Merge remote-tracking branch 'upstream/main'

.backportrc.json

@@ -0,0 +1,12 @@
+{
+    "repoOwner": "aptos-labs",
+    "repoName": "aptos-core",
+
+    "branchLabelMapping": {
+        "^v(\\d+).(\\d+)$": "aptos-release-v$1.$2"
+    },
+    "commitConflicts": true,
+    "prTitle": "[cp][{{targetBranch}}] {{sourcePullRequest.title}}",
+    "targetPRLabels": ["cherry-pick"],
+    "assignees": ["thepomeranian"]
+}

.cargo/config.toml

@@ -17,7 +17,7 @@ x = "run --package aptos-cargo-cli --bin aptos-cargo-cli --"
 [build]
 rustflags = ["--cfg", "tokio_unstable", "-C", "force-frame-pointers=yes", "-C", "force-unwind-tables=yes"]
 
-# TODO(grao): Figure out whether we should enable other cpu features, and whether we should use a different way to configure them rather than list every single one here.
+# TODO(grao): Figure out whether we should enable othaer cpu features, and whether we should use a different way to configure them rather than list every single one here.
 [target.x86_64-unknown-linux-gnu]
 rustflags = ["--cfg", "tokio_unstable", "-C", "link-arg=-fuse-ld=lld", "-C", "force-frame-pointers=yes", "-C", "force-unwind-tables=yes", "-C", "target-feature=+sse4.2"]
 

.dockerignore

@@ -20,7 +20,7 @@
 !**/*.errmap
 !config/src/config/test_data
 !aptos-move/aptos-gas-profiling/templates/
-!aptos-move/aptos-release-builder/data/release.yaml
+!aptos-move/aptos-release-builder/data/*.yaml
 !aptos-move/aptos-release-builder/data/proposals/*
 !aptos-move/framework/
 !aptos-move/move-examples/hello_blockchain/
@@ -38,3 +38,6 @@
 !testsuite/forge/src/backend/k8s/
 !third_party/move/move-prover/boogie-backend/**/*.bpl
 !testsuite/testcases/src/data/
+!types/src/jwks/rsa/insecure_test_jwk.json
+!types/src/jwks/rsa/secure_test_jwk.json
+!types/src/jwks/rsa/insecure_test_jwk_private_key.pem

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +1,8 @@
 blank_issues_enabled: true
 contact_links:
-  - name: Questions and Help (on Stack Overflow)
-    url: https://stackoverflow.com/questions/tagged/aptos
-    about: Support and other Questions are handled by the team and the community on Stack Overflow.
+  - name: Questions and Help (on Aptos Developer Discussions)
+    url: (https://github.com/aptos-labs/aptos-developer-discussions/discussions
+    about: Support and other Questions are handled by the team and the community on Aptos Developer Discussions.
   - name: Questions, Help and Chat (on Discord)
     url: https://discord.gg/aptosnetwork
     about: Contact the development team, contributors and community on Discord

.github/actionlint.yaml

@@ -1,4 +1,4 @@
 self-hosted-runner:
   # Labels of self-hosted runners in array of string
   labels:
-    - high-perf-docker
+    - runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }}

.github/actions/general-lints/action.yaml

@@ -29,9 +29,7 @@ runs:
 
     # Setup pnpm
     - name: Setup pnpm
-      uses: pnpm/action-setup@v2
-      with:
-        version: 8.2.0
+      uses: pnpm/action-setup@v4
 
     # Install packages for examples and run package build, lint and tests
     - name: Run ecosystem lint

.github/actions/move-tests-compiler-v2/action.yaml

@@ -13,14 +13,6 @@ runs:
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         fetch-depth: 0 # Fetch all git history for accurate target determination
-    - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main
-      with:
-        GIT_CREDENTIALS: ${{ inputs.GIT_CREDENTIALS }}
-
-    # Install nextest
-    - uses: taiki-e/[email protected]
-      with:
-        tool: nextest
 
     # Output the changed files
     - name: Output the changed files

.github/actions/run-ts-sdk-e2e-tests/action.yaml

@@ -38,7 +38,7 @@ runs:
     # Run a local testnet. This installs node and pnpm too.
     - uses: aptos-labs/actions/run-local-testnet@main
       with:
-        PNPM_VERSION: 8.15.6
+        PNPM_VERSION: 8.3.1
         DOCKER_ARTIFACT_REPO: ${{ inputs.GCP_DOCKER_ARTIFACT_REPO }}
         CLI_GIT_REF: ${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }}
 

.github/actions/rust-check-merge-base/action.yaml

@@ -0,0 +1,19 @@
+name: Rust Check Merge Base
+description: Runs the rust merge base freshness check
+inputs:
+  GIT_CREDENTIALS:
+    description: "Optional credentials to pass to git. Useful if you need to pull private repos for dependencies"
+    required: false
+
+runs:
+  using: composite
+  steps:
+    # The source code must be checked out by the workflow that invokes this action.
+    - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main
+      with:
+        GIT_CREDENTIALS: ${{ inputs.GIT_CREDENTIALS }}
+
+    # Check the freshness of the merge base
+    - name: Check the freshness of the merge base
+      run: cargo x check-merge-base -vvv
+      shell: bash

.github/actions/rust-doc-tests/action.yaml

@@ -0,0 +1,16 @@
+name: Rust Doc Tests
+description: Runs only the rust doc tests
+inputs:
+  GIT_CREDENTIALS:
+    description: "Optional credentials to pass to git. Useful if you need to pull private repos for dependencies"
+    required: false
+
+runs:
+  using: composite
+  steps:
+    # The source code must be checked out by the workflow that invokes this action.
+
+    # Run the rust doc tests
+    - name: Run rust doc tests
+      run: cargo test --profile ci --locked --doc --workspace --exclude aptos-node-checker
+      shell: bash

.github/actions/rust-lints/action.yaml

@@ -10,10 +10,6 @@ runs:
   steps:
     # The source code must be checkout out by the workflow that invokes this action.
 
-    - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main
-      with:
-        GIT_CREDENTIALS: ${{ inputs.GIT_CREDENTIALS }}
-
     # Run the pre-commit checks
     - uses: pre-commit/[email protected]
 

.github/actions/rust-smoke-tests/action.yaml

@@ -10,15 +10,6 @@ runs:
   steps:
     # The source code must be checkout out by the workflow that invokes this action.
 
-    - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main
-      with:
-        GIT_CREDENTIALS: ${{ inputs.GIT_CREDENTIALS }}
-
-    # Install nextest
-    - uses: taiki-e/[email protected]
-      with:
-        tool: nextest
-
     # Run a postgres database
     - name: Run postgres database
       run: docker run --detach -p 5432:5432 cimg/postgres:14.2

.github/actions/rust-targeted-unit-tests/action.yaml

@@ -9,14 +9,6 @@ runs:
   using: composite
   steps:
     # The source code must be checked out by the workflow that invokes this action.
-    - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main
-      with:
-        GIT_CREDENTIALS: ${{ inputs.GIT_CREDENTIALS }}
-
-    # Install nextest
-    - uses: taiki-e/[email protected]
-      with:
-        tool: nextest
 
     # Run a postgres database
     - name: Run postgres database
@@ -25,18 +17,18 @@ runs:
 
     # Output the changed files
     - name: Output the changed files
-      run: cargo x changed-files -vv
+      run: cargo x changed-files -vvv
       shell: bash
 
     # Output the affected packages
     - name: Output the affected packages
-      run: cargo x affected-packages -vv
+      run: cargo x affected-packages -vvv
       shell: bash
 
     # Run only the targeted rust unit tests
     - name: Run only the targeted unit tests
       run: |
-        cargo x targeted-unit-tests -vv --profile ci --cargo-profile ci --locked --no-fail-fast --retries 3
+        cargo x targeted-unit-tests -vvv --profile ci --cargo-profile ci --locked --no-fail-fast --retries 3
       shell: bash
       env:
         INDEXER_DATABASE_URL: postgresql://postgres@localhost/postgres

.github/actions/rust-unit-tests/action.yaml

@@ -4,17 +4,11 @@ inputs:
   GIT_CREDENTIALS:
     description: "Optional credentials to pass to git. Useful if you need to pull private repos for dependencies"
     required: false
-  BUILDKITE_ANALYTICS_TOKEN:
-    description: "The Buildkite API token"
-    required: true
 
 runs:
   using: composite
   steps:
     # The source code must be checkout out by the workflow that invokes this action.
-    - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main
-      with:
-        GIT_CREDENTIALS: ${{ inputs.GIT_CREDENTIALS }}
 
     # Check the VM features
     - name: Check VM features
@@ -26,16 +20,6 @@ runs:
       run: cargo test --profile ci --locked --doc --workspace --exclude aptos-node-checker
       shell: bash
 
-    # Install nextest
-    - uses: taiki-e/[email protected]
-      with:
-        tool: nextest
-
-    # Install buildkite-test-collector
-    - name: Install buildkite-test-collector
-      run: cargo install buildkite-test-collector
-      shell: bash
-
     # Run a postgres database
     - name: Run postgres database
       run: docker run --detach -p 5432:5432 cimg/postgres:14.2
@@ -44,8 +28,7 @@ runs:
     # Run the rust unit tests
     - name: Run all unit tests
       run: |
-        NEXTEST_EXPERIMENTAL_LIBTEST_JSON=1 cargo nextest run --profile ci --cargo-profile ci --locked --workspace --exclude smoke-test --exclude aptos-testcases --retries 3 --no-fail-fast --message-format libtest-json > nextest_output.json || python3 .github/actions/rust-unit-tests/nextest_summary.py nextest_output.json "$GITHUB_STEP_SUMMARY" -f
-        buildkite-test-collector < nextest_output.json || echo "Warning: buildkite-test-collector encountered an error"
+        NEXTEST_EXPERIMENTAL_LIBTEST_JSON=1 cargo nextest run --profile ci --cargo-profile ci --locked --workspace --exclude smoke-test --exclude aptos-testcases --exclude aptos-keyless-circuit --retries 3 --no-fail-fast --message-format libtest-json > nextest_output.json || python3 .github/actions/rust-unit-tests/nextest_summary.py nextest_output.json "$GITHUB_STEP_SUMMARY" -f
         python3 .github/actions/rust-unit-tests/nextest_summary.py nextest_output.json "$GITHUB_STEP_SUMMARY" || echo "summary generation had an error"
         rm nextest_output.json
       shell: bash
@@ -58,4 +41,3 @@ runs:
         CVC5_EXE: /home/runner/bin/cvc5
         DOTNET_ROOT: /home/runner/.dotnet
         BOOGIE_EXE: /home/runner/.dotnet/tools/boogie
-        BUILDKITE_ANALYTICS_TOKEN: ${{ inputs.BUILDKITE_ANALYTICS_TOKEN }}

.github/runs-on.yml

@@ -0,0 +1,10 @@
+images:
+  aptos-ubuntu-x64:
+    platform: "linux"
+    arch: "x64"
+    ami: "ami-07ce6402e4a205d44"
+  aptos-ubuntu-x64-latest:
+    platform: "linux"
+    arch: "x64"
+    owner: "058264343338" # aptos-ci AWS account id
+    name: "aptos-runs-on-*"

.github/workflows/adhoc-forge.yaml

@@ -1,5 +1,8 @@
 name: "Ad-hoc Forge Run"
 on:
+  pull_request:
+    paths:
+      - ".github/workflows/adhoc-forge.yaml"
   workflow_dispatch:
     inputs:
       GIT_SHA:
@@ -28,6 +31,19 @@ on:
         required: false
         type: string
         description: The Forge k8s cluster to be used for test
+      FORGE_ENABLE_HAPROXY:
+        required: false
+        default: false
+        type: boolean
+        description: enable haproxy for the forge test
+      FORGE_NUM_VALIDATORS:
+        required: false
+        type: string
+        description: Number of validators to use for the forge test
+      FORGE_NUM_VALIDATOR_FULLNODES:
+        required: false
+        type: string
+        description: Number of validator fullnodes to use for the forge test
 
 permissions:
   contents: read
@@ -47,13 +63,19 @@ jobs:
           echo "FORGE_RUNNER_DURATION_SECS: ${{ inputs.FORGE_RUNNER_DURATION_SECS }}"
           echo "FORGE_TEST_SUITE: ${{ inputs.FORGE_TEST_SUITE }}"
           echo "FORGE_CLUSTER_NAME: ${{ inputs.FORGE_CLUSTER_NAME }}"
+          echo "FORGE_ENABLE_HAPROXY: ${{ inputs.FORGE_ENABLE_HAPROXY }}"
+          echo "FORGE_NUM_VALIDATORS: ${{ inputs.FORGE_NUM_VALIDATORS }}"
+          echo "FORGE_NUM_VALIDATOR_FULLNODES: ${{ inputs.FORGE_NUM_VALIDATOR_FULLNODES }}"
     outputs:
       gitSha: ${{ inputs.GIT_SHA }}
       imageTag: ${{ inputs.IMAGE_TAG }}
       forgeImageTag: ${{ inputs.FORGE_IMAGE_TAG }}
-      forgeRunnerDurationSecs: ${{ inputs.FORGE_RUNNER_DURATION_SECS }}
+      forgeRunnerDurationSecs: ${{ inputs.FORGE_RUNNER_DURATION_SECS || 600 }}
       forgeTestSuite: ${{ inputs.FORGE_TEST_SUITE }}
       forgeClusterName: ${{ inputs.FORGE_CLUSTER_NAME }}
+      forgeEnableHaproxy: ${{ inputs.FORGE_ENABLE_HAPROXY }}
+      forgeNumValidators: ${{ inputs.FORGE_NUM_VALIDATORS }}
+      forgeNumValidatorFullnodes: ${{ inputs.FORGE_NUM_VALIDATOR_FULLNODES }}
 
   adhoc-forge-test:
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
@@ -66,3 +88,6 @@ jobs:
       FORGE_TEST_SUITE: ${{ needs.determine-forge-run-metadata.outputs.forgeTestSuite }}
       FORGE_RUNNER_DURATION_SECS: ${{ fromJSON(needs.determine-forge-run-metadata.outputs.forgeRunnerDurationSecs) }} # fromJSON converts to integer
       FORGE_CLUSTER_NAME: ${{ needs.determine-forge-run-metadata.outputs.forgeClusterName }}
+      FORGE_ENABLE_HAPROXY: ${{ needs.determine-forge-run-metadata.outputs.forgeEnableHaproxy }}
+      FORGE_NUM_VALIDATORS: ${{ needs.determine-forge-run-metadata.outputs.forgeNumValidators }}
+      FORGE_NUM_VALIDATOR_FULLNODES: ${{ needs.determine-forge-run-metadata.outputs.forgeNumValidatorFullnodes }}

.github/workflows/backport-to-release-branches.yaml

@@ -0,0 +1,38 @@
+name: Backport to Release Branches 
+
+on:
+  pull_request_target:
+    types: ["labeled", "closed"]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  permission-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check repository permission for user which triggered workflow
+        uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c
+        with:
+          required-permission: write
+          comment-not-permitted: Sorry, you don't have permission to trigger this workflow.
+
+  backport:
+    name: Backport PR
+    needs: [permission-check]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Backport Action
+        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          add_original_reviewers: true 
+
+      - name: Info log
+        if: ${{ success() }}
+        run: cat ~/.backport/backport.info.log
+
+      - name: Debug log
+        if: ${{ failure() }}
+        run: cat ~/.backport/backport.debug.log        

.github/workflows/check-protos.yaml

@@ -51,9 +51,7 @@ jobs:
           version: "25.x"
 
       # Set up pnpm.
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 8.6.2
+      - uses: pnpm/action-setup@v4
 
       # Set up Poetry.
       - name: Install Python deps for generating code from protos

.github/workflows/check-sdk-examples.yaml

@@ -27,7 +27,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
-      - uses: pnpm/action-setup@v2
+      - uses: pnpm/action-setup@v4
 
       # Run example code in typescript.
       - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2

.github/workflows/cli-e2e-tests.yaml

@@ -25,7 +25,7 @@ jobs:
   # we ensure that the Aptos CLI works with all 3 prod networks, at least
   # based on the tests in the test suite.
   run-cli-tests:
-    runs-on: high-perf-docker
+    runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }}
     permissions:
       contents: read
       id-token: write

.github/workflows/copy-images-to-dockerhub.yaml

@@ -52,7 +52,7 @@ jobs:
         with:
           node-version-file: .node-version
 
-      - uses: pnpm/action-setup@v2
+      - uses: pnpm/action-setup@v4
 
       - name: Release Images
         env: