hack verify.sh: clean up "base"

This is a follow-up for commit beb51e1 ("make verify: run checks in
all module hack directories"). Checking only modules known to go ends
up ignoring modules which aren't dependencies, such as
./staging/src/k8s.io/code-generator/examples/hack; but the checks
should be run there too. So this finds modules by looking for go.mod
files.

Use PWD in run-checks to record failing verification scripts instead
of a hidden dependency on an externally-set variable.

Signed-off-by: Stephen Kitt <skitt@redhat.com>

hack/make-rules/verify.sh

@@ -199,7 +199,7 @@ function run-checks {
     else
       echo -e "${color_red}FAILED${color_norm}   ${check_name}\t${elapsed}s"
       ret=1
-      FAILED_TESTS+=("${base}/${t}")
+      FAILED_TESTS+=("${PWD}/${t}")
     fi
   done
 }
@@ -229,15 +229,18 @@ if ${QUICK} ; then
   echo "Running in quick mode (QUICK=true). Only fast checks will run."
 fi
 
+shopt -s globstar
 export API_KNOWN_VIOLATIONS_DIR="${KUBE_ROOT}"/api/api-rules
 ret=0
-modules=() # Pacify shellcheck
+# Modules are discovered by looking for go.mod rather than asking go
-kube::util::read-array modules < <(go list -f '{{.Dir}}' -m)
+# to ensure that modules that aren't part of the workspace and/or are
-for module in "${modules[@]}"; do
+# not dependencies are checked too.
-  base=${module%/go.mod}
+# . and staging are listed explicitly here to avoid _output
-  if [ -d "$base/hack" ]; then
+for module in ./go.mod ./staging/**/go.mod; do
-    kube::util::run-in "$base" run-checks "hack/verify-*.sh" bash
+  module="${module%/go.mod}"
-    kube::util::run-in "$base" run-checks "hack/verify-*.py" python3
+  if [ -d "$module/hack" ]; then
+    kube::util::run-in "$module" run-checks "hack/verify-*.sh" bash
+    kube::util::run-in "$module" run-checks "hack/verify-*.py" python3
   fi
 done
 missing-target-checks