konflux-ci · kosciCZ · Jun 9, 2025 · Jun 2, 2025
diff --git a/docs/sboms/upload.md b/docs/sboms/upload.md
@@ -0,0 +1,24 @@
+# SBOM for Image Index
+
+The Mobster tool is capable of uploading SBOMs to multiple locations.
+
+## Red Hat Trusted Profile Analyzer (TPA)
+
+To upload an SBOM to TPA, use the `mobster upload tpa` command. In order to authenticate to TPA,
+you need to set the following environment variables with OIDC, as in the example below
+
+```
+MOBSTER_TPA_SSO_TOKEN_URL="https://example.com/auth/realms/ExampleRealm/protocol/openid-connect/token"
+MOBSTER_TPA_SSO_ACCOUNT=example-account
+MOBSTER_TPA_SSO_TOKEN=example-account-token
+```
+
+After that you can either upload a single SBOM:
+```shell
+mobster upload tpa --tpa-base-url https://your-tpa-instance.com --file /path/to/your/sbom.json
+```
+
+Or multiple SBOM files from a directory with an option to set a number of parallel workers:
+```shell
+mobster upload tpa --tpa-base-url https://your-tpa-instance.com --from-dir /path/to/sbom_directory --workers 4
+```
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -33,7 +33,8 @@ dependencies = [
     "pydantic (>=2.11.4,<3.0.0)",
     "python-dateutil (>=2.9.0.post0,<3.0.0)",
     "packageurl-python (>=0.16.0,<0.17.0)",
-    "aiofiles (>=24.1.0,<25.0.0)"
+    "aiofiles (>=24.1.0,<25.0.0)",
+    "httpx (>=0.28.1,<0.29.0)"
 ]
 
 [project.urls]
@@ -85,6 +86,7 @@ pylint = "^3.3.7"
 pytest-asyncio = "^1.0.0"
 types-python-dateutil = "^2.9.0.20241206"
 types-aiofiles = "^24.1.0.20250516"
+pytest-httpx = "^0.35.0"
 
 [build-system]
 requires = ["poetry-core>=2.0.0,<3.0.0"]

diff --git a/src/mobster/cli.py b/src/mobster/cli.py
@@ -4,8 +4,9 @@
 from pathlib import Path
 from typing import Any
 
-from mobster.cmd import augment, upload
+from mobster.cmd import augment
 from mobster.cmd.generate import modelcar, oci_artifact, oci_image, oci_index, product
+from mobster.cmd.upload import upload
 
 
 def setup_arg_parser() -> argparse.ArgumentParser:
@@ -302,7 +303,10 @@ def upload_tpa_parser(subparsers: Any) -> None:
         default=1,
         help="Number of workers to execute uploads in parallel",
     )
-    tpa_parser.add_argument("--from-dir", type=Path, help="Directory to upload from")
-    tpa_parser.add_argument("--file", type=Path, help="File to upload")
+
+    # Create a mutually exclusive group and require one of the arguments
+    source_group = tpa_parser.add_mutually_exclusive_group(required=True)
+    source_group.add_argument("--from-dir", type=Path, help="Directory to upload from")
+    source_group.add_argument("--file", type=Path, help="File to upload")
 
     tpa_parser.set_defaults(func=upload.TPAUploadCommand)
diff --git a/src/mobster/cmd/upload.py b/src/mobster/cmd/upload.py
diff --git a/src/mobster/cmd/upload/__init__.py b/src/mobster/cmd/upload/__init__.py
@@ -0,0 +1 @@
+"""Upload module for the Mobster application."""
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		"""Upload module for the Mobster application."""