From 687d7ed6ec413d7e5c448049e7464c8306a03ff6 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Mon, 4 Dec 2023 18:44:36 +0100 Subject: [PATCH 1/7] docs: fix SDK link (#1462) fix SDK link --- STATE-COMPATIBILITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/STATE-COMPATIBILITY.md b/STATE-COMPATIBILITY.md index 1819aaf981..b62c00c7a4 100644 --- a/STATE-COMPATIBILITY.md +++ b/STATE-COMPATIBILITY.md @@ -56,7 +56,7 @@ To avoid these problems, let's now examine how these hashes work. **Note:** The following explanation is simplified for clarity. An app hash is a hash of hashes of every store's Merkle root that is returned by ABCI's `Commit()` from Cosmos-SDK to CometBFT. -Cosmos-SDK [takes an app hash of the application state](https://github.com/osmosis-labs/cosmos-sdk/blob/5c9a51c277d067e0ec5cf48df30a85fae95bcd14/store/rootmulti/store.go#L430), and propagates it to CometBFT which, in turn, compares it to the app hash of the rest of the network. +Cosmos-SDK [takes an app hash of the application state](https://github.com/cosmos/cosmos-sdk/blob/v0.47.6/store/rootmulti/store.go#L468), and propagates it to CometBFT which, in turn, compares it to the app hash of the rest of the network. Then, CometBFT ensures that the app hash of the local node matches the app hash of the network. ### LastResultsHash From 12288db6a5d5ec4b811027920adfd7d65d0068d0 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Mon, 4 Dec 2023 18:44:55 +0100 Subject: [PATCH 2/7] docs: reject ADR-007 (#1463) * reject ADR-007 * update the status for ADRs --- .../adrs/adr-003-equivocation-gov-proposal.md | 8 +++- .../adr-007-pause-unbonding-on-eqv-prop.md | 8 +++- .../adrs/adr-011-improving-test-confidence.md | 2 +- .../adrs/adr-013-equivocation-slashing.md | 2 +- docs/docs/adrs/intro.md | 37 ++++++++++++------- 5 files changed, 39 insertions(+), 18 deletions(-) diff --git a/docs/docs/adrs/adr-003-equivocation-gov-proposal.md b/docs/docs/adrs/adr-003-equivocation-gov-proposal.md index 242c023010..a11af7471a 100644 --- a/docs/docs/adrs/adr-003-equivocation-gov-proposal.md +++ b/docs/docs/adrs/adr-003-equivocation-gov-proposal.md @@ -6,13 +6,19 @@ title: Equivocation governance proposal ## Changelog * 2023-02-06: Initial draft +* 2023-11-30: Change status to deprecated ## Status -Accepted +Deprecated ## Context +**Note:** ADR deprecated as the equivocation proposal was removed by the +cryptographic verification of equivocation feature +(see [ADR-005](./adr-005-cryptographic-equivocation-verification.md) and +[ADR-013](./adr-013-equivocation-slashing.md)). + We want to limit the possibilities of a consumer chain to execute actions on the provider chain to maintain and ensure optimum security of the provider chain. For instance, a malicious consumer consumer chain can send slash packet to the provider chain, which will slash a validator without the need of providing an evidence. diff --git a/docs/docs/adrs/adr-007-pause-unbonding-on-eqv-prop.md b/docs/docs/adrs/adr-007-pause-unbonding-on-eqv-prop.md index bf3a761704..ce23051582 100644 --- a/docs/docs/adrs/adr-007-pause-unbonding-on-eqv-prop.md +++ b/docs/docs/adrs/adr-007-pause-unbonding-on-eqv-prop.md @@ -6,13 +6,19 @@ title: ADR Template ## Changelog * 2023-05-16: Initial Draft +* 2023-11-30: Change the status to rejected ## Status -Proposed +Rejected ## Context +**Note:** ADR rejected as the equivocation proposal was removed by the +cryptographic verification of equivocation feature +(see [ADR-005](./adr-005-cryptographic-equivocation-verification.md) and +[ADR-013](./adr-013-equivocation-slashing.md)). + Currently, if an equivocation slashing proposal is created after more than one week has passed since the equivocation, it is possible that the validator in question could unbond and get away without being slashed, since the unbonding diff --git a/docs/docs/adrs/adr-011-improving-test-confidence.md b/docs/docs/adrs/adr-011-improving-test-confidence.md index 397f8f5e01..e7818bbfb3 100644 --- a/docs/docs/adrs/adr-011-improving-test-confidence.md +++ b/docs/docs/adrs/adr-011-improving-test-confidence.md @@ -2,7 +2,7 @@ sidebar_position: 12 title: Improving testing and increasing confidence --- -# ADR 11: Improving testing and increasing confidence +# ADR 011: Improving testing and increasing confidence ## Changelog * 2023-08-11: Proposed, first draft of ADR. diff --git a/docs/docs/adrs/adr-013-equivocation-slashing.md b/docs/docs/adrs/adr-013-equivocation-slashing.md index 1351cf5234..54b65c095b 100644 --- a/docs/docs/adrs/adr-013-equivocation-slashing.md +++ b/docs/docs/adrs/adr-013-equivocation-slashing.md @@ -8,7 +8,7 @@ title: Slashing on the provider for consumer equivocation * 1st Sept. 2023: Initial draft ## Status -Proposed +Accepted ## Context This ADR presents some approaches on how to slash on the provider chain validators that performed equivocations on consumer chains. diff --git a/docs/docs/adrs/intro.md b/docs/docs/adrs/intro.md index 5ab86c2a93..38021f1619 100644 --- a/docs/docs/adrs/intro.md +++ b/docs/docs/adrs/intro.md @@ -30,17 +30,26 @@ To suggest an ADR, please make use of the [ADR template](./adr-template.md) prov ## Table of Contents -| ADR \# | Description | Status | -| ------ | ----------- | ------ | -| [001](./adr-001-key-assignment.md) | Consumer chain key assignment | Accepted, Implemented | -| [002](./adr-002-throttle.md) | Jail Throttling | Accepted, Implemented | -| [003](./adr-003-equivocation-gov-proposal.md) | Equivocation governance proposal | Accepted, Implemented | -| [004](./adr-004-denom-dos-fixes) | Denom DOS fixes | Accepted, Implemented | -| [005](./adr-005-cryptographic-equivocation-verification.md) | Cryptographic verification of equivocation evidence | Accepted, In-progress | -| [007](./adr-007-pause-unbonding-on-eqv-prop.md) | Pause validator unbonding during equivocation proposal | Proposed | -| [008](./adr-008-throttle-retries.md) | Throttle with retries | Accepted, In-progress | -| [009](./adr-009-soft-opt-out.md) | Soft Opt-out | Accepted, Implemented | -| [010](./adr-010-standalone-changeover.md) | Standalone to Consumer Changeover | Accepted, Implemented | -| [011](./adr-011-improving-test-confidence.md) | Improving testing and increasing confidence | Proposed | -| [012](./adr-012-separate-releasing.md) | Separate Releasing | Proposed | -| [013](./adr-013-equivocation-slashing.md) | Slashing on the provider for consumer equivocation | Proposed | +### Accepted + +- [ADR 001: Key Assignment](./adr-001-key-assignment.md) +- [ADR 002: Jail Throttling](./adr-002-throttle.md) +- [ADR 004: Denom DOS fixes](./adr-004-denom-dos-fixes) +- [ADR 005: Cryptographic verification of equivocation evidence](./adr-005-cryptographic-equivocation-verification.md) +- [ADR 008: Throttle with retries](./adr-008-throttle-retries.md) +- [ADR 009: Soft Opt-Out](./adr-009-soft-opt-out.md) +- [ADR 010: Standalone to Consumer Changeover](./adr-010-standalone-changeover.md) +- [ADR 013: Slashing on the provider for consumer equivocation](./adr-013-equivocation-slashing.md) + +### Proposed + +- [ADR 011: Improving testing and increasing confidence](./adr-011-improving-test-confidence.md) + +### Rejected + +- [ADR 007: Pause validator unbonding during equivocation proposal](./adr-007-pause-unbonding-on-eqv-prop.md) +- [ADR 012: Separate Releasing](./adr-012-separate-releasing.md) + +### Deprecated + +- [ADR 003: Equivocation governance proposal](./adr-003-equivocation-gov-proposal.md) From 3f5cc46543bd59c9236456b8a276b4f5ee6e42f3 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Tue, 5 Dec 2023 12:31:51 +0100 Subject: [PATCH 3/7] chore: update bots for release/v3.3.x (#1477) update bots --- .github/dependabot.yml | 10 ++++++++++ .mergify.yml | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3b1bbd1653..b6def1574e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -77,3 +77,13 @@ updates: open-pull-requests-limit: 0 labels: - dependencies + + - package-ecosystem: gomod + directory: "/" + schedule: + interval: daily + target-branch: "release/v3.3.x" + # Only allow automated security-related dependency updates on release branches. + open-pull-requests-limit: 0 + labels: + - dependencies diff --git a/.mergify.yml b/.mergify.yml index 539d0115f2..3cf8896590 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -58,3 +58,11 @@ pull_request_rules: backport: branches: - release/v3.2.x + - name: Backport patches to the release/v3.3.x branch + conditions: + - base=main + - label=A:backport/v3.3.x + actions: + backport: + branches: + - release/v3.3.x From 972d5da0fa259985478ccc8b0e02358aa826dd03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 12:39:51 +0100 Subject: [PATCH 4/7] build(deps): bump github.com/spf13/cast from 1.5.1 to 1.6.0 (#1470) Bumps [github.com/spf13/cast](https://github.com/spf13/cast) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/spf13/cast/releases) - [Commits](https://github.com/spf13/cast/compare/v1.5.1...v1.6.0) --- updated-dependencies: - dependency-name: github.com/spf13/cast dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6381587dc8..772a0c39b9 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/kylelemons/godebug v1.1.0 github.com/oxyno-zeta/gomock-extra-matcher v1.2.0 github.com/rakyll/statik v0.1.7 // indirect - github.com/spf13/cast v1.5.1 + github.com/spf13/cast v1.6.0 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 github.com/tidwall/gjson v1.17.0 diff --git a/go.sum b/go.sum index 9619db64ae..3d2d37d217 100644 --- a/go.sum +++ b/go.sum @@ -400,7 +400,7 @@ github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= @@ -897,8 +897,8 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= -github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -1056,7 +1056,6 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= -golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1351,7 +1350,6 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 129430d2c3c457ace83efb5e004d222b7f53aef7 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Tue, 5 Dec 2023 13:04:42 +0100 Subject: [PATCH 5/7] ci: update PR labeler config file (#1479) update pr-labeler config file --- .github/pr_labeler.yml | 48 +++++++++++++++++++------------- .github/workflows/pr_labeler.yml | 2 +- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/.github/pr_labeler.yml b/.github/pr_labeler.yml index 56249140c4..3b5f092349 100644 --- a/.github/pr_labeler.yml +++ b/.github/pr_labeler.yml @@ -1,29 +1,37 @@ "C:x/consumer": - - x/ccv/consumer/**/* +- changed-files: + - any-glob-to-any-file: x/ccv/consumer/** "C:x/democracy": - - x/ccv/democracy/**/* +- changed-files: + - any-glob-to-any-file: x/ccv/democracy/** "C:x/provider": - - x/ccv/provider/**/* +- changed-files: + - any-glob-to-any-file: x/ccv/provider/** "C:x/types": - - x/ccv/types/**/* +- changed-files: + - any-glob-to-any-file: x/ccv/types/** "C:Docs": - - docs/docs/**/* +- changed-files: + - any-glob-to-any-file: docs/docs/** "C:ADR": - - docs/docs/adrs/**/* +- changed-files: + - any-glob-to-any-file: docs/docs/adrs/** "C:CI": - - .github/**/*.yml - - buf.work.yaml - - .mergify.yml - - .golangci.yml - - mlc_config.json - - sonar-project.properties +- changed-files: + - any-glob-to-any-file: .github/**/*.yml + - any-glob-to-any-file: buf.work.yaml + - any-glob-to-any-file: .mergify.yml + - any-glob-to-any-file: .golangci.yml + - any-glob-to-any-file: mlc_config.json + - any-glob-to-any-file: sonar-project.properties "C:Build": - - Makefile - - Dockerfile - - scripts/* +- changed-files: + - any-glob-to-any-file: Makefile + - any-glob-to-any-file: Dockerfile + - any-glob-to-any-file: scripts/** "C:Testing": - - app/**/* - - cmd/**/* - - legacy_ibc_testing/**/* - - tests/**/* - - testutil/**/* \ No newline at end of file +- changed-files: + - any-glob-to-any-file: app/** + - any-glob-to-any-file: cmd/** + - any-glob-to-any-file: tests/** + - any-glob-to-any-file: testutil/** \ No newline at end of file diff --git a/.github/workflows/pr_labeler.yml b/.github/workflows/pr_labeler.yml index 3adc6112d0..a9d8e732b6 100644 --- a/.github/workflows/pr_labeler.yml +++ b/.github/workflows/pr_labeler.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write # for actions/labeler to add labels to PRs runs-on: ubuntu-latest steps: - - uses: actions/labeler@main + - uses: actions/labeler@v5 with: configuration-path: .github/pr_labeler.yml repo-token: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file From 8633f0e8697358a366a9411f32103ce6e83d247e Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Tue, 5 Dec 2023 13:05:48 +0100 Subject: [PATCH 6/7] chore: replace v2.1.x-provider-lsm with v2.4.x-lsm (#1478) replace v2.1.x-provider-lsm with v2.4.x-lsm --- .github/dependabot.yml | 2 +- .mergify.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b6def1574e..c06758530a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -42,7 +42,7 @@ updates: directory: "/" schedule: interval: daily - target-branch: "release/v2.1.x-provider-lsm" + target-branch: "release/v2.4.x-lsm" # Only allow automated security-related dependency updates on release branches. open-pull-requests-limit: 0 labels: diff --git a/.mergify.yml b/.mergify.yml index 3cf8896590..b9f995e043 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -26,14 +26,14 @@ pull_request_rules: backport: branches: - release/v2.0.x-lsm - - name: Backport patches to the release/v2.1.x-provider-lsm branch + - name: Backport patches to the release/v2.4.x-lsm branch conditions: - base=main - - label=A:backport/v2.1.x-provider-lsm + - label=A:backport/v2.4.x-lsm actions: backport: branches: - - release/v2.1.x-provider-lsm + - release/v2.4.x-lsm - name: Backport patches to the release/v3.0.x branch conditions: - base=main From 164facb01bcd85f171e35eefdfdbb52ba6af63d5 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Tue, 5 Dec 2023 13:46:12 +0100 Subject: [PATCH 7/7] ci: updating some workflows and preparing for merge queues (#1464) * update codeql analysis * add merge_group to go linter * update golangci_version in Makefile * add diff condition on linter * add paths to gosec.yml * update md link checker * add merge_group to test.yml * add PR linter * add workflow for adding issue labels --- .github/issue_labeler.yml | 2 + .../{codeql.yml => codeql-analysis.yml} | 34 +++++++------- .github/workflows/golangci-lint.yml | 47 +++++++------------ .github/workflows/gosec.yml | 15 ++++-- .github/workflows/issue_labeler.yml | 15 ++++++ .github/workflows/linkchecker.yml | 14 ------ .github/workflows/lint-pr.yml | 47 +++++++++++++++++++ .github/workflows/md-link-checker.yml | 13 +++++ .github/workflows/test.yml | 1 + Makefile | 2 +- 10 files changed, 126 insertions(+), 64 deletions(-) create mode 100644 .github/issue_labeler.yml rename .github/workflows/{codeql.yml => codeql-analysis.yml} (69%) create mode 100644 .github/workflows/issue_labeler.yml delete mode 100644 .github/workflows/linkchecker.yml create mode 100644 .github/workflows/lint-pr.yml create mode 100644 .github/workflows/md-link-checker.yml diff --git a/.github/issue_labeler.yml b/.github/issue_labeler.yml new file mode 100644 index 0000000000..cd0e25488a --- /dev/null +++ b/.github/issue_labeler.yml @@ -0,0 +1,2 @@ +needs-triage: # if no label is set then set triage + - '' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql-analysis.yml similarity index 69% rename from .github/workflows/codeql.yml rename to .github/workflows/codeql-analysis.yml index c6fb56c2a6..6d30a0fee4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,18 +2,15 @@ name: "CodeQL" on: push: - branches: - - main - - feat/* - - paths-ignore: - - "legacy_ibc_testing" + paths: + - "**.go" pull_request: branches: - main + - release/* - feat/* - paths-ignore: - - "legacy_ibc_testing" + paths: + - "**.go" schedule: # ┌───────────── minute (0 - 59) # │ ┌───────────── hour (0 - 23) @@ -27,28 +24,33 @@ on: - cron: "30 1 * * 0" jobs: - CodeQL-Build: - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest + analyze: + name: Analyze runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # only required for workflows in private repositories actions: read contents: read + security-events: write steps: - name: Checkout repository uses: actions/checkout@v4 - + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 # Override language selection by uncommenting this and choosing your languages with: languages: go + queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main + packs: +crypto-com/cosmos-sdk-codeql + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below). diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 33a2f62c07..5e70c5d2d7 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -1,47 +1,34 @@ -name: golangci-lint +name: Lint on: push: - tags: - - v* branches: - - master - main + - release/** - feat/* pull_request: + merge_group: permissions: contents: read - # Optional: allow read access to pull request. Use with `only-new-issues` option. - # pull-requests: read jobs: golangci: - name: lint + name: golangci-lint runs-on: ubuntu-latest steps: - uses: actions/setup-go@v4 with: go-version: '1.20' - - uses: actions/checkout@v4 - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + - uses: technote-space/get-diff-action@v6.1.2 + id: git_diff with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v1.54.1 - - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. - args: --config=.golangci.yml - - # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true - - # Optional: if set to true then the all caching functionality will be complete disabled, - # takes precedence over all other caching options. - # skip-cache: true - - # Optional: if set to true then the action don't cache or restore ~/go/pkg. - # skip-pkg-cache: true + PATTERNS: | + **/*.go + go.mod + go.sum + **/go.mod + **/go.sum + - uses: actions/checkout@v4 + - name: run linting + if: env.GIT_DIFF + run: | + make lint - # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. - # skip-build-cache: true diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml index d01bfd37f4..3955b92323 100644 --- a/.github/workflows/gosec.yml +++ b/.github/workflows/gosec.yml @@ -1,13 +1,22 @@ -name: gosec +name: Run Gosec on: - push: + pull_request: + paths: + - "**/*.go" + - "go.mod" + - "go.sum" branches: - main - feat/* - pull_request: + push: branches: - main - feat/* + paths: + - "**/*.go" + - "go.mod" + - "go.sum" + jobs: Gosec: runs-on: ubuntu-latest diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml new file mode 100644 index 0000000000..cc3e78fe99 --- /dev/null +++ b/.github/workflows/issue_labeler.yml @@ -0,0 +1,15 @@ +name: "Issue Labeler" +on: + issues: + types: [opened] + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: github/issue-labeler@v3.3 + if: join(github.event.issue.labels) == '' + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/issue_labeler.yml + enable-versioned-regex: 0 diff --git a/.github/workflows/linkchecker.yml b/.github/workflows/linkchecker.yml deleted file mode 100644 index a1afa643cf..0000000000 --- a/.github/workflows/linkchecker.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Check Markdown links -on: push -jobs: - markdown-link-check: - runs-on: ubuntu-latest - steps: - # Check out the latest version of the code - - uses: actions/checkout@v4 - - # Checks the status of hyperlinks in *.md files in docs/ - - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 - with: - folder-path: "docs" - file-path: './README.md' \ No newline at end of file diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml new file mode 100644 index 0000000000..18027164fc --- /dev/null +++ b/.github/workflows/lint-pr.yml @@ -0,0 +1,47 @@ +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5.4.0 + id: lint_pr_title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: marocchino/sticky-pull-request-comment@v2 + # When the previous steps fails, the workflow would stop. By adding this + # condition you can continue the execution with the populated error message. + if: always() && (steps.lint_pr_title.outputs.error_message != null) + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋🏼 + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + Details: + + ``` + ${{ steps.lint_pr_title.outputs.error_message }} + ``` + + # Delete a previous comment when the issue has been resolved + - if: ${{ steps.lint_pr_title.outputs.error_message == null }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/md-link-checker.yml b/.github/workflows/md-link-checker.yml new file mode 100644 index 0000000000..981bc1b601 --- /dev/null +++ b/.github/workflows/md-link-checker.yml @@ -0,0 +1,13 @@ +name: Check Markdown links +on: + pull_request: + paths: + - "**.md" + - "!.github/**" + - "!.changelog/**" +jobs: + markdown-link-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index efd2860398..35d1f05c64 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,6 +2,7 @@ name: Test on: workflow_call: pull_request: + merge_group: push: branches: - main diff --git a/Makefile b/Makefile index 33420f4c4e..27719a9942 100644 --- a/Makefile +++ b/Makefile @@ -96,7 +96,7 @@ test-trace: ### Linting ### ############################################################################### -golangci_version=v1.52.2 +golangci_version=v1.54.1 lint: @echo "--> Running linter"