Allow `cosign save` to reuse save directory to help dedupe shared layers.

[amartin120]

Summary

When using cosign save with dozens, or in my case, hundreds of images, the storage consumption can really add up with each image requiring their own directory. There's potentially a case where images can share layers so this change allows for the cosign save function to be able to reuse a directory from a previous save and just build on the index.json along with an additional annotation for each entry to aide with the corresponding cosign load.

From there, I've modified cosign load to have a new optional flag --registry where you can specify a registry to load all of the images to from a single directory. In cases where you are only dealing with a single image, the load command would function exactly how it does today where you just provide the remote reference via the cli.

Release Note

• Updated cosign save to append the index.json if pointed at a --dir used in a previous save.
• Added the org.opencontainers.image.ref.name annotation to the index.json for clarity and to help with cosign load in cases where the directory is reused.
• Updated cosign load to have an optional flag called --registry that can be used in cases where the index.json from a save contains multiple images. This handles being able to control where the images get loaded to in the case where providing a single ref via the CLI no longer makes sense. If you don't provide the --registry flag, the cosign load command will continue to function as it does today.

Documentation

Example usage: cosign save image1:v1.0 --dir ~/saves cosign save image2:v1.0 --dir ~/saves

cat ~/saves/index.json

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.oci.image.index.v1+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1581,
         "digest": "sha256:c5b6da2ffbc9f63e8d250d5985f722830dfb5cc8958e8f64f7e14edc18b584fa",
         "annotations": {
            "kind": "dev.cosignproject.cosign/image",
            "org.opencontainers.image.ref.name": "image1:v1.0"
         }
      },
      {
         "mediaType": "application/vnd.oci.image.manifest.v1+json",
         "size": 558,
         "digest": "sha256:077bc8e8cfe1577f89959c749da1fbe941bde8b35b7ccdfe4f5832fb5ade2ec1",
         "annotations": {
            "kind": "dev.cosignproject.cosign/sigs",
            "org.opencontainers.image.ref.name": "image1:v1.0"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 468,
         "digest": "sha256:7e6fb78b8f35c859c9200567229a4350c17e057d4d13c80121a3f603748a1cb0",
         "annotations": {
            "kind": "dev.cosignproject.cosign/atts",
            "org.opencontainers.image.ref.name": "image1:v1.0"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
         "size": 967,
         "digest": "sha256:7e42b1a631859c6740835659a022ed96097955dde2707f32e7a089f5b5f64c06",
         "annotations": {
            "kind": "dev.cosignproject.cosign/imageIndex",
            "org.opencontainers.image.ref.name": "image2:v1.0"
         }
      },
      {
         "mediaType": "application/vnd.oci.image.manifest.v1+json",
         "size": 558,
         "digest": "sha256:88145843e5dcd7a0d515cf874997b1d4eaa742a1594dc75c6bd111f109cf4455",
         "annotations": {
            "kind": "dev.cosignproject.cosign/sigs",
            "org.opencontainers.image.ref.name": "image2:v1.0"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 469,
         "digest": "sha256:6fa5a413e06af7babaeae39bb06c92b563463080fd46003b078050787c3ef6f0",
         "annotations": {
            "kind": "dev.cosignproject.cosign/atts",
            "org.opencontainers.image.ref.name": "image2:v1.0"
         }
      }
   ]
}

cosign load --dir ~/saves --registry your.registry.com