Merge branch 'main' into marius/release-process

.github/PULL_REQUEST_TEMPLATE/production.md

@@ -23,7 +23,7 @@ I have...
 * [ ] Confirmed this PR does not introduce changes requiring state migrations, OR migration code has been added to consumer and/or provider modules
 * [ ] Targeted the correct branch (see [PR Targeting](https://github.com/cosmos/interchain-security/blob/main/CONTRIBUTING.md#pr-targeting))
 * [ ] Provided a link to the relevant issue or specification
-* [ ] Followed the guidelines for [building SDK modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/docs/building-modules)
+* [ ] Followed the guidelines for [building SDK modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/build/building-modules/00-intro.md)
 * [ ] Included the necessary unit and integration [tests](https://github.com/cosmos/interchain-security/blob/main/CONTRIBUTING.md#testing)
 * [ ] Added a changelog entry to `CHANGELOG.md`
 * [ ] Included comments for [documenting Go code](https://blog.golang.org/godoc)

.github/issue_labeler.yml

@@ -0,0 +1,2 @@
+needs-triage: # if no label is set then set triage
+  - ''

.github/workflows/codeql.yml → .github/workflows/codeql-analysis.yml

@@ -2,18 +2,15 @@ name: "CodeQL"
 
 on:
   push:
-    branches:
-      - main
-      - feat/*
-
-    paths-ignore:
-      - "legacy_ibc_testing"
+    paths:
+      - "**.go"
   pull_request:
     branches:
       - main
+      - release/*
       - feat/*
-    paths-ignore:
-      - "legacy_ibc_testing"
+    paths:
+      - "**.go"
   schedule:
     #        ┌───────────── minute (0 - 59)
     #        │  ┌───────────── hour (0 - 23)
@@ -27,28 +24,33 @@ on:
     - cron: "30 1 * * 0"
 
 jobs:
-  CodeQL-Build:
-    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+  analyze:
+    name: Analyze
     runs-on: ubuntu-latest
-
     permissions:
-      # required for all workflows
-      security-events: write
-
-      # only required for workflows in private repositories
       actions: read
       contents: read
+      security-events: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-
+      - uses: actions/setup-go@v4
+        with:
+          go-version: "1.20"
+          check-latest: true
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         # Override language selection by uncommenting this and choosing your languages
         with:
           languages: go
+          queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main
+          packs: +crypto-com/cosmos-sdk-codeql
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below).

.github/workflows/deploy-docs.yml

@@ -31,16 +31,16 @@ jobs:
       - name: Setup Node.js 🔧
         uses: actions/setup-node@v4
         with:
-          node-version: "16.x"
+          node-version: "21.x"
 
       # npm install npm should be removed when https://github.com/npm/cli/issues/4942 is fixed
       - name: Build 🔧
         run: |
-          npm install -g npm@8.5.5
+          npm install -g npm@10.2.4
           make build-docs
 
       - name: Deploy 🚀
-        uses: JamesIves/github-pages-deploy-action@v4.4.3
+        uses: JamesIves/github-pages-deploy-action@v4.5.0
         with:
           branch: gh-pages
           folder: ~/output

.github/workflows/golangci-lint.yml

@@ -1,47 +1,34 @@
-name: golangci-lint
+name: Lint
 on:
   push:
-    tags:
-      - v*
     branches:
-      - master
       - main
+      - release/**
       - feat/*
   pull_request:
+  merge_group:
 permissions:
   contents: read
-  # Optional: allow read access to pull request. Use with `only-new-issues` option.
-  # pull-requests: read
 jobs:
   golangci:
-    name: lint
+    name: golangci-lint
     runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-go@v4
         with:
           go-version: '1.20'
-      - uses: actions/checkout@v4
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+      - uses: technote-space/[email protected]
+        id: git_diff
         with:
-          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.54.1
-
-          # Optional: working directory, useful for monorepos
-          # working-directory: somedir
-
-          # Optional: golangci-lint command line arguments.
-          args: --config=.golangci.yml
-
-          # Optional: show only new issues if it's a pull request. The default value is `false`.
-          # only-new-issues: true
-
-          # Optional: if set to true then the all caching functionality will be complete disabled,
-          #           takes precedence over all other caching options.
-          # skip-cache: true
-
-          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
-          # skip-pkg-cache: true
+          PATTERNS: |
+            **/*.go
+            go.mod
+            go.sum
+            **/go.mod
+            **/go.sum
+      - uses: actions/checkout@v4
+      - name: run linting
+        if: env.GIT_DIFF
+        run: |
+          make lint
 
-          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
-          # skip-build-cache: true

.github/workflows/gosec.yml

@@ -1,13 +1,22 @@
-name: gosec
+name: Run Gosec
 on:
-  push:
+  pull_request:
+    paths:
+      - "**/*.go"
+      - "go.mod"
+      - "go.sum"
     branches:
       - main
       - feat/*
-  pull_request:
+  push:
     branches:
       - main
       - feat/*
+    paths:
+      - "**/*.go"
+      - "go.mod"
+      - "go.sum"
+
 jobs:
   Gosec:
     runs-on: ubuntu-latest

.github/workflows/issue_labeler.yml

@@ -0,0 +1,15 @@
+name: "Issue Labeler"
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: github/[email protected]
+        if: join(github.event.issue.labels) == ''
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0 

.github/workflows/lint-pr.yml

@@ -0,0 +1,47 @@
+name: "Lint PR"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+
+jobs:
+  main:
+    permissions:
+      pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/[email protected]
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true

.github/workflows/md-link-checker.yml

@@ -0,0 +1,27 @@
+name: Check Markdown links
+on:
+  pull_request:
+    paths:
+      - "*.md"
+      - "docs/docs/**.md"
+jobs:
+  repo-root:
+    runs-on: ubuntu-latest
+    steps:
+      # Check out the latest version of the code
+      - uses: actions/checkout@v4
+      # Checks the status of hyperlinks in *.md files in the repo root
+      - uses: gaurav-nelson/[email protected]
+        with:
+          folder-path: '.'
+          max-depth: 1
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      # Check out the latest version of the code
+      - uses: actions/checkout@v4
+      # Checks the status of hyperlinks in *.md files in the docs/docs folder
+      - uses: gaurav-nelson/[email protected]
+        with:
+          folder-path: 'docs/docs'

.github/workflows/test.yml

@@ -2,6 +2,7 @@ name: Test
 on:
   workflow_call:
   pull_request:
+  merge_group:
   push:
     branches:
       - main

CHANGELOG.md

@@ -161,9 +161,9 @@ Date: June 1st, 2023
 
 Unlike prior releases, the ICS `v2.0.0` release will be based on the main branch. `v2.0.0` will contain all the accumulated PRs from the various releases below, along with other PRs that were merged, but not released to production. After `v2.0.0`, we plan to revamp release practices, and how we modularize the repo for consumer/provider.
 
-Upgrading a provider from `v1.1.0-multiden` to `v2.0.0` will require state migrations. See [migration.go](./x/ccv/provider/keeper/migration.go). See the provider module's `ConsensusVersion` in [module](./x/ccv/provider/module.go)
+Upgrading a provider from `v1.1.0-multiden` to `v2.0.0` will require state migrations. See [migration.go](x/ccv/provider/keeper/migration.go). See the provider module's `ConsensusVersion` in [module](x/ccv/provider/module.go)
 
-Upgrading a consumer from `v1.2.0-multiden` to `v2.0.0` will NOT require state migrations. See the consumer module's `ConsensusVersion` in [module](./x/ccv/consumer/module.go)
+Upgrading a consumer from `v1.2.0-multiden` to `v2.0.0` will NOT require state migrations. See the consumer module's `ConsensusVersion` in [module](x/ccv/consumer/module.go)
 
 Some PRs from v2.0.0 may reappear from other releases below. This is due to the fact that ICS v1.1.0 deviates from the commit ordering of the main branch, and other releases thereafter are based on v1.1.0.
 

CONTRIBUTING.md

@@ -109,7 +109,7 @@ If your architecture decision is a simple change, you may contribute directly wi
 
 In certain circumstances, the architecture decision may require changes to the ICS spec. Note that the spec is responsible for defining language-agnostic, implementation-agnostic behaviors for the ICS protocol. Whereas ADRs are responsible for communicating implementation decisions contained within this repo.
 
-To create an ADR, follow the [template](./docs/docs/adrs/adr-template.md) and [doc](./docs/docs/adrs/Readme.md). If you would like to see examples of how these are written, please refer to the current [ADRs](https://github.com/cosmos/interchain-security/tree/main/docs/architecture).
+To create an ADR, follow the [template](docs/docs/adrs/adr-template.md) and [doc](docs/docs/adrs/intro.md). If you would like to see examples of how these are written, please refer to the current [ADRs](docs/docs/adrs).
 
 ### ADR Proposals
 
@@ -149,7 +149,7 @@ will do it anyway using a pre-configured setup of the programming language mode)
 
 ### Testing
 
-Appropriate tests should be written with a new feature, and all existing tests should pass. See [docs/testing.md](./docs/old/testing.md) for more information.
+Appropriate tests should be written with a new feature, and all existing tests should pass. See [docs/testing.md](TESTING.md) for more information.
 
 ### Pull Requests
 

Makefile

@@ -96,7 +96,7 @@ test-trace:
 ###                                Linting                                  ###
 ###############################################################################
 
-golangci_version=v1.52.2
+golangci_version=v1.54.1
 
 lint:
 	@echo "--> Running linter"

RELEASE_NOTES.md

@@ -14,12 +14,16 @@
 ❗ ***Note this release is ONLY relevant to <consumers/providers>***
 
 ## 📝 Changelog
+** REMOVE THE LINE BELOW TO ENABLE THE MARKDOWN LINK CHECKER FOR RELEASE **
+<!-- markdown-link-check-disable -->
 
 Check out the [changelog](https://github.com/cosmos/interchain-security/blob/<v*.*.*>/CHANGELOG.md) for a list of relevant changes or [compare all changes](https://github.com/cosmos/interchain-security/compare/release/<v-last>...<v*.*.*>) from last release.
 
 <!-- Add the following line for major releases -->
 Refer to the [upgrading guide](https://github.com/cosmos/interchain-security/blob/release/<v*.x>/UPGRADING.md) when migrating from `<v-last.x>` to `<v*.x>`.
 
+** REMOVE THE LINE BELOW TO ENABLE THE MARKDOWN LINK CHECKER FOR RELEASE **
+<!-- markdown-link-check-enable -->
 ## 🚀 Highlights
 
 <!-- Add any highlights of this release -->

STATE-COMPATIBILITY.md

@@ -86,7 +86,7 @@ in CometBFT [v0.34.29](https://github.com/cometbft/cometbft/releases/tag/v0.34.2
   > This is an error code that is returned by the transaction flow. In the case of
   > success, it is `0`. On a general error, it is `1`. Additionally, each module
   > defines its custom error codes. 
-  > For example, `x/provider` currently has [these error codes](./x/ccv/provider/types/errors.go) defined.
+  > For example, `x/provider` currently has [these error codes](x/ccv/provider/types/errors.go) defined.
   >
   > As a result, it is important to avoid changing custom error codes or change
   > the semantics of what is valid logic in transaction flows.