From c6f456bc90574f4180f3b990e8a4e216485e35b7 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Wed, 5 Mar 2025 15:11:37 +0100
Subject: [PATCH] cli/command/image: deprecate and internalize TrustedPush

This function was only used by "docker trust sign"; inline the code
and deprecate the function.

This function has no known external consumers, so we should remove
it on the first possible ocassion (which could be a minor release).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 cli/command/image/trust.go | 4 +++-
 cli/command/trust/sign.go  | 8 +++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/cli/command/image/trust.go b/cli/command/image/trust.go
index 89d6e54eae..9fa19a0130 100644
--- a/cli/command/image/trust.go
+++ b/cli/command/image/trust.go
@@ -44,7 +44,9 @@ func newNotaryClient(cli command.Streams, imgRefAndAuth trust.ImageRefAndAuth) (
 	return trust.GetNotaryRepository(cli.In(), cli.Out(), command.UserAgent(), imgRefAndAuth.RepoInfo(), imgRefAndAuth.AuthConfig(), "pull")
 }
 
-// TrustedPush handles content trust pushing of an image
+// TrustedPush handles content trust pushing of an image.
+//
+// Deprecated: this function was only used internally and will be removed in the next release.
 func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, options image.PushOptions) error {
 	responseBody, err := cli.Client().ImagePush(ctx, reference.FamiliarString(ref), options)
 	if err != nil {
diff --git a/cli/command/trust/sign.go b/cli/command/trust/sign.go
index 1875e257b5..0b913e323b 100644
--- a/cli/command/trust/sign.go
+++ b/cli/command/trust/sign.go
@@ -8,6 +8,7 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/distribution/reference"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
@@ -98,10 +99,15 @@ func runSignImage(ctx context.Context, dockerCLI command.Cli, options signOption
 			if err != nil {
 				return err
 			}
-			return image.TrustedPush(ctx, dockerCLI, imgRefAndAuth.RepoInfo(), imgRefAndAuth.Reference(), *imgRefAndAuth.AuthConfig(), imagetypes.PushOptions{
+			responseBody, err := dockerCLI.Client().ImagePush(ctx, reference.FamiliarString(imgRefAndAuth.Reference()), imagetypes.PushOptions{
 				RegistryAuth:  encodedAuth,
 				PrivilegeFunc: requestPrivilege,
 			})
+			if err != nil {
+				return err
+			}
+			defer responseBody.Close()
+			return image.PushTrustedReference(ctx, dockerCLI, imgRefAndAuth.RepoInfo(), imgRefAndAuth.Reference(), authConfig, responseBody)
 		default:
 			return err
 		}