Remove use of go-git from Integration Tests

Question

Remove use of go-git from Integration Tests

Closed this issue 4 months ago · 0 comments

How to categorize this issue?

/area security
/kind cleanup
/priority 2

What would you like to be added:
Remove use of go-git from IT code and its vendoring.

mcm (#896)
mcm-provider-aws (gardener/machine-controller-manager-provider-aws#155)
mcm-provider-az (gardener/machine-controller-manager-provider-azure#128)
mcm-provider-gcp (gardener/machine-controller-manager-provider-gcp#107)
mcm-provider-alicloud (gardener/machine-controller-manager-provider-alicloud#71)
mcm-provider-openstack (gardener/machine-controller-manager-provider-openstack#112)

Why is this needed:
dependabot has bumped up go-git versions due to a security ticket which is causing alerts due to PGP key data in vendored tests. Since go-git is not a prime component of MCM and is only used to clone the repo in MCM tests, we can get rid of its use and vendoring. Use the git CLI to clone the MCM repo.