Consistently use AddFlagSet before flag definitions

AddFlagSet silently ignores conflicting flags, whereas individual
flag definitions panic on (simple) conflicts; so, to detect ambiguities,
prefer to use AddFlagSet first.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

cmd/skopeo/inspect.go

@@ -57,13 +57,13 @@ skopeo inspect --format "Name: {{.Name}} Digest: {{.Digest}}" docker://registry.
 	}
 	adjustUsage(cmd)
 	flags := cmd.Flags()
+	flags.AddFlagSet(&sharedFlags)
+	flags.AddFlagSet(&imageFlags)
+	flags.AddFlagSet(&retryFlags)
 	flags.BoolVar(&opts.raw, "raw", false, "output raw manifest or configuration")
 	flags.BoolVar(&opts.config, "config", false, "output configuration")
 	flags.StringVarP(&opts.format, "format", "f", "", "Format the output to a Go template")
 	flags.BoolVarP(&opts.doNotListTags, "no-tags", "n", false, "Do not list the available tags from the repository in the output")
-	flags.AddFlagSet(&sharedFlags)
-	flags.AddFlagSet(&imageFlags)
-	flags.AddFlagSet(&retryFlags)
 	return cmd
 }
 

cmd/skopeo/login.go

@@ -29,8 +29,8 @@ func loginCmd(global *globalOptions) *cobra.Command {
 	}
 	adjustUsage(cmd)
 	flags := cmd.Flags()
-	commonFlag.OptionalBoolFlag(flags, &opts.tlsVerify, "tls-verify", "require HTTPS and verify certificates when accessing the registry")
 	flags.AddFlagSet(auth.GetLoginFlags(&opts.loginOpts))
+	commonFlag.OptionalBoolFlag(flags, &opts.tlsVerify, "tls-verify", "require HTTPS and verify certificates when accessing the registry")
 	return cmd
 }
 

cmd/skopeo/logout.go

@@ -28,8 +28,8 @@ func logoutCmd(global *globalOptions) *cobra.Command {
 	}
 	adjustUsage(cmd)
 	flags := cmd.Flags()
-	commonFlag.OptionalBoolFlag(flags, &opts.tlsVerify, "tls-verify", "require HTTPS and verify certificates when accessing the registry")
 	flags.AddFlagSet(auth.GetLogoutFlags(&opts.logoutOpts))
+	commonFlag.OptionalBoolFlag(flags, &opts.tlsVerify, "tls-verify", "require HTTPS and verify certificates when accessing the registry")
 	return cmd
 }
 

cmd/skopeo/sync.go

@@ -113,6 +113,11 @@ See skopeo-sync(1) for details.
 	}
 	adjustUsage(cmd)
 	flags := cmd.Flags()
+	flags.AddFlagSet(&sharedFlags)
+	flags.AddFlagSet(&deprecatedTLSVerifyFlags)
+	flags.AddFlagSet(&srcFlags)
+	flags.AddFlagSet(&destFlags)
+	flags.AddFlagSet(&retryFlags)
 	flags.BoolVar(&opts.removeSignatures, "remove-signatures", false, "Do not copy signatures from SOURCE images")
 	flags.StringVar(&opts.signByFingerprint, "sign-by", "", "Sign the image using a GPG key with the specified `FINGERPRINT`")
 	flags.StringVar(&opts.signBySigstoreParamFile, "sign-by-sigstore", "", "Sign the image using a sigstore parameter file at `PATH`")
@@ -128,11 +133,6 @@ See skopeo-sync(1) for details.
 	flags.BoolVar(&opts.dryRun, "dry-run", false, "Run without actually copying data")
 	flags.BoolVar(&opts.preserveDigests, "preserve-digests", false, "Preserve digests of images and lists")
 	flags.BoolVarP(&opts.keepGoing, "keep-going", "", false, "Do not abort the sync if any image copy fails")
-	flags.AddFlagSet(&sharedFlags)
-	flags.AddFlagSet(&deprecatedTLSVerifyFlags)
-	flags.AddFlagSet(&srcFlags)
-	flags.AddFlagSet(&destFlags)
-	flags.AddFlagSet(&retryFlags)
 	return cmd
 }
 

cmd/skopeo/utils.go

@@ -176,9 +176,9 @@ func imageFlags(global *globalOptions, shared *sharedImageOptions, deprecatedTLS
 	dockerFlags, opts := dockerImageFlags(global, shared, deprecatedTLSVerify, flagPrefix, credsOptionAlias)
 
 	fs := pflag.FlagSet{}
+	fs.AddFlagSet(&dockerFlags)
 	fs.StringVar(&opts.sharedBlobDir, flagPrefix+"shared-blob-dir", "", "`DIRECTORY` to use to share blobs across OCI repositories")
 	fs.StringVar(&opts.dockerDaemonHost, flagPrefix+"daemon-host", "", "use docker daemon host at `HOST` (docker-daemon: only)")
-	fs.AddFlagSet(&dockerFlags)
 	return fs, opts
 }