Pinning apidiff to a specific version shouldn't be necessary because, if past
experience in klog holds true, the latest version just works. This way we don't
have to remember to bump up the revision.
The downside of using "latest" is that a compromise of that version would give
an attacker the ability to run code in the CI and on developer machines.
apidiff can be invoked for a single internal package or iterate over
everything, including staging. The base to compare against can be specified via
-r (similar to verify-golangci-lint.sh), with the default the base revision on
master (similar to -a in verify-golangci-lint.sh).
See https://github.com/golang/mock#gomock: golang/mock is no longer
maintained, and should be replaced by go.uber.org/mock.
This allows golang/mock to be dropped from the status and vendored
fields in unwanted-dependencies.json.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Add script to verify that net.ParseIP and net.ParseCIDR are
not being used.
Add another script to automatically replace those functions
for the ones forked in k8s.io/utils/net
* Add static analysis to hack/verify-govet-levee.sh for defense against
accidental logging of credentials.
* Add binary dependency to hack/tools/tools.go and associated go.mod, go.sum.
* Add analysis configuration to hack/testdata/levee/
- add ./hack/tools/go.mod, this makes ./hack/tools a distinct module
- hack/tools/tools.go undescore imports bazel related tools, over time we
can add others.
- hack/*.sh scripts will cd to hack/tools and go install tools from there
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
