From 5d2c8fc10b00b8a7d8571113f2d7d66f0abe25df Mon Sep 17 00:00:00 2001
From: Julian Brost <julian.brost@icinga.com>
Date: Fri, 19 Aug 2022 14:42:33 +0200
Subject: [PATCH] Show diff of dependencies in GitHub Actions

dependabot adds a link showing the diff of the dependency but when there are
changes in indirect dependencies, these have to be diffed manually. This commit
vendors the dependencies before and after a PR and outputs the diff.
---
 .github/workflows/go.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 0c7b611f..de155212 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -78,3 +78,31 @@ jobs:
             gitdiff="$(git diff -U0)"
             echo "$gitdiff"
             test -z "$gitdiff"
+
+  vendor-diff:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/setup-go@v3
+      with:
+        go-version: ^1.18
+
+    - name: Checkout base commit
+      uses: actions/checkout@v3
+      with:
+        path: a
+        ref: ${{ github.base_ref }}
+    - name: Download dependencies of base commit
+      run: go mod vendor
+      working-directory: a
+
+    - name: Checkout PR
+      uses: actions/checkout@v3
+      with:
+        path: b
+    - name: Download dependencies of PR
+      run: go mod vendor
+      working-directory: b
+
+    - name: Diff of dependencies
+      run: diff -ur --color=always a/vendor b/vendor || true