From f92d0d9894f98651cca4c07d7988e7653d981719 Mon Sep 17 00:00:00 2001
From: Joe Betz <jpbetz@google.com>
Date: Fri, 26 May 2023 15:20:38 -0400
Subject: [PATCH 1/2] Add vendor integrity check

---
 cloudbuild.yaml          |  3 +++
 scripts/verify-vendor.sh | 28 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100755 scripts/verify-vendor.sh

diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index fc8439fe..5f38f5a0 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -21,6 +21,9 @@ steps:
         #   entrypoint: sh
         #   # deploys folder of test results (with build id as folder name) to GCS
         #   args: ['-c', 'gsutil cp -r $(cat _DATE) gs://cel-conformance/test-logs/']
+        - name: 'ubuntu'
+          # check the integrity of the vendor directory
+          args: ['scripts/verify-vendor.sh']
         - name: 'gcr.io/cloud-builders/bazel'
           entrypoint: bazel
           args: ['test', '--test_output=errors', '...']
diff --git a/scripts/verify-vendor.sh b/scripts/verify-vendor.sh
new file mode 100755
index 00000000..288a2993
--- /dev/null
+++ b/scripts/verify-vendor.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+tmp="$(mktemp -d)"
+go mod vendor -o "$tmp"
+if ! _out="$(diff -Naupr vendor $tmp)"; then
+  echo "Verify vendor failed" >&2
+  echo "If you're seeing this locally, run the below command to fix your go.mod:" >&2
+  echo "go mod vendor" >&2
+  exit 1
+fi

From c184509ac9e82ca085b4d2f306fc2eff544b9163 Mon Sep 17 00:00:00 2001
From: Joe Betz <jpbetz@google.com>
Date: Fri, 26 May 2023 15:29:19 -0400
Subject: [PATCH 2/2] Use golang base image for verify-vendor.sh

---
 cloudbuild.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index 5f38f5a0..c1658e65 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -21,7 +21,7 @@ steps:
         #   entrypoint: sh
         #   # deploys folder of test results (with build id as folder name) to GCS
         #   args: ['-c', 'gsutil cp -r $(cat _DATE) gs://cel-conformance/test-logs/']
-        - name: 'ubuntu'
+        - name: 'golang:1.20'
           # check the integrity of the vendor directory
           args: ['scripts/verify-vendor.sh']
         - name: 'gcr.io/cloud-builders/bazel'