refactor(chartverifier): simplify GetPackageDigest and document helpers

internal/chartverifier/reportBuilder.go

@@ -223,30 +223,40 @@ func GenerateSha(rawFiles []*helmchart.File) string {
 	return fmt.Sprintf("sha256:%x", chartSha.Sum(nil))
 }
 
-func GetPackageDigest(uri string) string {
-	url, err := url.Parse(uri)
-	if err != nil {
-		return ""
-	}
-	var chartReader io.Reader
-	switch url.Scheme {
+// openChartPackage opens the chart package byte stream at u as an [io.ReadCloser].
+func openChartPackage(u *url.URL) (io.ReadCloser, error) {
+	switch u.Scheme {
 	case "http", "https":
-		var chartGetResponse *http.Response
-		chartGetResponse, err = http.Get(url.String())
-		if err == nil {
-			chartReader = chartGetResponse.Body
+		resp, err := http.Get(u.String())
+		if err != nil {
+			return nil, err
 		}
+		return resp.Body, nil
 	case "file", "":
-		if strings.HasSuffix(url.Path, ".tgz") {
-			chartReader, _ = os.Open(url.Path)
+		if !strings.HasSuffix(u.Path, ".tgz") {
+			return nil, nil
 		}
+		return os.Open(u.Path)
 	default:
-		err = fmt.Errorf("scheme %q not supported", url.Scheme)
+		return nil, fmt.Errorf("scheme %q not supported", u.Scheme)
+	}
+}
+
+// GetPackageDigest returns a hex-encoded SHA256 hash of the chart package bytes at uri.
+func GetPackageDigest(uri string) string {
+	u, err := url.Parse(uri)
+	if err != nil {
+		return ""
+	}
+	rc, err := openChartPackage(u)
+	if err != nil {
+		return ""
 	}
-	if err != nil || chartReader == nil {
+	if rc == nil {
 		return ""
 	}
-	return getDigest(chartReader)
+	defer rc.Close()
+	return getDigest(rc)
 }
 
 // Digest hashes a reader and returns a SHA256 digest.