internal: check deps as part of

While we're in the $GOPATH transitionary period, a dependency could
accidentally find its way into our require statements without being codified in
go.mod/go.sum. This CL makes our CI check for such a case, and exit 1 if it
detects it.

Change-Id: Ie087bc8ef91e9099d4520c4b55863de36d977c27
Reviewed-by: Eno Compton <>
Reviewed-by: kokoro <>
diff --git a/internal/kokoro/ b/internal/kokoro/
index e81d04e..0bfec23 100755
--- a/internal/kokoro/
+++ b/internal/kokoro/
@@ -14,11 +14,8 @@
-# Fail on any error
-set -eo
-# Display commands being run
-set -x
+# Fail on error, and display commands being run.
+set -ex
 # Only run the linter on go1.11, since it needs type aliases (and we only care about its output once).
 # TODO(deklerk) We should pass an environment variable from kokoro to decide this logic instead.
@@ -28,12 +25,17 @@
+# Fail if a dependency was added without the necessary go.mod/go.sum change
+# being part of the commit.
+GO111MODULE=on go mod tidy
+git diff go.mod | tee /dev/stderr | (! read)
+git diff go.sum | tee /dev/stderr | (! read)
 try3() { eval "$*" || eval "$*" || eval "$*"; }
 try3 go get -u \ \ \
- \
 # Look at all .go files (ignoring .pb.go files) and make sure they have a Copyright. Fail if any don't.