feat: scope the CI and add QoL improvements

.github/codecov.yml

@@ -4,7 +4,7 @@ codecov:
     wait_for_ci: true
 
 comment:
-  require_changes: false
+  require_changes: true
 
 coverage:
   round: down
@@ -13,7 +13,7 @@ coverage:
     project:
       default:
         target: auto
-        threshold: 10 # Let's decrease this later.
+        threshold: 5 # Let's decrease this later.
         base: parent
         if_no_uploads: error
         if_not_found: success
@@ -22,12 +22,12 @@ coverage:
     patch:
       default:
         target: auto
-        threshold: 10 # Let's decrease this later.
+        threshold: 5 # Let's decrease this later.
         base: auto
         if_no_uploads: error
         if_not_found: success
         if_ci_failed: error
-        only_pulls: false
+        only_pulls: true # Only check patch coverage on PRs
 
 flag_management:
   default_rules:
@@ -40,6 +40,55 @@ flag_management:
         target: auto # Let's decrease this later.
         threshold: 10
 
+  groups:
+    gno-land:
+      paths:
+        - "gno.land/**"
+      flags:
+        - gno-land
+    gnovm:
+      paths:
+        - "gnovm/**"
+      flags:
+        - gnovm
+    misc:
+      paths:
+        - "misc/**"
+      flags:
+        - misc
+    tm2:
+      paths:
+        - "tm2/**"
+      flags:
+        - tm2
+    contribs:
+      paths:
+        - "contribs/**"
+      flags:
+        - contribs
+
+  statuses:
+    - type: project
+      flag: gno-land
+      target: auto
+      threshold: 5
+    - type: project
+      flag: gnovm
+      target: auto
+      threshold: 2 # Stricter threshold
+    - type: project
+      flag: misc
+      target: auto
+      threshold: 10
+    - type: project
+      flag: tm2
+      target: auto
+      threshold: 5
+    - type: project
+      flag: contribs
+      target: auto
+      threshold: 5
+
 ignore:
   - "gnovm/stdlibs/generated.go"
   - "gnovm/tests/stdlibs/generated.go"

.github/golangci.yml

@@ -44,9 +44,11 @@ linters:
 linters-settings:
   gofmt:
     simplify: true
+
   goconst:
     min-len: 3
     min-occurrences: 3
+
   gosec:
     excludes:
       - G204 # Subprocess launched with a potential tainted input or cmd arguments
@@ -56,24 +58,27 @@ linters-settings:
     checks: [ "all", "-ST1022", "-ST1003" ]
   errorlint:
     asserts: false
+
   gocritic:
     enabled-tags:
       - diagnostic
       - experimental
       - opinionated
       - performance
       - style
+
   forbidigo:
     forbid:
       - p: '^regexp\.(Match|MatchString)$'
-        msg: it will re-compile the regexp for each execution; compile the regexp with regexp.Compile and store it as a singleton
+        msg: "Use compiled regex via regexp.Compile and store as a singleton"
 
 issues:
   whole-files: true
   max-issues-per-linter: 0
   max-same-issues: 0
   new: false
   fix: false
+
   exclude-rules:
     - path: _test\.go
       linters:

.github/workflows/auto-author-assign.yml

@@ -1,4 +1,4 @@
-name: auto-author-assign
+name: Auto Assign PR Author
 
 on:
   pull_request_target:

.github/workflows/autocounterd.yml

@@ -1,19 +1,13 @@
-name: autocounterd
+name: Portal Loop - autocounterd
 
 on:
-  pull_request:
-    branches:
-      - master
   push:
+    branches:
+      - "master"
     paths:
       - misc/autocounterd
       - misc/loop
       - .github/workflows/autocounterd.yml
-    branches:
-      - "master"
-      - "misc/autocounterd"
-    tags:
-      - "v*"
 
 permissions:
   contents: read

.github/workflows/benchmark-master-push.yml

@@ -1,4 +1,4 @@
-name: run benchmarks when pushing on main branch
+name: Run and Save Benchmarks
 
 on:
   push:
@@ -9,6 +9,7 @@ on:
       - gno.land/**
       - gnovm/**
       - tm2/**
+      - '**/*.go'
 
 permissions:
   # deployments permission to deploy GitHub pages website
@@ -22,7 +23,7 @@ env:
 jobs:
   benchmarks:
     if: ${{ github.repository == 'gnolang/gno' }}
-    runs-on: [self-hosted, Linux, X64, benchmarks]
+    runs-on: [ self-hosted, Linux, X64, benchmarks ]
     steps:
       - name: Checkout
         uses: actions/checkout@v4

.github/workflows/codeql.yml

@@ -9,7 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
@@ -41,8 +41,8 @@ jobs:
       fail-fast: false
       matrix:
         include:
-        - language: go
-          build-mode: autobuild
+          - language: go
+            build-mode: autobuild
         # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
         # Use `c-cpp` to analyze code written in C, C++ or both
         # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
@@ -52,38 +52,38 @@ jobs:
         # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - if: matrix.build-mode == 'manual'
-      run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - if: matrix.build-mode == 'manual'
+        run: |
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to build' \
+            'your code, for example:'
+          echo '  make bootstrap'
+          echo '  make release'
+          exit 1
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/contribs.yml

@@ -1,11 +1,13 @@
-name: contribs
+name: Contribs CI Suite
 
 on:
   push:
     branches:
       - master
-  workflow_dispatch:
   pull_request:
+    paths:
+      - contribs/**
+  workflow_dispatch:
 
 jobs:
   setup:
@@ -19,12 +21,13 @@ jobs:
   main:
     needs: setup
     strategy:
-        fail-fast: false
-        matrix:
-          program: ${{ fromJson(needs.setup.outputs.programs) }}
+      fail-fast: false
+      matrix:
+        program: ${{ fromJson(needs.setup.outputs.programs) }}
     name: Run Main
     uses: ./.github/workflows/main_template.yml
     with:
       modulepath: contribs/${{ matrix.program }}
+      go-version: "1.22.x"
     secrets:
       codecov-token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/dependabot-validate.yml

@@ -1,10 +1,11 @@
-name: dependabot validate
+name: Validate Dependabot Config
 
 on:
   pull_request:
     paths:
       - '.github/dependabot.yml'
       - '.github/workflows/dependabot-validate.yml'
+
 jobs:
   validate:
     runs-on: ubuntu-latest

.github/workflows/deploy-docs.yml

@@ -1,4 +1,6 @@
-name: deploy docs on gnolang/docs.gno.land repository
+# This workflow triggers a cross-repo workflow call,
+# that deploys the monorepo docs on Netlify, using Docusaurus
+name: Deploy the Documentation
 on:
   push:
     branches:

.github/workflows/docs.yml → .github/workflows/docs-linter.yml

@@ -1,8 +1,8 @@
-name: "docs / lint"
+name: Docs Linter
 
 on:
   push:
-    paths:
+    branches:
       - master
   pull_request:
     paths:

.github/workflows/examples.yml

@@ -1,9 +1,13 @@
-name: examples
+name: Gno Examples CI Suite
 
 on:
-  pull_request:
   push:
-    branches: ["master"]
+    branches:
+      - master
+  pull_request:
+    paths:
+      - gnovm/**/*.gno
+      - examples/**/*.gno
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -67,26 +71,23 @@ jobs:
       # TODO: consider running lint on every other directories, maybe in "warning" mode?
     # TODO: track coverage
   fmt:
-    strategy:
-      fail-fast: false
-      matrix:
-        goversion: ["1.22.x"]
+    name: Run gno fmt
     runs-on: ubuntu-latest
-    timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
+      - name: gno fmt
+        uses: ./.github/workflows/gnofmt_template.yml
         with:
-          go-version: ${{ matrix.goversion }}
-      - run: |
-          make fmt -C ./examples
-          # Check if there are changes after running make fmt
+          path: "examples/..."
+          go-version: "1.22.x"
+      - name: Check for unformatted gno files
+        run: |
           git diff --exit-code || (echo "Some gno files are not formatted, please run 'make fmt'." && exit 1)
+
   mod-tidy:
     strategy:
       fail-fast: false
       matrix:
-        go-version: ["1.22.x"]
+        go-version: [ "1.22.x" ]
         # unittests: TODO: matrix with contracts
     runs-on: ubuntu-latest
     timeout-minutes: 10