Merge branch 'main' into shawn/throttle-with-retries-provider-changes

.github/PULL_REQUEST_TEMPLATE/production.md

@@ -30,6 +30,7 @@ I have...
 * [ ] Updated the relevant documentation or specification
 * [ ] Reviewed "Files changed" and left comments if necessary <!-- relevant if the changes are not obvious  -->
 * [ ] Confirmed all CI checks have passed
+* [ ] If this PR is library API breaking, bump the go.mod version string of the repo, and follow through on a new major release for both the consumer and provider
 
 ### Reviewers Checklist
 

.github/workflows/automated-tests.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           lfs: true
       - name: Checkout LFS objects
@@ -31,7 +31,7 @@ jobs:
   E2E_Tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           lfs: true
       - name: Checkout LFS objects
@@ -45,7 +45,7 @@ jobs:
   Cometmock_Tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           lfs: true
       - name: Checkout LFS objects

.github/workflows/build.yml

@@ -12,7 +12,7 @@ jobs:
     name: SonarCloud
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
           lfs: true

.github/workflows/codeql.yml

@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/deploy-docs.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
           fetch-depth: 0

.github/workflows/golangci-lint.yml

@@ -20,7 +20,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: '1.20'
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:

.github/workflows/gosec.yml

@@ -15,7 +15,7 @@ jobs:
       GO111MODULE: on
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Run Gosec Security Scanner
         uses: securego/gosec@master
         with:

.github/workflows/linkchecker.yml

@@ -5,7 +5,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Check out the latest version of the code
-      - uses: actions/checkout@v3.5.2
+      - uses: actions/checkout@v4
 
       # Checks the status of hyperlinks in *.md files in docs/
       - uses: gaurav-nelson/[email protected]

.github/workflows/manual-e2e.yml

@@ -12,7 +12,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -28,7 +28,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -44,7 +44,7 @@ jobs:
         - uses: actions/setup-go@v4
           with:
             go-version: "1.20"
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
         - name: Checkout LFS objects
           run: git lfs checkout
         - name: Setup Go
@@ -60,7 +60,7 @@ jobs:
         - uses: actions/setup-go@v4
           with:
             go-version: "1.20"
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
         - name: Checkout LFS objects
           run: git lfs checkout
         - name: Setup Go
@@ -76,7 +76,7 @@ jobs:
         - uses: actions/setup-go@v4
           with:
             go-version: "1.20"
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
         - name: Checkout LFS objects
           run: git lfs checkout
         - name: Setup Go
@@ -92,7 +92,7 @@ jobs:
         - uses: actions/setup-go@v4
           with:
             go-version: "1.20"
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
         - name: Checkout LFS objects
           run: git lfs checkout
         - name: Setup Go

.github/workflows/nightly-e2e.yml

@@ -25,7 +25,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -41,7 +41,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -57,7 +57,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -73,7 +73,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -89,7 +89,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go
@@ -105,7 +105,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.20"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Checkout LFS objects
         run: git lfs checkout
       - name: Setup Go

.github/workflows/proto-registry.yml

@@ -12,7 +12,7 @@ jobs:
   push:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: bufbuild/[email protected]
       - uses: bufbuild/buf-push-action@v1
         with:

.github/workflows/proto.yml

@@ -13,7 +13,7 @@ jobs:
   break-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: bufbuild/[email protected]
       - uses: bufbuild/buf-breaking-action@v1
         with:

CHANGELOG.md

@@ -1,17 +1,33 @@
 # CHANGELOG
 
-## [Unreleased]
+## [Unreleased for Provider]
 
-Add an entry to the unreleased section whenever merging a PR to main that is not targeted at a specific release. These entries will eventually be included in a release.
+Add an entry to the unreleased provider section whenever merging a PR to main that is not targeted at a specific release. These entries will eventually be included in a provider release.
 
 * (feat!) throttle with retries provider changes [#1230](https://github.com/cosmos/interchain-security/pull/1230)
+* (feature!) [#1244](https://github.com/cosmos/interchain-security/pull/1244) Update the default consumer unbonding period to 2 weeks.
+* (deps) [#1259](https://github.com/cosmos/interchain-security/pull/1259) Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to [v0.47.5](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.5).
+* (deps!) [#1258](https://github.com/cosmos/interchain-security/pull/1258) Bump [ibc-go](https://github.com/cosmos/ibc-go) to [v7.3.0](https://github.com/cosmos/ibc-go/releases/tag/v7.3.0).
+* (deps) [#1258](https://github.com/cosmos/interchain-security/pull/1258) Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to [v0.47.4](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.4).
 * (deps!) [#1196](https://github.com/cosmos/interchain-security/pull/1196) Bump [ibc-go](https://github.com/cosmos/ibc-go) to [v7.2.0](https://github.com/cosmos/ibc-go/releases/tag/v7.2.0).
 * `[x/ccv/provider]` (fix) [#1076](https://github.com/cosmos/interchain-security/pull/1076) Add `InitTimeoutTimestamps` and `ExportedVscSendTimestamps` to exported genesis.
-* (feat!) [#1024](https://github.com/cosmos/interchain-security/pull/1024) throttle with retries, consumer changes  
-* (fix!) revert consumer packet data changes from #1037 [#1150](https://github.com/cosmos/interchain-security/pull/1150)
-* (fix!) proper deletion of pending packets [#1146](https://github.com/cosmos/interchain-security/pull/1146)
-* (feat!) optimize pending packets storage on consumer, with migration! [#1037](https://github.com/cosmos/interchain-security/pull/1037)
-* (feat) introduce the gRPC query `/interchain_security/ccv/consumer/provider-info` and CLI command `interchain-security-cd q ccvconsumer provider-info`to retrieve provider info from the consumer chain.
+
+## [Unreleased for Consumer]
+
+Add an entry to the unreleased consumer section whenever merging a PR to main that is not targeted at a specific release. These entries will eventually be included in a consumer release.
+
+* (feature!) [#1244](https://github.com/cosmos/interchain-security/pull/1244) Update the default consumer unbonding period to 2 weeks.
+* (fix!) [#1244](https://github.com/cosmos/interchain-security/pull/1244) Validate token transfer messages before calling `Transfer()`.
+* (deps) [#1259](https://github.com/cosmos/interchain-security/pull/1259) Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to [v0.47.5](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.5).
+* (deps!) [#1258](https://github.com/cosmos/interchain-security/pull/1258) Bump [ibc-go](https://github.com/cosmos/ibc-go) to [v7.3.0](https://github.com/cosmos/ibc-go/releases/tag/v7.3.0).
+* (deps) [#1258](https://github.com/cosmos/interchain-security/pull/1258) Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to [v0.47.4](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.4).
+* (deps!) [#1196](https://github.com/cosmos/interchain-security/pull/1196) Bump [ibc-go](https://github.com/cosmos/ibc-go) to [v7.2.0](https://github.com/cosmos/ibc-go/releases/tag/v7.2.0).
+* (feat!) [#1024](https://github.com/cosmos/interchain-security/pull/1024) Throttle with retries, consumer changes.  
+* (fix!) [#1150](https://github.com/cosmos/interchain-security/pull/1150) Revert consumer packet data changes from #1037. 
+* (fix!) [#1146](https://github.com/cosmos/interchain-security/pull/1146) Proper deletion of pending packets.
+* (feat!) [#1037](https://github.com/cosmos/interchain-security/pull/1037) Optimize pending packets storage on consumer, with migration. 
+* (feat) [#1164](https://github.com/cosmos/interchain-security/pull/1164) Introduce the gRPC query `/interchain_security/ccv/consumer/provider-info` and CLI command `interchain-security-cd q ccvconsumer provider-info` to retrieve provider info from the consumer chain.
+* (fix!) [#1262](https://github.com/cosmos/interchain-security/pull/1262) Remove incorrect address validation on `ProviderFeePoolAddrStr` param 
 
 ## v3.1.0
 

CONTRIBUTING.md

@@ -247,9 +247,9 @@ ICS adheres to the [trunk based development branching model](https://trunkbasedd
 
 ICS follows [semantic versioning](https://semver.org), but with the following deviations (similar to [IBC-Go](https://github.com/cosmos/ibc-go/blob/main/RELEASES.md)):
 
-- A library API breaking change will result in an increase of the MAJOR version number (X.y.z | x > 0). 
-- A state breaking change (change requiring coordinated upgrade and/or state migration for the consumer, the provider, or both) will result in an increase of the MINOR version number (x.Y.z | x > 0).
-- Any other changes (including node API breaking changes) will result in an increase of the PATCH version number (x.y.Z | x > 0).
+- A library API breaking change to EITHER the provider or consumer module will result in an increase of the MAJOR version number for BOTH modules (X.y.z-provider AND X.y.z-consumer).
+- A state breaking change (change requiring coordinated upgrade and/or state migration) will result in an increase of the MINOR version number for the AFFECTED module(s) (x.Y.z-provider AND/OR x.Y.z-consumer).
+- Any other changes (including node API breaking changes) will result in an increase of the PATCH version number for the AFFECTED module(s) (x.y.Z-provider AND/OR x.y.Z-consumer).
 
 ### Backwards Compatibility
 

RELEASE_NOTES.md

@@ -1,12 +1,15 @@
 <!--
   A release notes template that should be adapted for every release
-    - release: <v*.*.*>
-    - release branch: <v*.*.x>
-    - the last release: <v-last> 
-    - the last release branch: <v-last.x>
+    - release: <v*.*.*>-<consumer/provider>
+    - release branch: release/<v*.*.x>-<consumer/provider>
 -->
 
-# Replicated Security <v*.*.*>  Release Notes 
+# Replicated Security <v*.*.*>-<consumer/provider>  Release Notes
+
+<!--
+  Please indicate whether this release is relevant to consumers or providers.
+-->
+## Note this release is ONLY relevant to <consumers/providers>
 
 ## 📝 Changelog
 

docs/docs/adrs/adr-012-separate-releasing.md

@@ -0,0 +1,76 @@
+---
+sidebar_position: 13
+title: Separate Releasing
+---
+# ADR 012: Separate Releasing
+
+## Changelog
+
+* {8/18/22}: Initial draft of idea in [#801](https://github.com/cosmos/interchain-security/issues/801)
+* {8/22/22}: Put idea in this ADR
+
+## Status
+
+Accepted
+
+## Context
+
+### Spike results
+
+I explored the idea of [#801](https://github.com/cosmos/interchain-security/issues/801) with this [spike branch](https://github.com/cosmos/interchain-security/tree/shawn%2Fgo-mod-split-aug-spike). Here's my conclusions:
+
+Splitting this repo to have multiple go.mods is possible. However there are various intricacies involved in decoupling the package hierarchy to have `x/ccv/types` as the lowest level dep, with `x/ccv/consumer` and `x/ccv/provider` being one dep layer above, with high-level tests depending on all three of the mentioned packages. I'd estimate this decoupling would take 2-5 workdays to finish, and require significant review effort.
+
+### Why go.mod split is not the way to go
+
+Let's take a step back and remember the issue we're trying to solve - **We need a clean way to decouple semver/releasing for the consumer and provider modules**. After more consideration, splitting up go.mods gives us little benefit in achieving this. Reasons:
+
+* The `go.mod` dependency system is tied to git tags for the entire repo (ex: `require github.com/cometbft/cometbft v0.37.2` refers to a historical tag for the entire cometbft repo).
+* It'd be an odd dev experience to allow modules to reference past releases of other modules in the same repo. When would we ever want the consumer module to reference a past release of the types module for example?
+* If we allow for `go.mod` replace statements to build from local source code, why split up the package deps at all?
+* Splitting go.mods adds a bunch of complexity with `go.work` files and all that shiz. VSCode does not play well with multiple module repos either.
+
+### Why separate repos is cool but also not the way to go
+
+All this considered, the cleanest solution to decoupling semver/releasing for the consumer and provider modules would be to have multiple repos, each with their own go.mod (3-4 repos total including high level tests). With this scheme we could separately tag each repo as changes are merged, they could share some code from `types` being an external dep, etc.
+
+I don't think any of us want to split up the monorepo, that's a lot of work and seems like bikeshedding. There's another solution that's very simple..  
+
+## Decision
+
+Slightly adapting [the current semver ruleset](https://github.com/cosmos/interchain-security/blob/cca008d856e3ffc60ec1a486871d0faa702abe26/CONTRIBUTING.md#semantic-versioning):
+
+* A library API breaking change to EITHER the provider or consumer module will result in an increase of the MAJOR version number for BOTH modules (X.y.z-provider AND X.y.z-consumer).
+* A state breaking change (change requiring coordinated upgrade and/or state migration) will result in an increase of the MINOR version number for the AFFECTED module(s) (x.Y.z-provider AND/OR x.Y.z-consumer).
+* Any other changes (including node API breaking changes) will result in an increase of the PATCH version number for the AFFECTED module(s) (x.y.Z-provider AND/OR x.y.Z-consumer).
+
+### Example release flow
+
+We upgrade `main` to use a new version of SDK. This is a major version bump, triggering a new release for both the provider and consumer modules, `v5.0.0-provider` and `v5.0.0-consumer`.
+
+* A state breaking change is merged to `main` for the provider module. We release only a `v5.1.0-provider` off main.
+* Another state breaking change is merged to `main` for the provider module. We release only a `v5.2.0-provider` off main.
+* At this point, the latest consumer version is still `v5.0.0-consumer`. We now merge a state breaking change for the consumer module to `main`, and consequently release `v5.1.0-consumer`. Note that `v5.1.0-consumer` is tagged off a LATER commit from main than `v5.2.0-provider`. This is fine, as the consumer module should not be affected by the provider module's state breaking changes.
+* Once either module sees a library API breaking change, we bump the major version for both modules. For example, we merge a library API breaking change to `main` for the provider module. We release `v6.0.0-provider` and `v6.0.0-consumer` off main. Note that most often, a library API breaking change will affect both modules simultaneously (example being bumping sdk version).
+
+## Consequences
+
+### Positive
+
+* Consumer repos have clear communication of what tagged versions are relevant to them. Consumer devs should know to never reference an ICS version that starts with `provider`, even if it'd technically build.
+* Consumer and provider modules do not deviate as long as we continually release off a shared main branch. Backporting remains relatively unchanged besides being explicit about what module(s) your changes should affect.
+* No code changes, just changes in process. Very simple.
+
+### Negative
+
+* Slightly more complexity.
+* This solution does not allow having provider and consumer on separate versions of e.g. the Cosmos SDK
+
+### Neutral
+
+## References
+
+> Are there any relevant PR comments, issues that led up to this, or articles referenced for why we made the given design choice? If so link them here!
+
+* [#801](https://github.com/cosmos/interchain-security/issues/801)
+* [#801 comment](https://github.com/cosmos/interchain-security/issues/801#issuecomment-1683349298)