From a3aa80197eb5d21b9e9a3e2f8c423ca707a0b815 Mon Sep 17 00:00:00 2001
From: RJ Trujillo <eyecantcu@pm.me>
Date: Wed, 27 Dec 2023 13:02:42 -0700
Subject: [PATCH] feat(verify): Parse output with jq for cleaner formatting

Requires we enable pipefail so that the action fails when verification fails
---
 verify/action.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/verify/action.yml b/verify/action.yml
index f66e7c0..f47441c 100644
--- a/verify/action.yml
+++ b/verify/action.yml
@@ -29,13 +29,14 @@ runs:
       shell: bash
       run: |
         REGISTRY=$(echo ${{ inputs.registry }} | awk '{print tolower($0)}')
+        set -o pipefail
         if [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
           for CONTAINER in $(echo "${CONTAINERS}" | tr "," "\n"); do
-            cosign verify $REGISTRY/${CONTAINER} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }}
+            cosign verify $REGISTRY/${CONTAINER} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }} | jq
           done
         elif [[ -n "${{ inputs.pubkey }}" ]]; then
           for CONTAINER in $(echo "${CONTAINERS}" | tr "," "\n"); do
-            cosign verify --key ${{ inputs.pubkey }} $REGISTRY/${CONTAINER}
+            cosign verify --key ${{ inputs.pubkey }} $REGISTRY/${CONTAINER} | jq
           done
         else
           exit 1