| GH-ATTESTATION-DOWNLOAD(1) | GitHub CLI manual | GH-ATTESTATION-DOWNLOAD(1) |
NAME¶
gh-attestation-download - Download an artifact's attestations for offline use
SYNOPSIS¶
gh attestation download [<file-path> | oci://<image-uri>] [--owner | --repo] [flags]
DESCRIPTION¶
NOTE: This feature is currently in beta, and subject to change.¶
Download attestations associated with an artifact for offline use.
The command requires either: * a file path to an artifact, or * a
container image URI (e.g. oci://<image-uri>)
* (note that if you provide an OCI URL, you must already be authenticated
with its container registry)
In addition, the command requires either: * the --repo flag (e.g. --repo github/example). * the --owner flag (e.g. --owner github), or
The --repo flag value must match the name of the GitHub repository that the artifact is linked with.
The --owner flag value must match the name of the GitHub organization that the artifact's linked repository belongs to.
Any associated bundle(s) will be written to a file in the current directory named after the artifact's digest. For example, if the digest is "sha256:1234", the file will be named "sha256:1234.jsonl".
OPTIONS¶
- -d, --digest-alg <string> (default "sha256")
- The algorithm used to compute a digest of the artifact: {sha256|sha512}
- -L, --limit <int> (default 30)
- Maximum number of attestations to fetch
- -o, --owner <string>
- a GitHub organization to scope attestation lookup by
- --predicate-type <string>
- Filter attestations by provided predicate type
- -R, --repo <string>
- Repository name in the format /
EXAMPLE¶
# Download attestations for a local artifact linked with an organization $ gh attestation download example.bin -o github # Download attestations for a local artifact linked with a repository $ gh attestation download example.bin -R github/example # Download attestations for an OCI image linked with an organization $ gh attestation download oci://example.com/foo/bar:latest -o github
SEE ALSO¶
| May 2024 | GitHub CLI v2.49.2 |