Fix dependencies for the cli staging repo

[xmudrii]

Summary

It turns out that you have to specify dependencies of dependencies in the publishing-bot rules otherwise publishing-bot would fail to update direct dependencies. That's because those direct dependencies are already updated to the latest tag, and when some repo tries to pull that updated direct dependency, that fails because dependencies of direct dependency are updated.

Why that happens: it's because publishing-bot does not push to GitHub until the very end of the process. Instead, it creates modules and puts them to the cache ($GOPATH/pkg/mod/cache/download) manually, so commands such go mod download actually work. But for this, you need to also set GOPRIVATE environment variables to a list of repositories that are not yet publicly available. publishing-bot generates the value of GOPRIVATE based on specified dependencies, and that's why you have to provide all dependencies and not only direct dependencies.

A good example of that in upstream is sample-cli-plugin:

• https://github.com/kubernetes/kubernetes/blob/544dfee60a99eaec9962c3853674dc1e4d7f0c8d/staging/publishing/rules.yaml#L1070-L1085
• https://github.com/kubernetes/kubernetes/blob/544dfee60a99eaec9962c3853674dc1e4d7f0c8d/staging/src/k8s.io/sample-cli-plugin/go.mod#L9-L14

What Type of PR Is This?

/kind chore

Release Notes

NONE

/assign @xrstf @embik

[embik]

/approve

[kcp-ci-bot]

LGTM label has been added.

Details

Git tree hash: 3ce9436211cd7363d57e7ef72a172bf603d8c810

[kcp-ci-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: embik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [embik]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[xmudrii]

/test pull-kcp-test-e2e-sharded