validate and update vendor targets

[crazy-max]

follow-up #3315

discussed with @milosgajdos about cleaning up our workflows that are a bit redundant (like the ci.yml one).

this pr adds targets to update and validate vendor:

$ make vendor
$ make validate-vendor

like our build workflow, everything is sandboxed.

another target has been added to check for outdated dependencies:

$ make mod-outdated
...
#15 10.41 +-----------------------------------------------+------------------------------------+------------------------------------+--------+------------------+
#15 10.41 |                    MODULE                     |              VERSION               |            NEW VERSION             | DIRECT | VALID TIMESTAMPS |
#15 10.41 +-----------------------------------------------+------------------------------------+------------------------------------+--------+------------------+
#15 10.41 | github.com/Azure/azure-sdk-for-go             | v56.3.0+incompatible               | v63.3.0+incompatible               | true   | true             |
#15 10.41 | github.com/aws/aws-sdk-go                     | v1.43.16                           | v1.43.44                           | true   | true             |
#15 10.41 | github.com/bshuster-repo/logrus-logstash-hook | v1.0.0                             | v1.0.2                             | true   | true             |
#15 10.41 | github.com/bugsnag/bugsnag-go                 | v0.0.0-20141110184014-b1d153021fcd | v2.1.2+incompatible                | true   | true             |
#15 10.41 | github.com/denverdino/aliyungo                | v0.0.0-20190125010748-a747050bb1ba | v0.0.0-20220419071826-816031062a6e | true   | true             |
#15 10.41 | github.com/docker/libtrust                    | v0.0.0-20150114040149-fa567046d9b1 | v0.0.0-20160708172513-aabc10ec26b7 | true   | true             |
#15 10.41 | github.com/gomodule/redigo                    | v1.8.2                             | v1.8.8                             | true   | true             |
#15 10.41 | github.com/mitchellh/mapstructure             | v1.1.2                             | v1.5.0                             | true   | true             |
#15 10.41 | github.com/ncw/swift                          | v1.0.47                            | v1.0.53                            | true   | true             |
#15 10.41 | github.com/spf13/cobra                        | v1.0.0                             | v1.4.0                             | true   | true             |
#15 10.41 | github.com/yvasiyarov/gorelic                 | v0.0.0-20141212073537-a9bba5b9ab50 | v0.0.7                             | true   | true             |
#15 10.41 | golang.org/x/crypto                           | v0.0.0-20211215153901-e495a2d5b3d3 | v0.0.0-20220411220226-7b82a4e95df4 | true   | true             |
#15 10.41 | golang.org/x/oauth2                           | v0.0.0-20190604053449-0f29369cfe45 | v0.0.0-20220411215720-9780585627b5 | true   | true             |
#15 10.41 | google.golang.org/api                         | v0.0.0-20160322025152-9bf6e6e569ff | v0.75.0                            | true   | true             |
#15 10.41 | google.golang.org/cloud                       | v0.0.0-20151119220103-975617b05ea8 | v0.101.0                           | true   | true             |
#15 10.41 | gopkg.in/check.v1                             | v1.0.0-20180628173108-788fd7840127 | v1.0.0-20201130134442-10cb98267c6c | true   | true             |
#15 10.41 +-----------------------------------------------+------------------------------------+------------------------------------+--------+------------------+
#15 DONE 10.4s

[codecov-commenter]

Codecov Report

Merging #3634 (f6ea378) into main (27b5563) will increase coverage by 0.24%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3634      +/-   ##
==========================================
+ Coverage   56.33%   56.58%   +0.24%     
==========================================
  Files         101      103       +2     
  Lines        7313     7520     +207     
==========================================
+ Hits         4120     4255     +135     
- Misses       2536     2596      +60     
- Partials      657      669      +12     

Impacted Files	Coverage Δ
...hub.com/distribution/distribution/digestset/set.go	82.14% <0.00%> (ø)
...hub.com/distribution/distribution/health/health.go	45.26% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 27b5563...f6ea378. Read the comment docs.

[milosgajdos]

I'm wondering, do we still need GO111MODULE? 🤔

[crazy-max]

Yes not necessary. In a follow-up we should remove the ci workflow and take a look at the DCO check but DCO bot might be enough?

[milosgajdos]

Yeah, I think the DCO bot should take care of that...

[wy65701436]

+1 for remove GO111MODULE

[milosgajdos]

Does this somehow automagically trigger make validate-vendor?

[crazy-max]

Yes exactly. The idea in the follow-up is to add other validators to this matrix like lint, authors, etc... See https://github.com/docker/buildx/blob/a6a1a362ad951af488fc41388f41a2d52b25f791/.github/workflows/validate.yml#L23-L25

[milosgajdos]

Oh neat!

[wy65701436]

lgtm