1#!/usr/bin/env bash
2# Copyright 2023 The Kubernetes Authors.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16set -o errexit
17set -o nounset
18set -o pipefail
19
20KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
21source "${KUBE_ROOT}/hack/lib/init.sh"
22source "${KUBE_ROOT}/hack/lib/util.sh"
23
24# make sure everything is committed
25kube::util::ensure_clean_working_dir
26
27# This sets up the environment, like GOCACHE, which keeps the worktree cleaner.
28kube::golang::setup_env
29
30go install golang.org/x/vuln/cmd/govulncheck@v1.0.1
31
32# KUBE_VERIFY_GIT_BRANCH is populated in verify CI jobs
33BRANCH="${KUBE_VERIFY_GIT_BRANCH:-master}"
34
35kube::util::ensure-temp-dir
36WORKTREE="${KUBE_TEMP}/worktree"
37
38# Create a copy of the repo with $BRANCH checked out
39git worktree add -f "${WORKTREE}" "${BRANCH}"
40# Clean up the copy on exit
41kube::util::trap_add "git worktree remove -f ${WORKTREE}" EXIT
42
43govulncheck -scan module ./... > "${KUBE_TEMP}/head.txt"
44pushd "${WORKTREE}" >/dev/null
45 govulncheck -scan module ./... > "${KUBE_TEMP}/pr-base.txt"
46popd >/dev/null
47
48echo -e "\n HEAD: $(cat "${KUBE_TEMP}"/head.txt)"
49echo -e "\n PR_BASE: $(cat "${KUBE_TEMP}/pr-base.txt")"
50
51diff -s -u --ignore-all-space "${KUBE_TEMP}"/pr-base.txt "${KUBE_TEMP}"/head.txt || true
View as plain text