (
 	"bytes"
 	"context"
 	_ "crypto/sha256" // for `crypto.SHA256`
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -45,7 +44,7 @@ import (
 
 //nolint
 func AttestCmd(ctx context.Context, ko sign.KeyOpts, regOpts options.RegistryOptions, imageRef string, certPath string,
-	upload bool, predicatePath string, force bool, predicateType string) error {
+	noUpload bool, predicatePath string, force bool, predicateType string) error {
 	// A key file or token is required unless we're in experimental mode!
 	if options.EnableExperimental() {
 		if options.NOf(ko.KeyRef, ko.Sk) > 1 {
@@ -115,8 +114,8 @@ func AttestCmd(ctx context.Context, ko sign.KeyOpts, regOpts options.RegistryOpt
 		return errors.Wrap(err, "signing")
 	}
 
-	if !upload {
-		fmt.Println(base64.StdEncoding.EncodeToString(signedPayload))
+	if noUpload {
+		fmt.Println(string(signedPayload))
 		return nil
 	}
 

cmd/cosign/cli/options/attest.go

@@ -23,7 +23,7 @@ import (
 type AttestOptions struct {
 	Key       string
 	Cert      string
-	Upload    bool
+	NoUpload  bool
 	Force     bool
 	Recursive bool
 
@@ -52,8 +52,8 @@ func (o *AttestOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.Cert, "cert", "",
 		"path to the x509 certificate to include in the Signature")
 
-	cmd.Flags().BoolVar(&o.Upload, "upload", true,
-		"whether to upload the signature")
+	cmd.Flags().BoolVar(&o.NoUpload, "no-upload", false,
+		"do not upload the generated attestation")
 
 	cmd.Flags().BoolVarP(&o.Force, "force", "f", false,
 		"skip warnings and confirmations")

test/e2e_test.go

@@ -182,7 +182,8 @@ func TestAttestVerify(t *testing.T) {
 
 	// Now attest the image
 	ko := sign.KeyOpts{KeyRef: privKeyPath, PassFunc: passFunc}
-	must(attest.AttestCmd(ctx, ko, options.RegistryOptions{}, imgName, "", true, slsaAttestationPath, false, "custom"), t)
+	must(attest.AttestCmd(ctx, ko, options.RegistryOptions{}, imgName, "", false, slsaAttestationPath, false,
+		"custom"), t)
 
 	// Use cue to verify attestation
 	policyPath := filepath.Join(td, "policy.cue")