docs: make CI evidence-verify example robust under pipefail

[ld-singh]

Summary

Make the "JSON Output for CI" evidence-verify example in docs/user/artifact-verification.md robust under set -o pipefail, and normalize the evidence-verify JSON flags.

Motivation / Context

Follow-up to the deferred review nit on #1357. The previous example piped aicr evidence verify ... | jq '.exit' inside a command substitution. Under set -o pipefail (common in CI), the verifier's non-zero exit (e.g. exit 2 = bundle invalid) propagates through the pipeline and can abort the script before the case runs. It fails closed, but it does not behave as the guide implies. The fix writes the JSON to a file first, absorbs the exit with || true, then reads .exit from the file. Also normalized the nearby example from -t json to --format json for consistency.

Fixes: #1364
Related: #1357

Type of Change

• Documentation update

Component(s) Affected

• Docs/examples (docs/, examples/)

Implementation Notes

• Rewrote the case example to: aicr evidence verify ... --format json -o result.json || true then case "$(jq '.exit' result.json)" in ....
• Added one sentence explaining why the file-based form is used (pipefail / set -e robustness).
• Normalized aicr evidence verify ... -o result.json -t json to --format json -o result.json.

Testing

make check-docs-mdx check-docs-filenames

Docs-only change; MDX-safe and filename checks pass. CI runs the full gate plus the lychee anchor check.

Risk Assessment

• Low — Documentation only; trivially reversible.

Rollout notes: N/A

Checklist

• I updated docs if user-facing behavior changed
• Changes follow existing patterns in the codebase
• Commits are cryptographically signed (git commit -S)

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 4ac3859e-65fe-4502-9246-9eca40878be3

📥 Commits

Reviewing files that changed from the base of the PR and between eea2a81 and 40c9f02.

📒 Files selected for processing (1)

• docs/user/artifact-verification.md

---

📝 Walkthrough

Walkthrough

The "JSON Output for CI" section in docs/user/artifact-verification.md is updated. The aicr evidence verify command example is changed to write JSON output to a file (--format json -o result.json) instead of piping it directly. A || true suffix is added to absorb non-zero exit codes before the case statement runs, preventing set -o pipefail CI environments from aborting the script prematurely. The case branch then reads the .exit field from the saved file using jq '.exit' result.json.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• NVIDIA/aicr#1357: Introduced the docs/user/artifact-verification.md guide containing the original "JSON Output for CI" section that this PR fixes.

Suggested labels

area/docs

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: make CI evidence-verify example robust under pipefail' accurately describes the main change in the PR, which updates documentation to handle shell pipefail robustness.
Description check	✅ Passed	The PR description is well-related to the changeset, explaining the motivation for the documentation update, the specific fix applied, and the secondary normalization of JSON flags.
Linked Issues check	✅ Passed	The PR fully addresses the primary objective from issue #1364 by refactoring the CI example to use file-based JSON output with '|| true' to handle non-zero exits, and also completes the secondary objective of normalizing JSON output flags.
Out of Scope Changes check	✅ Passed	All changes are scoped to the 'JSON Output for CI' section of artifact-verification.md and directly address the documented issues; no extraneous modifications are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}