k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/hack/verify-govulncheck.sh (about) 1 #!/usr/bin/env bash 2 # Copyright 2023 The Kubernetes Authors. 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 16 set -o errexit 17 set -o nounset 18 set -o pipefail 19 20 KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 21 source "${KUBE_ROOT}/hack/lib/init.sh" 22 source "${KUBE_ROOT}/hack/lib/util.sh" 23 24 # make sure everything is committed 25 kube::util::ensure_clean_working_dir 26 27 # This sets up the environment, like GOCACHE, which keeps the worktree cleaner. 28 kube::golang::setup_env 29 30 go install golang.org/x/vuln/cmd/govulncheck@v1.0.1 31 32 # KUBE_VERIFY_GIT_BRANCH is populated in verify CI jobs 33 BRANCH="${KUBE_VERIFY_GIT_BRANCH:-master}" 34 35 kube::util::ensure-temp-dir 36 WORKTREE="${KUBE_TEMP}/worktree" 37 38 # Create a copy of the repo with $BRANCH checked out 39 git worktree add -f "${WORKTREE}" "${BRANCH}" 40 # Clean up the copy on exit 41 kube::util::trap_add "git worktree remove -f ${WORKTREE}" EXIT 42 43 govulncheck -scan module ./... > "${KUBE_TEMP}/head.txt" 44 pushd "${WORKTREE}" >/dev/null 45 govulncheck -scan module ./... > "${KUBE_TEMP}/pr-base.txt" 46 popd >/dev/null 47 48 echo -e "\n HEAD: $(cat "${KUBE_TEMP}"/head.txt)" 49 echo -e "\n PR_BASE: $(cat "${KUBE_TEMP}/pr-base.txt")" 50 51 diff -s -u --ignore-all-space "${KUBE_TEMP}"/pr-base.txt "${KUBE_TEMP}"/head.txt || true