chainguard-demo
diff --git a/‎digestabotctl/README.md‎
Lines changed: 74 additions & 1 deletion b/‎digestabotctl/README.md‎
Lines changed: 74 additions & 1 deletion
diff --git a/‎digestabotctl/cmd/files.go‎
Lines changed: 5 additions & 1 deletion b/‎digestabotctl/cmd/files.go‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎digestabotctl/cmd/flags.go‎
Lines changed: 8 additions & 0 deletions b/‎digestabotctl/cmd/flags.go‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎digestabotctl/cmd/update.go‎
Lines changed: 12 additions & 1 deletion b/‎digestabotctl/cmd/update.go‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎digestabotctl/docs/digestabotctl.md‎
Lines changed: 1 addition & 1 deletion b/‎digestabotctl/docs/digestabotctl.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎digestabotctl/docs/digestabotctl_completion.md‎
Lines changed: 1 addition & 1 deletion b/‎digestabotctl/docs/digestabotctl_completion.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎digestabotctl/docs/digestabotctl_completion_bash.md‎
Lines changed: 1 addition & 1 deletion b/‎digestabotctl/docs/digestabotctl_completion_bash.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎digestabotctl/docs/digestabotctl_completion_fish.md‎
Lines changed: 1 addition & 1 deletion b/‎digestabotctl/docs/digestabotctl_completion_fish.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎digestabotctl/docs/digestabotctl_completion_powershell.md‎
Lines changed: 1 addition & 1 deletion b/‎digestabotctl/docs/digestabotctl_completion_powershell.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎digestabotctl/docs/digestabotctl_completion_zsh.md‎
Lines changed: 1 addition & 1 deletion b/‎digestabotctl/docs/digestabotctl_completion_zsh.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,3 +1,76 @@
 # digestabotctl
 
-## Docs are [here](./docs)
+Updates image digests in files. 
+
+## GitHub
+
+```
+jobs:
+  digestabot:
+    name: Digestabot
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
+
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: chainguard-dev/setup-chainctl@v0.3.2
+      with:
+        identity: '<your-assumable-id>'
+
+    - name: digestabot
+      env:
+        DIGESTABOT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        DIGESTABOT_BRANCH: digestabot-update # branch to push commits to 
+        DIGESTABOT_CREATE_PR: true
+        DIGESTABOT_PLATFORM: github
+        DIGESTABOT_OWNER: org-owner
+        DIGESTABOT_REPO: repo-name
+        DIGESTABOT_SIGN: true # set to true if you want to sign commits with sigstore
+        DIGESTABOT_EMAIL: committer email
+        DIGESTABOT_NAME: committer username
+      run: |
+        ./digestabotctl update files
+```
+
+## GitLab
+
+```
+stages:
+  - update
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web" || $CI_PIPELINE_SOURCE == "schedule"
+variables:
+  DIGESTABOT_TOKEN: ${PUSH_TOKEN}
+  DIGESTABOT_BRANCH: digestabot-update # branch to push commits to
+  DIGESTABOT_CREATE_PR: true
+  DIGESTABOT_PLATFORM: gitlab
+  DIGESTABOT_OWNER: $CI_PROJECT_NAMESPACE
+  DIGESTABOT_REPO: $CI_PROJECT_ID
+  DIGESTABOT_SIGN: true
+  DIGESTABOT_SIGNING_TOKEN: $SIGSTORE_TOKEN # needed for GitLab since it's not an API exchange
+  DIGESTABOT_EMAIL: $GITLAB_USER_EMAIL
+  DIGESTABOT_NAME: $GITLAB_USER_NAME
+
+digestabot:
+  stage: update
+  id_tokens:
+    ID_TOKEN_1:
+      aud: https://gitlab.com
+    SIGSTORE_TOKEN:
+      aud: sigstore # get token with audience for commit signing
+  script:
+    - wget -O /bin/chainctl "https://dl.enforce.dev/chainctl/latest/chainctl_linux_$(uname -m)"
+    - chmod 755 /bin/chainctl
+    - chainctl auth login --identity-token $ID_TOKEN_1 --identity $CGR_IDENTITY --audience apk.cgr.dev
+    - chainctl auth configure-docker --identity-token $ID_TOKEN_1 --identity $CGR_IDENTITY
+    - digestabotctl update files
+
+```
+
+
+## CLI Reference is [here](./docs)
@@ -24,6 +24,7 @@ var requiredPRFlags = []string{
 	"branch",
 	"token",
 	"platform",
+	"email",
 }
 
 func init() {
@@ -56,6 +57,9 @@ func files(cmd *cobra.Command, args []string) error {
 		When:      time.Now(),
 		Branch:    viper.GetString("branch"),
 		Token:     viper.GetString("token"),
+		Signer:    signer,
+		Name:      viper.GetString("name"),
+		Email:     viper.GetString("email"),
 	}
 
 	checkout, err := versioncontrol.Checkout(opts)
@@ -113,5 +117,5 @@ func handlePRForPlatform(platform string, checkout versioncontrol.CheckoutRespon
 		return err
 	}
 
-	return creator.CreatePR()
+	return creator.CreatePR(cfg.Logger)
 }
@@ -53,6 +53,10 @@ func bindPRFlags(cmd *cobra.Command) {
 	viper.BindPFlag("token", cmd.Flags().Lookup("token"))
 	viper.BindPFlag("description", cmd.Flags().Lookup("description"))
 	viper.BindPFlag("platform", cmd.Flags().Lookup("platform"))
+	viper.BindPFlag("sign", cmd.Flags().Lookup("sign"))
+	viper.BindPFlag("signing-token", cmd.Flags().Lookup("signing-token"))
+	viper.BindPFlag("name", cmd.Flags().Lookup("name"))
+	viper.BindPFlag("email", cmd.Flags().Lookup("email"))
 }
 
 // prFlags adds the pr flags to the passed in command
@@ -66,4 +70,8 @@ func prFlags(cmd *cobra.Command) {
 	cmd.PersistentFlags().String("token", "", "API token")
 	cmd.PersistentFlags().String("description", "Updating image digests", "PR description")
 	cmd.PersistentFlags().String("platform", "", fmt.Sprintf("Platform to create the PR. Options are %s", slices.Collect(maps.Keys(platforms.ValidPlatforms))))
+	cmd.PersistentFlags().Bool("sign", false, "Sign the commit")
+	cmd.PersistentFlags().String("signing-token", "", "OIDC token for signing commit")
+	cmd.PersistentFlags().String("name", "digestabotctl", "Name for commit")
+	cmd.PersistentFlags().String("email", "", "Email for commit")
 }
@@ -1,7 +1,10 @@
 package cmd
 
 import (
+	"github.com/chainguard-dev/platform-examples/digestabotctl/versioncontrol"
+	"github.com/go-git/go-git/v6"
 	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )
 
 // updateCmd represents the update command
@@ -15,6 +18,8 @@ var requiredUpdateFlags = []string{
 	"branch",
 }
 
+var signer git.Signer
+
 func init() {
 	rootCmd.AddCommand(updateCmd)
 	prFlags(updateCmd)
@@ -28,6 +33,12 @@ func updatePreRunE(cmd *cobra.Command, args []string) error {
 	if err := validateEnvs(requiredUpdateFlags...); err != nil {
 		return err
 	}
-
+	if viper.GetBool("sign") {
+		var err error
+		signer, err = versioncontrol.NewSigner(cmd.Context())
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }
@@ -16,4 +16,4 @@ Update image hashes in your files
 * [digestabotctl update](digestabotctl_update.md)	 - Command to control updates to digests
 * [digestabotctl version](digestabotctl_version.md)	 - Prints the version
 
-###### Auto generated by spf13/cobra on 8-Aug-2025
+###### Auto generated by spf13/cobra on 3-Sep-2025
@@ -28,4 +28,4 @@ See each sub-command's help for details on how to use the generated script.
 * [digestabotctl completion powershell](digestabotctl_completion_powershell.md)	 - Generate the autocompletion script for powershell
 * [digestabotctl completion zsh](digestabotctl_completion_zsh.md)	 - Generate the autocompletion script for zsh
 
-###### Auto generated by spf13/cobra on 8-Aug-2025
+###### Auto generated by spf13/cobra on 3-Sep-2025
@@ -47,4 +47,4 @@ digestabotctl completion bash
 
 * [digestabotctl completion](digestabotctl_completion.md)	 - Generate the autocompletion script for the specified shell
 
-###### Auto generated by spf13/cobra on 8-Aug-2025
+###### Auto generated by spf13/cobra on 3-Sep-2025
@@ -38,4 +38,4 @@ digestabotctl completion fish [flags]
 
 * [digestabotctl completion](digestabotctl_completion.md)	 - Generate the autocompletion script for the specified shell
 
-###### Auto generated by spf13/cobra on 8-Aug-2025
+###### Auto generated by spf13/cobra on 3-Sep-2025
@@ -35,4 +35,4 @@ digestabotctl completion powershell [flags]
 
 * [digestabotctl completion](digestabotctl_completion.md)	 - Generate the autocompletion script for the specified shell
 
-###### Auto generated by spf13/cobra on 8-Aug-2025
+###### Auto generated by spf13/cobra on 3-Sep-2025
@@ -49,4 +49,4 @@ digestabotctl completion zsh [flags]
 
 * [digestabotctl completion](digestabotctl_completion.md)	 - Generate the autocompletion script for the specified shell
 
-###### Auto generated by spf13/cobra on 8-Aug-2025
+###### Auto generated by spf13/cobra on 3-Sep-2025
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ var requiredPRFlags = []string{`
`24`	`24`	`"branch",`
`25`	`25`	`"token",`
`26`	`26`	`"platform",`
	`27`	`+ "email",`
`27`	`28`	`}`
`28`	`29`
`29`	`30`	`func init() {`
`@@ -56,6 +57,9 @@ func files(cmd *cobra.Command, args []string) error {`
`56`	`57`	`When: time.Now(),`
`57`	`58`	`Branch: viper.GetString("branch"),`
`58`	`59`	`Token: viper.GetString("token"),`
	`60`	`+ Signer: signer,`
	`61`	`+ Name: viper.GetString("name"),`
	`62`	`+ Email: viper.GetString("email"),`
`59`	`63`	`}`
`60`	`64`
`61`	`65`	`checkout, err := versioncontrol.Checkout(opts)`
`@@ -113,5 +117,5 @@ func handlePRForPlatform(platform string, checkout versioncontrol.CheckoutRespon`
`113`	`117`	`return err`
`114`	`118`	`}`
`115`	`119`
`116`		`- return creator.CreatePR()`
	`120`	`+ return creator.CreatePR(cfg.Logger)`
`117`	`121`	`}`
Original file line number	Diff line number	Diff line change
`@@ -47,4 +47,4 @@ digestabotctl completion bash`
`47`	`47`
`48`	`48`	`* [digestabotctl completion](digestabotctl_completion.md) - Generate the autocompletion script for the specified shell`
`49`	`49`
`50`		`-###### Auto generated by spf13/cobra on 8-Aug-2025`
	`50`	`+###### Auto generated by spf13/cobra on 3-Sep-2025`
Original file line number	Diff line number	Diff line change
`@@ -38,4 +38,4 @@ digestabotctl completion fish [flags]`
`38`	`38`
`39`	`39`	`* [digestabotctl completion](digestabotctl_completion.md) - Generate the autocompletion script for the specified shell`
`40`	`40`
`41`		`-###### Auto generated by spf13/cobra on 8-Aug-2025`
	`41`	`+###### Auto generated by spf13/cobra on 3-Sep-2025`
Original file line number	Diff line number	Diff line change
`@@ -35,4 +35,4 @@ digestabotctl completion powershell [flags]`
`35`	`35`
`36`	`36`	`* [digestabotctl completion](digestabotctl_completion.md) - Generate the autocompletion script for the specified shell`
`37`	`37`
`38`		`-###### Auto generated by spf13/cobra on 8-Aug-2025`
	`38`	`+###### Auto generated by spf13/cobra on 3-Sep-2025`
Original file line number	Diff line number	Diff line change
`@@ -49,4 +49,4 @@ digestabotctl completion zsh [flags]`
`49`	`49`
`50`	`50`	`* [digestabotctl completion](digestabotctl_completion.md) - Generate the autocompletion script for the specified shell`
`51`	`51`
`52`		`-###### Auto generated by spf13/cobra on 8-Aug-2025`
	`52`	`+###### Auto generated by spf13/cobra on 3-Sep-2025`