commit 5b3cf6b6950d92c359117d458c81b57f998118ca
author Julie Qiu <julie@golang.org> Mon Dec 20 16:26:47 2021 -0500
committer Julie Qiu <julie@golang.org> Mon Dec 20 22:08:22 2021 +0000
tree f06704489a48d1b54c2f96d7f44ebaf789f78d24
parent 604036612d810cc25b26ff77e49cce7f67b03cd2

cmd,internal: add tools and worker code

golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
issues:

1. The structure of the YAML reports is tightly coupled with the structs
   in internal/report, and changing one without the other would result
   in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
   consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
   that command could easily break the script (for example, submitting
   CL 373004 without changing the reference in deploy/build.yaml).

Additionally, the original location of this code was x/vuln, which
contained two types of packages.

(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
worker.

The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:

* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb

For golang/go#50247

Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>