Fail CI build if scripts/gazelle.sh dirties the working copy
Test Plan:
master happened to have an extra go.mod dependency that was caught:
```lang=diff
Unclean working directory after running scripts/gazelle.sh:
diff --git a/go.mod b/go.mod
index 9ff6291..bfea6de 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,6 @@ require (
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 // indirect
- github.com/golang/protobuf v1.3.2
github.com/google/go-cmp v0.3.1 // indirect
github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4
github.com/google/go-tpm-tools v0.0.0-20190731025042-f8c04ff88181
```
Bug: T561
X-Origin-Diff: phab/D371
GitOrigin-RevId: 13a24e85589c4f015cb476a9b817fd570871298e
diff --git a/scripts/run_ci.sh b/scripts/run_ci.sh
index c95ed6e..302bcfd 100755
--- a/scripts/run_ci.sh
+++ b/scripts/run_ci.sh
@@ -44,6 +44,20 @@
podman pod create --name ${POD}
+podman run \
+ --rm \
+ -v $(pwd):/work \
+ -v ${CACHE_VOLUME}:/user/.cache/bazel/_bazel_root \
+ --privileged \
+ ${TAG} \
+ scripts/gazelle.sh
+
+if [[ ! -z "$(git status --porcelain)" ]]; then
+ echo "Unclean working directory after running scripts/gazelle.sh:"
+ git diff HEAD
+ exit 1
+fi
+
podman run -d \
--pod ${POD} \
--ulimit nofile=262144:262144 \