cmd/govulncheck: runs govulncheck on k8s in integration image
integration_run.sh now clones kubernetes and executes govulncheck on it.
Change-Id: I80eeb07ec597f6c007916b61f93c03b22993629b
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/400415
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/cmd/govulncheck/integration/Dockerfile b/cmd/govulncheck/integration/Dockerfile
index 7367fca..6fa55f6 100644
--- a/cmd/govulncheck/integration/Dockerfile
+++ b/cmd/govulncheck/integration/Dockerfile
@@ -4,7 +4,7 @@
# This assumes the build context, i.e., CWD is vuln/
# ---- Step 0: Setup shared build tools. ----
-RUN apk update && apk add bash git
+RUN apk update && apk add bash git gcc musl-dev linux-headers
# ---- Step 1: Build govulncheck ----
COPY . /go/src/golang.org/x/vuln
diff --git a/cmd/govulncheck/integration/integration_run.sh b/cmd/govulncheck/integration/integration_run.sh
index 887c714..f620291 100755
--- a/cmd/govulncheck/integration/integration_run.sh
+++ b/cmd/govulncheck/integration/integration_run.sh
@@ -3,5 +3,29 @@
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
-# TODO(zpavlinovic): add integration checks
-govulncheck -h
+# Clone kubernetes to a dedicated directory.
+dir="$GOPATH/src/kubernetes"
+if [ -d $dir ]; then
+ echo "Destination kubernetes already exists. Using the existing code."
+else
+ git clone https://github.com/kubernetes/kubernetes.git "${dir}"
+fi
+
+# Checkout kubernetes version v1.15.11 that
+# is known to have vulnerabilities.
+pushd $dir
+cd pkg
+git checkout tags/v1.15.11
+govulncheck ./...
+exitcode=$?
+popd
+
+# There should be some findings, which govulncheck
+# indicates by exit code 3.
+#
+# TODO(zpavlinovic): check if findings are as expected.
+if [ ${exitcode} -ne 3 ]; then
+ echo "FAIL: got exit code $exitcode, want 3"
+ exit 1
+fi
+echo PASS
