Merge pull request #2284 from simonbaird/conforma-rename-first-steps

Adopt new name in cli docs

Dockerfile

@@ -41,18 +41,22 @@ COPY . .
 
 RUN /build/build.sh "${BUILD_LIST}" "${BUILD_SUFFIX}"
 
+## Final image
+
 FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5@sha256:b87097994ed62fbf1de70bc75debe8dacf3ea6e00dd577d74503ef66452c59d6
 
 ARG TARGETOS
 ARG TARGETARCH
 
+ARG CLI_NAME="Conforma"
+
 LABEL \
   name="ec-cli" \
-  description="Enterprise Contract verifies and checks supply chain artifacts to ensure they meet security and business policies." \
-  io.k8s.description="Enterprise Contract verifies and checks supply chain artifacts to ensure they meet security and business policies." \
-  summary="Provides the binaries for downloading the EC CLI. Also used as a Tekton task runner image for EC tasks. Upstream build." \
-  io.k8s.display-name="Enterprise Contract" \
-  io.openshift.tags="enterprise-contract ec opa cosign sigstore"
+  description="${CLI_NAME} verifies and checks supply chain artifacts to ensure they meet security and business policies." \
+  io.k8s.description="${CLI_NAME} verifies and checks supply chain artifacts to ensure they meet security and business policies." \
+  summary="Provides the binaries for downloading the ${CLI_NAME} CLI. Also used as a runner image for Tekton tasks." \
+  io.k8s.display-name="${CLI_NAME}" \
+  io.openshift.tags="conforma ec opa cosign sigstore"
 
 # Install tools we want to use in the Tekton task
 RUN microdnf upgrade --assumeyes --nodocs --setopt=keepcache=0 --refresh && microdnf -y --nodocs --setopt=keepcache=0 install git-core jq
@@ -72,7 +76,7 @@ COPY --from=build "/build/dist/ec_${TARGETOS}_${TARGETARCH}" /usr/local/bin/ec
 # Copy the one kubectl binary that can run in this container
 COPY --from=build "/build/dist/kubectl_${TARGETOS}_${TARGETARCH}" /usr/local/bin/kubectl
 
-# Copt reduce-snapshot script needed for single component mode
+# Copy reduce-snapshot script needed for single component mode
 COPY hack/reduce-snapshot.sh /usr/local/bin
 
 # OpenShift preflight check requires a license

Dockerfile.dist

@@ -50,13 +50,15 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5@sha256:b87097994ed62fbf1de7
 ARG TARGETOS
 ARG TARGETARCH
 
+ARG CLI_NAME="Enterprise Contract"
+
 LABEL \
   name="ec-cli" \
-  description="Enterprise Contract verifies and checks supply chain artifacts to ensure they meet security and business policies." \
-  io.k8s.description="Enterprise Contract verifies and checks supply chain artifacts to ensure they meet security and business policies." \
-  summary="Provides the binaries for downloading the EC CLI. Also used as a Tekton task runner image for EC tasks. Red Hat build." \
-  io.k8s.display-name="Enterprise Contract for Red Hat Trusted Artifact Signer" \
-  io.openshift.tags="rhtas rhtap trusted-artifact-signer trusted-application-pipeline enterprise-contract ec opa cosign sigstore" \
+  description="${CLI_NAME} verifies and checks supply chain artifacts to ensure they meet security and business policies." \
+  io.k8s.description="${CLI_NAME} verifies and checks supply chain artifacts to ensure they meet security and business policies." \
+  summary="Provides the binaries for downloading the ${CLI_NAME} CLI. Also used as a runner image for Tekton tasks." \
+  io.k8s.display-name="${CLI_NAME}" \
+  io.openshift.tags="rhtas rhtap trusted-artifact-signer trusted-application-pipeline enterprise-contract conforma ec opa cosign sigstore" \
   com.redhat.component="ec-cli"
 
 # Install tools we want to use in the Tekton task

README.md

@@ -1,11 +1,11 @@
-# `ec` a command line client for evaluating the Enterprise Contract
+# `ec` a command line client for verifying artifacts and evaluating policies
 
-The `ec` tool is used to evaluate Enterprise Contract policies for Software
+The `ec` tool is used to evaluate Conforma policies for Software
 Supply Chain. Various sub-commands can be used to assert facts about an artifact
 such as:
   * Validating container image signature
   * Validating container image provenance
-  * Evaluating Enterprise Contract [policies][pol] over the container image provenance
+  * Evaluating [policies][pol] over the container image provenance
   * Fetching artifact authorization
 
 Consult the [documentation][docs] for available sub-commands, descriptions and

build.sh

@@ -36,7 +36,7 @@ build_ec() {
         -trimpath \
         --mod=readonly \
         -ldflags="-s -w -X github.com/enterprise-contract/ec-cli/internal/version.Version=$4" \
-        -o "dist/${BINFILE}"
+        -o "dist/$3"
     sha256sum -b "dist/$3" > "dist/$3.sha256"
 }
 

cmd/fetch/fetch_policy.go

@@ -52,9 +52,8 @@ func fetchPolicyCmd() *cobra.Command {
 			documentation for more usage examples and for details on the different types of
 			supported source URLs.
 
-			Note that this command is not typically required to verify the Enterprise
-			Contract. It has been made available for troubleshooting and debugging
-			purposes.
+			Note that this command is not typically required to evaluate policies.
+			It has been made available for troubleshooting and debugging purposes.
 		`),
 
 		Example: hd.Doc(`

cmd/inspect/inspect_policy.go

@@ -63,16 +63,16 @@ func inspectPolicyCmd() *cobra.Command {
 			including the rule annotations which include the rule's title and description
 			and custom fields used by ec to filter the results produced by conftest.
 
-			Note that this command is not typically required to verify the Enterprise
-			Contract. It has been made available for troubleshooting and debugging purposes.
+			Note that this command is not typically required to evaluate policies.
+			It has been made available for troubleshooting and debugging purposes.
 		`),
 
 		Example: hd.Doc(`
-			Print a list of rules and their descriptions from the latest Enterprise Contract release policy:
+			Print a list of rules and their descriptions from the latest release policy:
 
 			  ec inspect policy --source quay.io/enterprise-contract/ec-release-policy
 
-			Display details about the latest Enterprise Contract release policy in json format:
+			Display details about the latest release policy in json format:
 
 			  ec inspect policy --source quay.io/enterprise-contract/ec-release-policy -o json | jq
 		`),

cmd/inspect/inspect_policy_data.go

@@ -56,8 +56,8 @@ func inspectPolicyDataCmd() *cobra.Command {
 			the policy is fetched it reads json and yaml files inside the policy source and
 			displays the data.
 
-			Note that this command is not typically required to verify the Enterprise
-			Contract. It has been made available for troubleshooting and debugging purposes.
+			Note that this command is not typically required to evaluate policies.
+			It has been made available for troubleshooting and debugging purposes.
 		`),
 
 		Example: hd.Doc(`

cmd/root/root_cmd.go

@@ -34,6 +34,7 @@ import (
 	"github.com/enterprise-contract/ec-cli/internal/kubernetes"
 	"github.com/enterprise-contract/ec-cli/internal/logging"
 	"github.com/enterprise-contract/ec-cli/internal/tracing"
+	"github.com/enterprise-contract/ec-cli/internal/version"
 )
 
 var (
@@ -57,12 +58,12 @@ func (customDeadlineExceededError) Temporary() bool { return true }
 func NewRootCmd() *cobra.Command {
 	rootCmd := &cobra.Command{
 		Use:   "ec",
-		Short: "Enterprise Contract CLI",
+		Short: version.CliName() + " CLI",
 
 		Long: hd.Doc(`
-			Enterprise Contract CLI
+			` + version.CliName() + ` CLI
 
-			Set of commands to help validate resources with the Enterprise Contract.
+			Set of commands to help validate resources with the provided policies.
 		`),
 
 		SilenceUsage: true,

cmd/validate/image.go

@@ -82,13 +82,13 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use:   "image",
-		Short: "Validate conformance of container images with the Enterprise Contract",
+		Short: "Validate conformance of container images with the provided policies",
 
 		Long: hd.Doc(`
-			Validate conformance of container images with the Enterprise Contract
+			Validate conformance of container images with the provided policies
 
 			For each image, validation is performed in stages to determine if the image
-			conforms to the Enterprise Contract.
+			conforms to the provided policies.
 
 			The first validation stage determines if an image has been signed, and the
 			signature matches the provided public key. This is akin to the "cosign verify"

cmd/validate/input.go

@@ -57,12 +57,12 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 	}
 	cmd := &cobra.Command{
 		Use:   "input",
-		Short: "Validate arbitrary JSON or yaml file input conformance with the Enterprise Contract",
+		Short: "Validate arbitrary JSON or yaml file input conformance with the provided policies",
 		Long: hd.Doc(`
-			Validate conformance of arbitrary JSON or yaml file input with the Enterprise Contract
+			Validate conformance of arbitrary JSON or yaml file input with the provided policies
 
 			For each file, validation is performed to determine if the file conforms to rego policies
-			defined in the the EnterpriseContractPolicy.
+			defined in the EnterpriseContractPolicy.
 			`),
 		Example: hd.Doc(`
 			Use an EnterpriseContractPolicy spec from a local YAML file to validate a single file

cmd/validate/validate.go

@@ -40,7 +40,7 @@ func init() {
 func NewValidateCmd() *cobra.Command {
 	validateCmd := &cobra.Command{
 		Use:   "validate",
-		Short: "Validate conformance with the Enterprise Contract",
+		Short: "Validate conformance with the provided policies",
 	}
 	validateCmd.PersistentFlags().Bool("show-successes", false, "")
 	return validateCmd

docs/antora.yml

@@ -16,7 +16,7 @@
 
 ---
 name: ec-cli
-title: Enterprise Contract CLI
+title: Conforma CLI (formerly Enterprise Contract CLI)
 version: ~
 nav:
   - modules/ROOT/nav.adoc

docs/modules/ROOT/pages/configuration.adoc

@@ -41,7 +41,7 @@ By default, all rules are included.
 You can modify the defaults by setting `config.policy.include` and
 `config.policy.exclude`. Each of those values should be a list of strings.
 
-The strings in the list should be one of the the following:
+The strings in the list should be one of the following:
 
 A "package name"::
 
@@ -397,8 +397,8 @@ JSON::
 
 === Specifying that certain tests should be non-blocking
 
-This example shows how to specify that the Enterprise Contract is allowed to
-pass even if certain tests failed or didn't complete.
+This example shows how to specify that a passing result should be produced
+even if certain tests failed or didn't complete.
 
 [tabs]
 ====
@@ -485,7 +485,7 @@ JSON::
 
 == Data Sources
 
-Some of the Enterprise Contract policy rules, defined in the ec-policies git
+Some of the Conforma policy rules, defined in the ec-policies git
 repository, rely on certain data values when evaluated. For example, a policy
 rule exists to ensure all the parent container images used during the build
 process have been retrieved from an acceptable registry. The list of acceptable

docs/modules/ROOT/pages/ec.adoc

@@ -1,12 +1,12 @@
 = ec
 
-Enterprise Contract CLI
+Conforma CLI
 
 == Synopsis
 
-Enterprise Contract CLI
+Conforma CLI
 
-Set of commands to help validate resources with the Enterprise Contract.
+Set of commands to help validate resources with the provided policies.
 
 [source,shell]
 ----

docs/modules/ROOT/pages/ec_fetch.adoc

@@ -18,4 +18,4 @@ Fetch remote resources
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_fetch_policy.adoc

@@ -16,9 +16,8 @@ This command is based on 'conftest pull' so you can refer to the conftest pull
 documentation for more usage examples and for details on the different types of
 supported source URLs.
 
-Note that this command is not typically required to verify the Enterprise
-Contract. It has been made available for troubleshooting and debugging
-purposes.
+Note that this command is not typically required to evaluate policies.
+It has been made available for troubleshooting and debugging purposes.
 
 [source,shell]
 ----

docs/modules/ROOT/pages/ec_init.adoc

@@ -18,4 +18,4 @@ Initialize a directory for use
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_inspect.adoc

@@ -18,4 +18,4 @@ Inspect policy rules
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_inspect_policy-data.adoc

@@ -10,8 +10,8 @@ This fetches policy sources similar to the 'ec fetch policy' command, but once
 the policy is fetched it reads json and yaml files inside the policy source and
 displays the data.
 
-Note that this command is not typically required to verify the Enterprise
-Contract. It has been made available for troubleshooting and debugging purposes.
+Note that this command is not typically required to evaluate policies.
+It has been made available for troubleshooting and debugging purposes.
 
 [source,shell]
 ----

docs/modules/ROOT/pages/ec_inspect_policy.adoc

@@ -14,20 +14,20 @@ This can be used to extract information about each rule in the policy source,
 including the rule annotations which include the rule's title and description
 and custom fields used by ec to filter the results produced by conftest.
 
-Note that this command is not typically required to verify the Enterprise
-Contract. It has been made available for troubleshooting and debugging purposes.
+Note that this command is not typically required to evaluate policies.
+It has been made available for troubleshooting and debugging purposes.
 
 [source,shell]
 ----
 ec inspect policy --source <source-url> [flags]
 ----
 
 == Examples
-Print a list of rules and their descriptions from the latest Enterprise Contract release policy:
+Print a list of rules and their descriptions from the latest release policy:
 
   ec inspect policy --source quay.io/enterprise-contract/ec-release-policy
 
-Display details about the latest Enterprise Contract release policy in json format:
+Display details about the latest release policy in json format:
 
   ec inspect policy --source quay.io/enterprise-contract/ec-release-policy -o json | jq
 

docs/modules/ROOT/pages/ec_opa.adoc

@@ -25,4 +25,4 @@ ec opa [flags]
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_sigstore.adoc

@@ -18,4 +18,4 @@ Perform certain sigstore operations
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_test.adoc

@@ -105,4 +105,4 @@ the output will include a detailed trace of how the policy was evaluated, e.g.
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_track.adoc

@@ -18,4 +18,4 @@ Record resource references for tracking purposes
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_validate.adoc

@@ -1,6 +1,6 @@
 = ec validate
 
-Validate conformance with the Enterprise Contract
+Validate conformance with the provided policies
 
 == Options
 
@@ -19,4 +19,4 @@ Validate conformance with the Enterprise Contract
 
 == See also
 
- * xref:ec.adoc[ec - Enterprise Contract CLI]
+ * xref:ec.adoc[ec - Conforma CLI]

docs/modules/ROOT/pages/ec_validate_image.adoc

@@ -1,13 +1,13 @@
 = ec validate image
 
-Validate conformance of container images with the Enterprise Contract
+Validate conformance of container images with the provided policies
 
 == Synopsis
 
-Validate conformance of container images with the Enterprise Contract
+Validate conformance of container images with the provided policies
 
 For each image, validation is performed in stages to determine if the image
-conforms to the Enterprise Contract.
+conforms to the provided policies.
 
 The first validation stage determines if an image has been signed, and the
 signature matches the provided public key. This is akin to the "cosign verify"
@@ -167,4 +167,4 @@ JSON of the "spec" or a reference to a Kubernetes object [<namespace>/]<name>
 
 == See also
 
- * xref:ec_validate.adoc[ec validate - Validate conformance with the Enterprise Contract]
+ * xref:ec_validate.adoc[ec validate - Validate conformance with the provided policies]

docs/modules/ROOT/pages/ec_validate_input.adoc

@@ -1,13 +1,13 @@
 = ec validate input
 
-Validate arbitrary JSON or yaml file input conformance with the Enterprise Contract
+Validate arbitrary JSON or yaml file input conformance with the provided policies
 
 == Synopsis
 
-Validate conformance of arbitrary JSON or yaml file input with the Enterprise Contract
+Validate conformance of arbitrary JSON or yaml file input with the provided policies
 
 For each file, validation is performed to determine if the file conforms to rego policies
-defined in the the EnterpriseContractPolicy.
+defined in the EnterpriseContractPolicy.
 
 [source,shell]
 ----
@@ -73,4 +73,4 @@ mark (?) sign, for example: --output text=output.txt?show-successes=false
 
 == See also
 
- * xref:ec_validate.adoc[ec validate - Validate conformance with the Enterprise Contract]
+ * xref:ec_validate.adoc[ec validate - Validate conformance with the provided policies]