clean up temporary bom data

[cpanato]

What type of PR is this?

/kind feature

What this PR does / why we need it:

• clean up temporary bom data

/assign @puerco

Which issue(s) this PR fixes:

clean up temporary bom data

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/bom/blob/main/OWNERS)~~ [cpanato] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[puerco]

/test pull-bom-check-embedded-data

[puerco]

I think this should fix https://github.com/kubernetes-sigs/bom/issues/458 ?

[cpanato]

PTAL @puerco

[puerco]

Taking a closer look at this PR, spdxTempDir is the directory that caches the SPDX license data. We intentionally leave that untouched after running to keep the parsed licenses cached for another run.

The stale tmp data mentioned in #458 is mostly downloaded go modules. These pile up after they are the are done being used for analysis and can take up GBs of data. This is the data stored in the directory defined here:

https://github.com/kubernetes-sigs/bom/blob/495c8d0e867b0494dabfad550579df8aee354139/pkg/spdx/gomod.go#L42