feat(GoMod): Obtain the VCS info from the Go tooling

Previously, ORT's GoMod integration had a rudimentary
(re-)implementation of the Go toolings' logic for resolving the VCS infos
for the dependencies, covering only the more common use cases. For
example, the implementation is VCS host specific and cannot handle mono
repository setups at all, without an ugly workaround in the downloader,
see [1]. Furthermore, I expect many not yet known issues in the more
uncommon use cases.

Avoid all these issues by just relying on the VCS info resolution of the
Go tooling.

Note that as of Go 1.19, the `.info` files under '$GOPATH/pkg/mod' are
guaranteed to contain the VCS info of the modules in case no Go proxy
is used [2]. For now that information is only accessible by parsing the
files directly, but there are plans to make this information available
via the command line tools like `go list -json` [3].

Fixes: #5555.

[1]: https://github.com/oss-review-toolkit/ort/blob/1dc5c54de3630f0f1249a7ec56ce0a3ba87ac5f1/downloader/src/main/kotlin/VersionControlSystem.kt#L361-L366
[2]: golang/go#44742 (comment)
[3]: golang/go#18387

Signed-off-by: Frank Viernau <[email protected]>

Author: fviernau

analyzer/src/funTest/assets/projects/synthetic/gomod-expected-output.yml

@@ -136,13 +136,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/atomtree/go-spew.git"
-    revision: "v1.1.0"
+    url: "https://github.com/atomtree/go-spew"
+    revision: "346938d642f2ec3594ed81d874461961cd0faa76"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/atomtree/go-spew.git"
-    revision: "v1.1.0"
+    revision: "346938d642f2ec3594ed81d874461961cd0faa76"
     path: ""
 - id: "Go::github.com/fatih/color:1.13.0"
   purl: "pkg:golang/github.com%2Ffatih%[email protected]"
@@ -162,13 +162,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/fatih/color.git"
-    revision: "v1.13.0"
+    url: "https://github.com/fatih/color"
+    revision: "a05da93ebe62ca9fc6791d3376ec4dad01196448"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/fatih/color.git"
-    revision: "v1.13.0"
+    revision: "a05da93ebe62ca9fc6791d3376ec4dad01196448"
     path: ""
 - id: "Go::github.com/google/uuid:1.0.0"
   purl: "pkg:golang/github.com%2Fgoogle%[email protected]"
@@ -188,13 +188,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/google/uuid.git"
-    revision: "v1.0.0"
+    url: "https://github.com/google/uuid"
+    revision: "d460ce9f8df2e77fb1ba55ca87fafed96c607494"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/google/uuid.git"
-    revision: "v1.0.0"
+    revision: "d460ce9f8df2e77fb1ba55ca87fafed96c607494"
     path: ""
 - id: "Go::github.com/hashicorp/go-secure-stdlib/parseutil:0.1.6"
   purl: "pkg:golang/github.com%2Fhashicorp%2Fgo-secure-stdlib%[email protected]"
@@ -214,13 +214,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/hashicorp/go-secure-stdlib.git"
-    revision: "v0.1.6"
+    url: "https://github.com/hashicorp/go-secure-stdlib"
+    revision: "43c607d97e1d4615c5140017131807d1f0b702ff"
     path: "parseutil"
   vcs_processed:
     type: "Git"
     url: "https://github.com/hashicorp/go-secure-stdlib.git"
-    revision: "v0.1.6"
+    revision: "43c607d97e1d4615c5140017131807d1f0b702ff"
     path: "parseutil"
 - id: "Go::github.com/hashicorp/go-secure-stdlib/strutil:0.1.1"
   purl: "pkg:golang/github.com%2Fhashicorp%2Fgo-secure-stdlib%[email protected]"
@@ -240,13 +240,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/hashicorp/go-secure-stdlib.git"
-    revision: "v0.1.1"
+    url: "https://github.com/hashicorp/go-secure-stdlib"
+    revision: "1b80d53b4662d4b15ea0c23754dd81e3ae21d58b"
     path: "strutil"
   vcs_processed:
     type: "Git"
     url: "https://github.com/hashicorp/go-secure-stdlib.git"
-    revision: "v0.1.1"
+    revision: "1b80d53b4662d4b15ea0c23754dd81e3ae21d58b"
     path: "strutil"
 - id: "Go::github.com/hashicorp/go-sockaddr:1.0.2"
   purl: "pkg:golang/github.com%2Fhashicorp%[email protected]"
@@ -266,13 +266,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/hashicorp/go-sockaddr.git"
-    revision: "v1.0.2"
+    url: "https://github.com/hashicorp/go-sockaddr"
+    revision: "c7188e74f6acae5a989bdc959aa779f8b9f42faf"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/hashicorp/go-sockaddr.git"
-    revision: "v1.0.2"
+    revision: "c7188e74f6acae5a989bdc959aa779f8b9f42faf"
     path: ""
 - id: "Go::github.com/mattn/go-colorable:0.1.12"
   purl: "pkg:golang/github.com%2Fmattn%[email protected]"
@@ -292,13 +292,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/mattn/go-colorable.git"
-    revision: "v0.1.12"
+    url: "https://github.com/mattn/go-colorable"
+    revision: "e1bb79c8d53c38a60962ad4b8f658226cc983710"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/mattn/go-colorable.git"
-    revision: "v0.1.12"
+    revision: "e1bb79c8d53c38a60962ad4b8f658226cc983710"
     path: ""
 - id: "Go::github.com/mattn/go-isatty:0.0.14"
   purl: "pkg:golang/github.com%2Fmattn%[email protected]"
@@ -318,13 +318,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/mattn/go-isatty.git"
-    revision: "v0.0.14"
+    url: "https://github.com/mattn/go-isatty"
+    revision: "504425e14f742f1f517c4586048b49b37f829c8e"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/mattn/go-isatty.git"
-    revision: "v0.0.14"
+    revision: "504425e14f742f1f517c4586048b49b37f829c8e"
     path: ""
 - id: "Go::github.com/mitchellh/mapstructure:1.4.1"
   purl: "pkg:golang/github.com%2Fmitchellh%[email protected]"
@@ -344,13 +344,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/mitchellh/mapstructure.git"
-    revision: "v1.4.1"
+    url: "https://github.com/mitchellh/mapstructure"
+    revision: "8ebf2d61a8b4adcce25fc9fc9b76e8452a00672f"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/mitchellh/mapstructure.git"
-    revision: "v1.4.1"
+    revision: "8ebf2d61a8b4adcce25fc9fc9b76e8452a00672f"
     path: ""
 - id: "Go::github.com/pborman/uuid:1.2.1"
   purl: "pkg:golang/github.com%2Fpborman%[email protected]"
@@ -370,13 +370,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/pborman/uuid.git"
-    revision: "v1.2.1"
+    url: "https://github.com/pborman/uuid"
+    revision: "5b6091a6a160ee5ce12917b21ab96acec2a4fdc0"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/pborman/uuid.git"
-    revision: "v1.2.1"
+    revision: "5b6091a6a160ee5ce12917b21ab96acec2a4fdc0"
     path: ""
 - id: "Go::github.com/pmezard/go-difflib:1.0.0"
   purl: "pkg:golang/github.com%2Fpmezard%[email protected]"
@@ -396,13 +396,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/pmezard/go-difflib.git"
-    revision: "v1.0.0"
+    url: "https://github.com/pmezard/go-difflib"
+    revision: "792786c7400a136282c1664665ae0a8db921c6c2"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/pmezard/go-difflib.git"
-    revision: "v1.0.0"
+    revision: "792786c7400a136282c1664665ae0a8db921c6c2"
     path: ""
 - id: "Go::github.com/ryanuber/go-glob:1.0.0"
   purl: "pkg:golang/github.com%2Fryanuber%[email protected]"
@@ -422,13 +422,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/ryanuber/go-glob.git"
-    revision: "v1.0.0"
+    url: "https://github.com/ryanuber/go-glob"
+    revision: "51a8f68e6c24dc43f1e371749c89a267de4ebc53"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/ryanuber/go-glob.git"
-    revision: "v1.0.0"
+    revision: "51a8f68e6c24dc43f1e371749c89a267de4ebc53"
     path: ""
 - id: "Go::github.com/stretchr/testify:1.7.2"
   purl: "pkg:golang/github.com%2Fstretchr%[email protected]"
@@ -448,13 +448,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/stretchr/testify.git"
-    revision: "v1.7.2"
+    url: "https://github.com/stretchr/testify"
+    revision: "41453c009af9a942261b7a25a88521d0d6804e7f"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/stretchr/testify.git"
-    revision: "v1.7.2"
+    revision: "41453c009af9a942261b7a25a88521d0d6804e7f"
     path: ""
 - id: "Go::golang.org/x/sys:0.0.0-20220610221304-9f5ed59c137d"
   purl: "pkg:golang/golang.org%2Fx%[email protected]"
@@ -468,19 +468,19 @@ packages:
       value: ""
       algorithm: ""
   source_artifact:
-    url: "https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20220610221304-9f5ed59c137d.zip"
+    url: ""
     hash:
       value: ""
       algorithm: ""
   vcs:
-    type: ""
-    url: ""
-    revision: ""
+    type: "Git"
+    url: "https://go.googlesource.com/sys"
+    revision: "9f5ed59c137dcb0852024edd2e71af63c2d67707"
     path: ""
   vcs_processed:
-    type: ""
-    url: ""
-    revision: ""
+    type: "Git"
+    url: "https://go.googlesource.com/sys"
+    revision: "9f5ed59c137dcb0852024edd2e71af63c2d67707"
     path: ""
 - id: "Go::gopkg.in/yaml.v3:3.0.1"
   purl: "pkg:golang/gopkg.in%[email protected]"
@@ -494,17 +494,17 @@ packages:
       value: ""
       algorithm: ""
   source_artifact:
-    url: "https://proxy.golang.org/gopkg.in/yaml.v3/@v/v3.0.1.zip"
+    url: ""
     hash:
       value: ""
       algorithm: ""
   vcs:
-    type: ""
-    url: ""
-    revision: ""
+    type: "Git"
+    url: "https://gopkg.in/yaml.v3"
+    revision: "f6f7691b1fdeb513f56608cd2c32c51f8194bf51"
     path: ""
   vcs_processed:
-    type: ""
-    url: ""
-    revision: ""
+    type: "Git"
+    url: "https://gopkg.in/yaml.v3"
+    revision: "f6f7691b1fdeb513f56608cd2c32c51f8194bf51"
     path: ""

analyzer/src/funTest/assets/projects/synthetic/gomod-subpkg-expected-output.yml

@@ -43,13 +43,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/fatih/color.git"
-    revision: "v1.7.0"
+    url: "https://github.com/fatih/color"
+    revision: "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/fatih/color.git"
-    revision: "v1.7.0"
+    revision: "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
     path: ""
 - id: "Go::github.com/mattn/go-colorable:0.1.4"
   purl: "pkg:golang/github.com%2Fmattn%[email protected]"
@@ -69,13 +69,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/mattn/go-colorable.git"
-    revision: "v0.1.4"
+    url: "https://github.com/mattn/go-colorable"
+    revision: "98ec13f34aabf44cc914c65a1cfb7b9bc815aef1"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/mattn/go-colorable.git"
-    revision: "v0.1.4"
+    revision: "98ec13f34aabf44cc914c65a1cfb7b9bc815aef1"
     path: ""
 - id: "Go::github.com/mattn/go-isatty:0.0.10"
   purl: "pkg:golang/github.com%2Fmattn%[email protected]"
@@ -95,13 +95,13 @@ packages:
       algorithm: ""
   vcs:
     type: "Git"
-    url: "https://github.com/mattn/go-isatty.git"
-    revision: "v0.0.10"
+    url: "https://github.com/mattn/go-isatty"
+    revision: "88ba11cfdc67c7588b30042edf244b2875f892b6"
     path: ""
   vcs_processed:
     type: "Git"
     url: "https://github.com/mattn/go-isatty.git"
-    revision: "v0.0.10"
+    revision: "88ba11cfdc67c7588b30042edf244b2875f892b6"
     path: ""
 - id: "Go::golang.org/x/sys:0.0.0-20191008105621-543471e840be"
   purl: "pkg:golang/golang.org%2Fx%[email protected]"
@@ -115,17 +115,17 @@ packages:
       value: ""
       algorithm: ""
   source_artifact:
-    url: "https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20191008105621-543471e840be.zip"
+    url: ""
     hash:
       value: ""
       algorithm: ""
   vcs:
-    type: ""
-    url: ""
-    revision: ""
+    type: "Git"
+    url: "https://go.googlesource.com/sys"
+    revision: "543471e840be449c53d44b32c7adf1261ad67e37"
     path: ""
   vcs_processed:
-    type: ""
-    url: ""
-    revision: ""
+    type: "Git"
+    url: "https://go.googlesource.com/sys"
+    revision: "543471e840be449c53d44b32c7adf1261ad67e37"
     path: ""