scripts/updatebom: remove unnecessary mod override

[ivanvc]

The GOFLAGS=-mod=mod environment variable is not required, as that's the default mode. This code was likely copied from the tests, where GOFLAGS is set to -mod=readonly. So, executing the tool needs to override mod, as per the documentation, it tends to modify the go.mod file.

Spun off from: #19423.

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

[k8s-ci-robot]

@ivanvc: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-etcd-verify	a996ba7	link	true	/test pull-etcd-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.98%. Comparing base (d52bd90) to head (a996ba7).
Report is 40 commits behind head on main.

Additional details and impacted files

see 21 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #19467      +/-   ##
==========================================
+ Coverage   68.85%   68.98%   +0.12%     
==========================================
  Files         420      420              
  Lines       35762    35762              
==========================================
+ Hits        24624    24670      +46     
+ Misses       9714     9674      -40     
+ Partials     1424     1418       -6     

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d52bd90...a996ba7. Read the comment docs.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ivanvc, serathius

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• scripts/OWNERS [ivanvc,serathius]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ahrtr]

please rebase this PR and mark it ready to review, thx

[ivanvc]

There are a couple of obscure failures in the BOM generation. Finding a way to reproduce it was difficult, but I found an issue running this tool in a clean environment. Running the following command from the main branch, makes the bom generation fail:

docker run --rm -w /workspace -v $PWD:/workspace --entrypoint /bin/bash gcr.io/k8s-staging-test-infra/kubekins-e2e:v20250212-16f67660c2-master -c 'git config --global --add safe.directory /workspace && make verify-bom'

This simulates running verify-bom (and scripts/updatebom.sh) in a clean environment. The workaround I used when implementing the Go workspace was to run go mod download across all the submodules to avoid downloading dependencies when running the check.

I opened and immediately drafted this pull request because there's another obscure error that I haven't been able to reproduce in the verify job: https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/etcd-io_etcd/19467/pull-etcd-verify/1893448496992751616.

I believe the error here may be something similar, but haven't had the chance to verify it.

In theory, removing GOFLAGS=-mod=mod shouldn't affect, but it's making the script fail.

IMHO, ideally, we should stop building the BOM with this tool and switch to a modern SBOM generation tool (#18902).