blob: bfe182b73c4ae88504204165c4d26df553ba1fc6 [file] [log] [blame]
#!/usr/bin/env bash
# Copyright 2022 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
set -ex
# Make a full clone of the repo so that gendb can find missing PublishDates in
# reports by reading the commit history.
#
# Kokoro creates a shallow clone. Attempts to
# deepen the clone with `git fetch --unshallow` failed,
# apparently because Kokoro uses the `rpc:` scheme to
# clone the repo.
git clone https://go.googlesource.com/vulndb
cd vulndb
# Copy the existing vuln DB into a local directory so we can diff it.
mkdir old-db
gsutil -q -m cp -r gs://go-vulndb/* old-db
# Generate a copy of the DB using the current state of the repo
# and diff it with the old one. Do all this in a docker container
# so we can select the version of Go that we want.
docker run --rm \
-v $PWD:/vulndb \
-w /vulndb \
golang:1.17.3 \
/bin/bash -c 'go run ./cmd/gendb -repo /vulndb -out new-db &&
go run ./cmd/dbdiff old-db new-db'