diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 0000000..cc2ac63 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,30 @@ +--- +name: Bug Report +about: Create a report to help us squash bugs! +title: "[Bug]: " +labels: "T:Bug" +--- + + + + + +## Summary of Bug + + + +## Version + + + +## Steps to Reproduce + + diff --git a/.github/ISSUE_TEMPLATE/epics.md b/.github/ISSUE_TEMPLATE/epics.md new file mode 100644 index 0000000..70e4ab5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/epics.md @@ -0,0 +1,31 @@ +--- +name: Epic +about: Create an epic/user +title: "[Epic]: " +labels: T:Epic +--- + + + +## Summary + + + +## Problem Definition + + + +## Work Breakdown + + diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md new file mode 100644 index 0000000..f46e9f1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -0,0 +1,28 @@ +--- +name: Feature Request +about: Create a proposal to request a feature +title: "[Feature]: " +labels: T:feature-request +--- + + + +## Summary + + + +## Problem Definition + + + +## Proposal + + diff --git a/.github/ISSUE_TEMPLATE/module-readiness-checklist.md b/.github/ISSUE_TEMPLATE/module-readiness-checklist.md new file mode 100644 index 0000000..4e6bebe --- /dev/null +++ b/.github/ISSUE_TEMPLATE/module-readiness-checklist.md @@ -0,0 +1,40 @@ +--- +name: Module Readiness Checklist +about: Pre-flight checklist that modules must pass in order to be included in a release of the Cosmos SDK +labels: 'module-readiness-checklist' +--- + +## x/{MODULE_NAME} Module Readiness Checklist + +This checklist is to be used for tracking the final internal audit of new Cosmos SDK modules prior to inclusion in a published release. + +### Release Candidate Checklist + +The following checklist should be gone through once the module has been fully implemented. This audit should be performed directly on `main`, or preferably on a `alpha` or `beta` release tag that includes the module. + +The module **should not** be included in any Release Candidate tag until it has passed this checklist. + +- [ ] API audit (at least 1 person) (@assignee) + - [ ] Are Msg and Query methods and types well-named and organized? + - [ ] Is everything well documented (inline godoc as well as the spec [README.md](https://github.com/cosmos/cosmos-sdk/blob/main/docs/spec/SPEC-SPEC.md) in module directory) +- [ ] State machine audit (at least 2 people) (@assignee1, @assignee2) + - [ ] Read through MsgServer code and verify correctness upon visual inspection + - [ ] Ensure all state machine code which could be confusing is properly commented + - [ ] Make sure state machine logic matches Msg method documentation + - [ ] Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient (at least 90% coverage on module code) + - [ ] Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method + - [ ] Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed +- [ ] Completeness audit, fully implemented with tests (at least 1 person) (@assignee) + - [ ] Genesis import and export of all state + - [ ] Query services + - [ ] CLI methods + - [ ] All necessary migration scripts are present (if this is an upgrade of existing module) + +### Published Release Checklist + +After the above checks have been audited and the module is included in a tagged Release Candidate, the following additional checklist should be undertaken for live testing, and potentially a 3rd party audit (if deemed necessary): + +- [ ] Testnet / devnet testing (2-3 people) (@assignee1, @assignee2, @assignee3) + - [ ] All Msg methods have been tested especially in light of any potential threats identified + - [ ] Genesis import and export has been tested +- [ ] Nice to have (and needed in some cases if threats could be high): Official 3rd party audit diff --git a/.github/ISSUE_TEMPLATE/qa.md b/.github/ISSUE_TEMPLATE/qa.md new file mode 100644 index 0000000..6b0ef14 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/qa.md @@ -0,0 +1,87 @@ + + +## Summary + + + +## Major Changes + + + +## Gotchas + + + +## QA Breakdown + +* Audit + * [ ] Audit BaseApp + * [ ] Audit Types + * [ ] Audit x/auth + * [ ] Audit x/authz + * [ ] Audit x/bank + * [ ] Audit x/circuit + * [ ] Audit x/consensus + * [ ] Audit x/crisis + * [ ] Audit x/distribution + * [ ] Audit x/evidence + * [ ] Audit x/feegrant + * [ ] Audit x/genutil + * [ ] Audit x/gov + * [ ] Audit x/group + * [ ] Audit x/mint + * [ ] Audit x/nft + * [ ] Audit x/simulation + * [ ] Audit x/slashing + * [ ] Audit x/staking + * [ ] Audit x/tx + * [ ] Audit x/upgrade + * [ ] Audit client + * [ ] Audit server + * [ ] Audit store + * [ ] Audit runtime + * [ ] Audit simapp +* [ ] Release alpha +* [ ] Cosmos-SDK testnet +* [ ] Public testnet (IBC, WASM, SDK) +* [ ] Upgrade a chain with data from vX +* Release documentation + * [ ] Audit UPGRADING.md + * [ ] Update all codeblock to the appropriate version number + + +### Audit checklist + +* please copy to a markdown to follow while you walk through the code +* 2 people should be assigned to each section + +* [ ] API audit + * spec audit: check if the spec is complete. + * Are Msg and Query methods and types well-named and organized? + * Is everything well documented (inline godoc as well as package [`README.md`](https://docs.cosmos.network/main/spec/SPEC_MODULE#common-layout) in module directory) + * check the proto definition - make sure everything is in accordance to ADR-30 (at least 1 person, TODO assignee) + * Check new fields and endpoints have the `Since: cosmos-sdk X` comment +* [ ] Completeness audit, fully implemented with tests + * [ ] Genesis import and export of all state + * [ ] Query services + * [ ] CLI methods + * [ ] All necessary migration scripts are present (if this is an upgrade of existing module) +* [ ] State machine audit + * [ ] Read through MsgServer code and verify correctness upon visual inspection + * [ ] Ensure all state machine code which could be confusing is properly commented + * [ ] Make sure state machine logic matches Msg method documentation + * [ ] Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient (at least 90% coverage on module code) + * [ ] Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method. Specifically we should be paying attention to: + * [ ] algorithmic complexity and places this could be exploited (ex. nested `for` loops) + * [ ] charging gas complex computation (ex. `for` loops) + * [ ] storage is safe (we don't pollute the state). + * [ ] Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed + * [ ] Check correctness of simulation implementation if any +* [ ] Audit Changelog against commit log, ensuring all breaking changes, bug fixes, and improvements are properly documented. + +If any changes are needed, please make them against main and backport them to release/vX.X.x diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef76a10 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,50 @@ + + +## Description + +Closes: #XXXX + + + +--- + +### Author Checklist + +*All items are required. Please add a note to the item if the item is not applicable and +please add links to any relevant follow up issues.* + +I have... + +* [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title +* [ ] added `!` to the type prefix if API or client breaking change +* [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) +* [ ] provided a link to the relevant issue or specification +* [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/docs/building-modules) +* [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing) +* [ ] added a changelog entry to `CHANGELOG.md` +* [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) +* [ ] updated the relevant documentation or specification +* [ ] reviewed "Files changed" and left comments if necessary +* [ ] confirmed all CI checks have passed + +### Reviewers Checklist + +*All items are required. Please add a note if the item is not applicable and please add +your handle next to the items reviewed if you only reviewed selected items.* + +I have... + +* [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title +* [ ] confirmed `!` in the type prefix if API or client breaking change +* [ ] confirmed all author checklist items have been addressed +* [ ] reviewed state machine logic +* [ ] reviewed API design and naming +* [ ] reviewed documentation is accurate +* [ ] reviewed tests and test coverage +* [ ] manually tested (if applicable) diff --git a/.github/PULL_REQUEST_TEMPLATE/docs.md b/.github/PULL_REQUEST_TEMPLATE/docs.md new file mode 100644 index 0000000..a5955a5 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/docs.md @@ -0,0 +1,38 @@ +## Description + +Closes: #XXXX + + + + +--- + +### Author Checklist + +*All items are required. Please add a note to the item if the item is not applicable and +please add links to any relevant follow up issues.* + +I have... + +- [ ] included the correct `docs:` prefix in the PR title +- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) +- [ ] provided a link to the relevant issue or specification +- [ ] followed the [documentation writing guidelines](https://github.com/cosmos/cosmos-sdk/blob/main/docs/DOC_WRITING_GUIDELINES.md) +- [ ] reviewed "Files changed" and left comments if necessary +- [ ] confirmed all CI checks have passed + +### Reviewers Checklist + +*All items are required. Please add a note if the item is not applicable and please add +your handle next to the items reviewed if you only reviewed selected items.* + +I have... + +- [ ] confirmed the correct `docs:` prefix in the PR title +- [ ] confirmed all author checklist items have been addressed +- [ ] confirmed that this PR only changes documentation +- [ ] reviewed content for consistency +- [ ] reviewed content for thoroughness +- [ ] reviewed content for spelling and grammar +- [ ] tested instructions (if applicable) diff --git a/.github/PULL_REQUEST_TEMPLATE/other.md b/.github/PULL_REQUEST_TEMPLATE/other.md new file mode 100644 index 0000000..b4f1915 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/other.md @@ -0,0 +1,32 @@ +## Description + +Closes: #XXXX + + + +--- + +### Author Checklist + +*All items are required. Please add a note to the item if the item is not applicable and +please add links to any relevant follow up issues.* + +I have... + +- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title +- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) +- [ ] provided a link to the relevant issue or specification +- [ ] reviewed "Files changed" and left comments if necessary +- [ ] confirmed all CI checks have passed + +### Reviewers Checklist + +*All items are required. Please add a note if the item is not applicable and please add +your handle next to the items reviewed if you only reviewed selected items.* + +I have... + +- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title +- [ ] confirmed all author checklist items have been addressed +- [ ] confirmed that this PR does not change production code diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..e4635d7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,276 @@ +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + time: "01:00" + + - package-ecosystem: npm + directory: "/docs" + schedule: + interval: weekly + # DevRel should review docs updates + assignees: + - "julienrbrt" + + - package-ecosystem: gomod + directory: "/" + schedule: + interval: daily + time: "01:05" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/simapp" + schedule: + interval: daily + time: "01:10" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/tests" + schedule: + interval: weekly + day: monday + time: "01:15" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/api" + schedule: + interval: weekly + day: tuesday + time: "01:20" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/orm" + schedule: + interval: weekly + day: wednesday + time: "01:25" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/core" + schedule: + interval: weekly + day: thursday + time: "01:30" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/depinject" + schedule: + interval: weekly + day: friday + time: "01:35" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/errors" + schedule: + interval: weekly + day: monday + time: "01:40" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/math" + schedule: + interval: weekly + day: tuesday + time: "01:45" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/client/v2" + schedule: + interval: weekly + day: wednesday + time: "01:50" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/x/tx" + schedule: + interval: weekly + day: thursday + time: "01:55" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/tools/cosmovisor" + schedule: + interval: weekly + day: friday + time: "02:00" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/tools/rosetta" + schedule: + interval: weekly + day: monday + time: "02:05" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/tools/confix" + schedule: + interval: weekly + day: tuesday + time: "02:10" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/tools/hubl" + schedule: + interval: weekly + day: thursday + time: "02:15" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/collections" + schedule: + interval: weekly + day: friday + time: "02:20" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/x/nft" + schedule: + interval: weekly + day: monday + time: "02:25" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/x/circuit" + schedule: + interval: weekly + day: tuesday + time: "02:30" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "x/feegrant" + schedule: + interval: weekly + day: wednesday + time: "02:35" + labels: + - "A:automerge" + - dependencies + + - package-ecosystem: gomod + directory: "/x/evidence" + schedule: + interval: weekly + day: thursday + time: "02:40" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "/store" + schedule: + interval: weekly + day: friday + time: "02:45" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "x/upgrade" + schedule: + interval: weekly + day: monday + time: "02:50" + labels: + - "A:automerge" + - dependencies + - package-ecosystem: gomod + directory: "log" + schedule: + interval: weekly + day: tuesday + time: "02:55" + labels: + - "A:automerge" + - dependencies + + # Dependencies should be up to date on release branch + - package-ecosystem: gomod + directory: "/" + target-branch: "release/v0.47.x" + schedule: + interval: daily + time: "03:00" + labels: + - "A:automerge" + - dependencies + - "testing-required" + allow: + - dependency-name: "github.com/cosmos/cosmos-sdk/*" + dependency-type: "all" + - dependency-name: "github.com/cosmos/*" + dependency-type: "all" + - dependency-name: "cosmossdk.io/*" + dependency-type: "all" + - dependency-name: "github.com/cometbft/*" + dependency-type: "all" + ignore: + - dependency-name: "github.com/cometbft/cometbft" + # cometbft 0.37 is not semver, but we want to only update "patch" versions for 0.37.x + update-types: + ["version-update:semver-major", "version-update:semver-minor"] + + - package-ecosystem: gomod + directory: "/" + target-branch: "release/v0.50.x" + schedule: + interval: daily + time: "03:00" + labels: + - "A:automerge" + - dependencies + - "testing-required" + allow: + - dependency-name: "github.com/cosmos/cosmos-sdk/*" + dependency-type: "all" + - dependency-name: "github.com/cosmos/*" + dependency-type: "all" + - dependency-name: "cosmossdk.io/*" + dependency-type: "all" + - dependency-name: "github.com/cometbft/*" + dependency-type: "all" + ignore: + - dependency-name: "github.com/cometbft/cometbft" + # cometbft 0.38 is not semver, but we want to only update "patch" versions for 0.38.x + update-types: + ["version-update:semver-major", "version-update:semver-minor"] diff --git a/.github/issue_labeler.yml b/.github/issue_labeler.yml new file mode 100644 index 0000000..cd0e254 --- /dev/null +++ b/.github/issue_labeler.yml @@ -0,0 +1,2 @@ +needs-triage: # if no label is set then set triage + - '' diff --git a/.github/pr_labeler.yml b/.github/pr_labeler.yml new file mode 100644 index 0000000..f196ff4 --- /dev/null +++ b/.github/pr_labeler.yml @@ -0,0 +1,77 @@ +"C:x/auth": + - x/auth/**/* +"C:x/authz": + - x/authz/**/* +"C:x/bank": + - x/bank/**/* +"C:x/crisis": + - x/crisis/**/* +"C:x/distribution": + - x/distribution/**/* +"C:x/evidence": + - x/evidence/**/* +"C:x/feegrant": + - x/feegrant/**/* +"C:x/genutil": + - x/genutil/**/* +"C:x/gov": + - x/gov/**/* +"C:x/group": + - x/group/**/* +"C:x/mint": + - x/mint/**/* +"C:x/nft": + - x/nft/**/* +"C:x/params": + - x/params/**/* +"C:Simulations": + - x/simulation/**/* + - x/*/simulation/**/* +"C:x/slashing": + - x/slashing/**/* +"C:x/staking": + - x/staking/**/* +"C:x/upgrade": + - x/upgrade/**/* +"C:x/consensus": + - x/consensus/**/* +"C:x/circuit": + - x/circuit/**/* +"C:x/tx": + - x/tx/**/* +"C:collections": + - collections/**/* +"C:Cosmovisor": + - tools/cosmovisor/**/* +"C:Rosetta": + - contrib/rosetta/**/* + - tools/rosetta/**/* +"C:Confix": + - tools/confix/**/* +"C:Hubl": + - tools/hubl/**/* +"C:Keys": + - client/keys/**/* +"Type: Build": + - Makefile + - Dockerfile + - docker-compose.yml + - scripts/* +"Type: CI": + - .github/**/*.yml + - buf.yaml + - .mergify.yml + - .golangci.yml +"C:CLI": + - client/**/* + - x/*/client/**/* +"Type: ADR": + - docs/architecture/**/* +"C:container": + - container/**/* +"C:Store": + - store/**/* +"C:orm": + - orm/**/* +"C:log": + - log/* diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..60e734b --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,63 @@ +name: Build SimApp +# This workflow is run on pushes to main & every Pull Requests where a .go, .mod, .sum have been changed +on: + pull_request: + merge_group: + push: + branches: + - main + - release/** +permissions: + contents: read + +concurrency: + group: ci-${{ github.ref }}-build + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + go-arch: ["amd64", "arm", "arm64"] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true + - uses: technote-space/get-diff-action@v6.1.2 + id: git_diff + with: + PATTERNS: | + **/*.go + go.mod + go.sum + **/go.mod + **/go.sum + **/Makefile + Makefile + ################### + #### Build App #### + ################### + - name: Build + if: env.GIT_DIFF + run: GOARCH=${{ matrix.go-arch }} make build + - name: Build Legacy + if: env.GIT_DIFF + run: GOARCH=${{ matrix.go-arch }} COSMOS_BUILD_OPTIONS=legacy make build + ################### + ## Build Tooling ## + ################### + - name: Build Cosmovisor + if: env.GIT_DIFF + run: GOARCH=${{ matrix.go-arch }} make cosmovisor + - name: Build Rosetta + if: env.GIT_DIFF + run: GOARCH=${{ matrix.go-arch }} make rosetta + - name: Build Confix + if: env.GIT_DIFF + run: GOARCH=${{ matrix.go-arch }} make confix + - name: Build Hubl + if: env.GIT_DIFF + run: GOARCH=${{ matrix.go-arch }} make hubl diff --git a/.github/workflows/changelog-reminder.yml b/.github/workflows/changelog-reminder.yml new file mode 100644 index 0000000..8e04a4a --- /dev/null +++ b/.github/workflows/changelog-reminder.yml @@ -0,0 +1,19 @@ +# Checks if a changelog is missing in the PR diff +name: Changelog Reminder +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + paths: ["**/*.go"] +permissions: + pull-requests: write +jobs: + remind: + name: Changelog Reminder + runs-on: ubuntu-latest + # Skip draft PRs and PRs starting with: revert, test, chore, ci, docs, style, build, refactor + if: "!github.event.pull_request.draft && !contains(github.event.pull_request.title, 'revert') && !contains(github.event.pull_request.title, 'test') && !contains(github.event.pull_request.title, 'chore') && !contains(github.event.pull_request.title, 'ci') && !contains(github.event.pull_request.title, 'docs') && !contains(github.event.pull_request.title, 'style') && !contains(github.event.pull_request.title, 'build') && !contains(github.event.pull_request.title, 'refactor')" + steps: + - uses: actions/checkout@v3 + - uses: mskelton/changelog-reminder-action@v3 + with: + message: "@${{ github.actor }} your pull request is missing a changelog!" diff --git a/.github/workflows/clean-action-artifacts.yml b/.github/workflows/clean-action-artifacts.yml new file mode 100644 index 0000000..b84b15d --- /dev/null +++ b/.github/workflows/clean-action-artifacts.yml @@ -0,0 +1,17 @@ +name: Remove GitHub Action Old Artifacts + +on: + schedule: + # Every day at 1am + - cron: "0 1 * * *" + +jobs: + remove-old-artifacts: + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - name: Remove old artifacts + uses: c-hive/gha-remove-artifacts@v1 + with: + age: "7 days" diff --git a/.github/workflows/consensuswarn.yml b/.github/workflows/consensuswarn.yml new file mode 100644 index 0000000..c2944e3 --- /dev/null +++ b/.github/workflows/consensuswarn.yml @@ -0,0 +1,19 @@ +name: "Warn about consensus code changes" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +jobs: + main: + permissions: + pull-requests: write # For reading the PR and posting comment + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: orijtech/consensuswarn@main + with: + roots: "github.com/cosmos/cosmos-sdk/baseapp.BaseApp.PrepareProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.ProcessProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.FinalizeBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.Commit,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.VerifyVoteExtension" diff --git a/.github/workflows/dependabot-update-all.yml b/.github/workflows/dependabot-update-all.yml new file mode 100644 index 0000000..5f6342a --- /dev/null +++ b/.github/workflows/dependabot-update-all.yml @@ -0,0 +1,38 @@ +name: Dependabot Update All Go Modules +on: pull_request + +permissions: + pull-requests: write + +jobs: + update-all: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + ref: ${{ github.event.pull_request.head.ref }} + # Secret to be added in the repo under Settings > Secrets > Dependabot + token: ${{ secrets.PRBOT_PAT }} + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true + - name: Extract updated dependency + id: deps + run: | + # Extract the dependency name from the PR title + # Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0" + # Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0" + echo "::set-output name=name::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)" + echo "::set-output name=version::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 7)" + - name: Update all Go modules + run: | + ./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }} + ./scripts/go-mod-tidy-all.sh + - name: Commit changes + uses: EndBug/add-and-commit@v9 + with: + default_author: github_actions + message: "${{ github.event.pull_request.title }} for all modules" diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml new file mode 100644 index 0000000..f626970 --- /dev/null +++ b/.github/workflows/gosec.yml @@ -0,0 +1,38 @@ +name: Run Gosec +on: + pull_request: + paths: + - "**/*.go" + - "go.mod" + - "go.sum" + push: + branches: + - main + paths: + - "**/*.go" + - "go.mod" + - "go.sum" + +jobs: + Gosec: + permissions: + security-events: write + + runs-on: ubuntu-latest + env: + GO111MODULE: on + steps: + - name: Checkout Source + uses: actions/checkout@v3 + + - name: Run Gosec Security Scanner + uses: securego/gosec@master + with: + # we let the report trigger content trigger a failure using the GitHub Security features. + args: "-exclude=G101,G107 -no-fail -fmt sarif -out results.sarif ./..." + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: results.sarif diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml new file mode 100644 index 0000000..bdc4da2 --- /dev/null +++ b/.github/workflows/issue_labeler.yml @@ -0,0 +1,15 @@ +name: "Issue Labeler" +on: + issues: + types: [opened] + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: github/issue-labeler@v3.1 + if: join(github.event.issue.labels) == '' + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/issue_labeler.yml + enable-versioned-regex: 0 diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml new file mode 100644 index 0000000..d8dd458 --- /dev/null +++ b/.github/workflows/issues.yml @@ -0,0 +1,18 @@ +name: Add Sprint issues to Cosmos SDK Project + +on: + issues: + types: + - opened + - labeled + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v0.5.0 + with: + project-url: https://github.com/orgs/cosmos/projects/26 + github-token: ${{ secrets.PERSONAL_TOKEN }} + labeled: T:Sprint,needs-triage diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml new file mode 100644 index 0000000..7fc1f5a --- /dev/null +++ b/.github/workflows/lint-pr.yml @@ -0,0 +1,47 @@ +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5.2.0 + id: lint_pr_title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: marocchino/sticky-pull-request-comment@v2 + # When the previous steps fails, the workflow would stop. By adding this + # condition you can continue the execution with the populated error message. + if: always() && (steps.lint_pr_title.outputs.error_message != null) + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋🏼 + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + Details: + + ``` + ${{ steps.lint_pr_title.outputs.error_message }} + ``` + + # Delete a previous comment when the issue has been resolved + - if: ${{ steps.lint_pr_title.outputs.error_message == null }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..c035bdb --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,33 @@ +name: Lint +on: + push: + branches: + - main + - release/** + pull_request: + merge_group: +permissions: + contents: read +jobs: + golangci: + name: golangci-lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true + - uses: technote-space/get-diff-action@v6.1.2 + id: git_diff + with: + PATTERNS: | + **/*.go + go.mod + go.sum + **/go.mod + **/go.sum + - name: run linting + if: env.GIT_DIFF + run: | + make lint diff --git a/.github/workflows/md-link-checker.yml b/.github/workflows/md-link-checker.yml new file mode 100644 index 0000000..23749b5 --- /dev/null +++ b/.github/workflows/md-link-checker.yml @@ -0,0 +1,12 @@ +name: Check Markdown links +on: + schedule: + - cron: '* */24 * * *' +jobs: + markdown-link-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 + with: + folder-path: "docs" diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml new file mode 100644 index 0000000..4ed750e --- /dev/null +++ b/.github/workflows/pr-reviews.yml @@ -0,0 +1,26 @@ +# Request review on PRs without changing our codeowners file (which is stricter than review team) +name: Request review on PRs + +on: + pull_request_target: + types: + - opened + - reopened + - ready_for_review + branches: + - "main" + - "release/**" + +jobs: + request: + permissions: + pull-requests: write + name: Request reviews on opened PRs + runs-on: ubuntu-latest + steps: + - name: Create PR review request + if: ${{ !github.event.pull_request.draft }} + run: gh pr edit $PR_URL --add-reviewer @cosmos/sdk-core-review + env: + GH_TOKEN: ${{ secrets.PRBOT_PAT }} + PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/pr_labeler.yml b/.github/workflows/pr_labeler.yml new file mode 100644 index 0000000..885d8b4 --- /dev/null +++ b/.github/workflows/pr_labeler.yml @@ -0,0 +1,18 @@ +name: "Pull Request Labeler" +on: + - pull_request_target + +permissions: + contents: read + +jobs: + labeler: + permissions: + contents: read # for actions/labeler to determine modified files + pull-requests: write # for actions/labeler to add labels to PRs + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@main + with: + configuration-path: .github/pr_labeler.yml + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..20630a1 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,26 @@ +name: "Close stale issues & pull requests" +on: + schedule: + - cron: "0 0 * * *" + +permissions: + contents: read + +jobs: + stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v8 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-pr-message: "This pull request has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions." + days-before-stale: -1 + days-before-close: -1 + days-before-pr-stale: 30 + days-before-pr-close: 4 + exempt-pr-labels: "pinned, security, proposal, blocked" diff --git a/.github/workflows/staticmajor.yml b/.github/workflows/staticmajor.yml new file mode 100644 index 0000000..b3ce439 --- /dev/null +++ b/.github/workflows/staticmajor.yml @@ -0,0 +1,23 @@ +# Staticmajor: Static analyzer to catch leaking resources & other bad code patterns +name: Detect leaking resources and bad code patterns +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + run_staticmajor: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Staticmajor action + id: staticmajor + uses: orijtech/staticmajor-action@main + with: + packages: ./... + resleak: true + structslop: false + tests: false diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..d07efd0 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,78 @@ +name: Tests / Code Coverage +on: + pull_request: + merge_group: + push: + branches: + - main + +permissions: + contents: read + +concurrency: + group: ci-${{ github.ref }}-tests + cancel-in-progress: true + +jobs: + split-test-files: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true + - name: Create a file with all core Cosmos SDK pkgs + run: go list ./... > pkgs.txt + - name: Split pkgs into 4 files + run: split -d -n l/4 pkgs.txt pkgs.txt.part. + - uses: actions/upload-artifact@v3 + with: + name: "${{ github.sha }}-00" + path: ./pkgs.txt.part.00 + - uses: actions/upload-artifact@v3 + with: + name: "${{ github.sha }}-01" + path: ./pkgs.txt.part.01 + - uses: actions/upload-artifact@v3 + with: + name: "${{ github.sha }}-02" + path: ./pkgs.txt.part.02 + - uses: actions/upload-artifact@v3 + with: + name: "${{ github.sha }}-03" + path: ./pkgs.txt.part.03 + + test-rosetta: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true + cache: true + cache-dependency-path: go.sum + - uses: technote-space/get-diff-action@v6.1.2 + id: git_diff + with: + PATTERNS: | + * + **/*.go + go.mod + go.sum + Makefile + - name: tests + if: env.GIT_DIFF + run: | + make test-rosetta + go test -mod=readonly -timeout 30m -coverprofile=coverage.out -covermode=atomic -tags='norace ledger test_ledger_mock rocksdb_build' ./... + - name: sonarcloud + if: ${{ env.GIT_DIFF && !github.event.pull_request.draft && env.SONAR_TOKEN != null }} + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + projectBaseDir: /