-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump deps #78
Conversation
Warning Rate limit exceeded@beer-1 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 21 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. WalkthroughThe pull request includes several updates across multiple workflow files and the Changes
Possibly related PRs
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 4
🧹 Outside diff range and nitpick comments (3)
.github/workflows/build-darwin-arm64.yml (1)
17-17
: Document the Go version strategy.Consider adding a comment in the workflow file explaining the version strategy:
- Why we use minor version (
"1.22"
) instead of patch version- How this relates to the minimum version requirements
- name: Set up Go uses: actions/setup-go@v4 with: + # Using minor version to get security updates while staying on Go 1.22.x go-version: "1.22"
.github/workflows/build-darwin-amd64.yml (1)
Line range hint
52-61
: Improve build step maintainability and reliabilityThe build and package step has several issues that could affect maintainability:
- Debug
ls
commands are present in production workflow- Complex command chain with multiple directory changes
- Hard-to-read escaped paths
Consider refactoring to improve readability and maintainability:
- name: Build and Package for Darwin ADM642 run: | - cd ../miniwasm \ - && make build \ - && cd ./build \ - && ls ~/go/pkg/mod/github.com/ \ - && ls ~/go/pkg/mod/github.com/\!cosm\!wasm/ \ - && cp ~/go/pkg/mod/github.com/\!cosm\!wasm/wasmvm/v2@${WASMVM_VERSION}/internal/api/libwasmvm.dylib ./ \ - && tar -czvf miniwasm_"$VERSION"_Darwin_"$ARCH_NAME".tar.gz ./minitiad libwasmvm.dylib \ - && mv ./miniwasm_"$VERSION"_Darwin_"$ARCH_NAME".tar.gz $GITHUB_WORKSPACE/ \ - && rm -rf ./libwasmvm.dylib ./minitiad + WASMVM_PATH="$HOME/go/pkg/mod/github.com/CosmWasm/wasmvm/v2@${WASMVM_VERSION}" + BUILD_DIR="../miniwasm/build" + + # Build the application + cd ../miniwasm + make build + + # Package the artifacts + cd ./build + cp "${WASMVM_PATH}/internal/api/libwasmvm.dylib" ./ + tar -czvf "miniwasm_${VERSION}_Darwin_${ARCH_NAME}.tar.gz" ./minitiad libwasmvm.dylib + mv "miniwasm_${VERSION}_Darwin_${ARCH_NAME}.tar.gz" "$GITHUB_WORKSPACE/" + + # Cleanup + rm -rf ./libwasmvm.dylib ./minitiad🧰 Tools
🪛 actionlint
21-21: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
21-21: shellcheck reported issue in this script: SC2086:info:2:58: Double quote to prevent globbing and word splitting
(shellcheck)
21-21: shellcheck reported issue in this script: SC2086:info:3:24: Double quote to prevent globbing and word splitting
(shellcheck)
21-21: shellcheck reported issue in this script: SC2086:info:4:23: Double quote to prevent globbing and word splitting
(shellcheck)
21-21: shellcheck reported issue in this script: SC2193:warning:5:27: The arguments to this comparison can never be equal. Make sure your syntax is correct
(shellcheck)
21-21: shellcheck reported issue in this script: SC2086:info:10:30: Double quote to prevent globbing and word splitting
(shellcheck)
21-21: shellcheck reported issue in this script: SC2086:info:11:28: Double quote to prevent globbing and word splitting
(shellcheck)
21-21: shellcheck reported issue in this script: SC2086:info:13:44: Double quote to prevent globbing and word splitting
(shellcheck)
go.mod (1)
Line range hint
286-294
: Consider tracking temporary replace directivesSeveral replace directives are using custom forks or specific commits:
github.com/cometbft/cometbft
→ custom fork with specific commitgithub.com/cosmos/ibc-go/v8
→ custom forkgithub.com/strangelove-ventures/cometbft-client
→ temporary until PR is mergedgoogle.golang.org/grpc
→ pinned version due to cosmos/relayer issueConsider:
- Adding a tracking issue for removing temporary replacements once upstream PRs are merged
- Documenting the rationale for each custom fork in the codebase
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
⛔ Files ignored due to path filters (1)
go.sum
is excluded by!**/*.sum
📒 Files selected for processing (6)
.github/workflows/build-darwin-amd64.yml
(1 hunks).github/workflows/build-darwin-arm64.yml
(1 hunks).github/workflows/build-linux-amd64.yml
(1 hunks).github/workflows/lint.yml
(2 hunks)README.md
(1 hunks)go.mod
(12 hunks)
✅ Files skipped from review due to trivial changes (1)
- README.md
🔇 Additional comments (3)
go.mod (3)
241-241
: Verify security package updates
Security-related packages have been updated:
golang.org/x/crypto
v0.27.0 → v0.28.0golang.org/x/oauth2
v0.21.0 → v0.23.0
Please verify if these updates address any known security vulnerabilities.
Let's check for any security advisories:
#!/bin/bash
# Check for any security advisories in the repository
gh security advisory list
# Search for any security-related imports
rg "crypto|oauth2" --type go
Also applies to: 244-244
38-39
: Verify changelog and breaking changes for major dependency updates
Several critical dependencies have been updated:
github.com/initia-labs/OPinit
v0.5.5 → v0.5.7github.com/initia-labs/initia
v0.6.0 → v0.6.1github.com/prometheus/client_golang
v1.20.4 → v1.20.5google.golang.org/grpc
v1.66.2 → v1.67.1google.golang.org/protobuf
v1.34.2 → v1.35.1
Please verify the changelogs for any breaking changes, especially for the initia-labs dependencies.
Let's check for any usage of potentially changed APIs:
#!/bin/bash
# Search for OPinit and initia package usage
rg -l "github.com/initia-labs/(OPinit|initia)" --type go
# Search for prometheus metrics
rg "prometheus\." --type go
Also applies to: 47-47, 56-57
3-5
: Verify toolchain compatibility with Go version
The module specifies Go 1.22.7 but uses toolchain go1.23.0. This combination might lead to compatibility issues since the toolchain version is higher than the Go version.
Let's check if this is a common pattern in other repositories:
@@ -12,7 +12,7 @@ jobs: | |||
- name: Set up Go | |||
uses: actions/setup-go@v4 | |||
with: | |||
go-version: "1.22.5" | |||
go-version: "1.22" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Go version mismatch across project files needs to be addressed
The verification confirms version inconsistencies:
- All workflow files use
"1.22"
which is too permissive go.mod
specifies1.22.7
README.md
requires1.22.7+
To ensure reproducible builds, update all workflow files:
.github/workflows/build-darwin-arm64.yml
: Change to"1.22.7"
.github/workflows/build-linux-amd64.yml
: Change to"1.22.7"
.github/workflows/build-darwin-amd64.yml
: Change to"1.22.7"
🔗 Analysis chain
Ensure consistent Go version across the project.
The Go version "1.22"
specified here may lead to inconsistent builds as it will use the latest patch version in the 1.22.x series. This conflicts with:
go.mod
which specifies version 1.22.7README.md
which requires 1.22.7+
- Apply this change for reproducible builds:
- go-version: "1.22"
+ go-version: "1.22.7"
- Let's verify Go versions across all workflow files:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check Go versions across workflow files
echo "Checking Go versions in workflow files..."
rg -A 1 "setup-go@v4" .github/workflows/
Length of output: 527
Script:
#!/bin/bash
# Description: Check Go versions in all workflow files
echo "Go versions in workflow files:"
rg -A 2 "setup-go@v4" .github/workflows/
# Check go.mod version
echo -e "\nGo version in go.mod:"
rg "^go " go.mod
# Check README for Go version requirement
echo -e "\nGo version in README:"
rg -i "go.*[0-9]+\.[0-9]+\.[0-9]+" README.md
Length of output: 922
@@ -30,7 +30,7 @@ jobs: | |||
- uses: actions/checkout@v4 | |||
- uses: actions/setup-go@v5 | |||
with: | |||
go-version: 1.22 | |||
go-version: 1.23 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Go version 1.23 is incorrect and inconsistent with go.mod
The go.mod file specifies Go 1.22.7, which conflicts with the Go 1.23 version specified in the workflow. Please update both occurrences in the lint.yml workflow to match the go.mod version:
- go-version: 1.23
+ go-version: 1.22.7
🔗 Analysis chain
Critical: Incorrect and inconsistent Go version specification
There are several issues with the Go version changes:
- Go 1.23 is not yet released and shouldn't be used in production workflows
- This creates inconsistency with other workflow files that use Go 1.22
- The go.mod file specifies Go 1.22.7, which conflicts with this version
Please update both occurrences to match the go.mod version:
- go-version: 1.23
+ go-version: 1.22.7
Let's verify the Go versions across the repository:
Also applies to: 75-75
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check Go version specifications across the repository
# Expected: Consistent Go version specifications
echo "Checking Go versions in workflow files:"
rg -A 1 "setup-go@v5" .github/workflows/
echo -e "\nChecking Go version in go.mod:"
rg "^go \d+\.\d+(\.\d+)?" go.mod
Length of output: 458
@@ -14,7 +14,7 @@ jobs: | |||
- name: Set up Go | |||
uses: actions/setup-go@v4 | |||
with: | |||
go-version: "1.22.5" | |||
go-version: "1.22" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Go version specification needs alignment across workflows
The verification reveals inconsistent Go version specifications across the project:
- Build workflows (darwin-arm64, darwin-amd64, linux-amd64) use
"1.22"
- Lint workflow uses
1.23
- Test workflow uses
1.22
- README.md requires
Go v1.22.7+
- go.mod specifies
go 1.22.7
Recommendations:
- Align build and test workflows to use
"1.22.7"
to match go.mod's minimum version - Document why lint workflow uses Go 1.23 or align it with other workflows
- Consider using exact versions for better build reproducibility
🔗 Analysis chain
Verify Go version consistency across the project.
The Go version specification "1.22"
differs from versions specified in other files:
- README.md requires Go v1.22.7+
- go.mod specifies Go 1.22.7
- Some workflows use Go 1.23
While using "1.22"
in workflows allows for automatic patch updates, we should ensure this aligns with the project's minimum version requirements.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check Go version specifications across the project
# Expected: Consistent version requirements or documented differences
# Check Go version in workflow files
echo "Go versions in workflow files:"
rg -A 1 "go-version:" .github/workflows/
# Check Go version in README
echo -e "\nGo version in README:"
rg "Go v\d+\.\d+\.?\d*" README.md
# Check Go version in go.mod
echo -e "\nGo version in go.mod:"
rg "^go \d+\.\d+\.?\d*" go.mod
Length of output: 1041
@@ -15,7 +15,7 @@ jobs: | |||
- name: Set up Go | |||
uses: actions/setup-go@v4 | |||
with: | |||
go-version: "1.22.5" | |||
go-version: "1.22" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Version specification should align with README requirements
The Go version is set to "1.22" which could potentially use an older patch version than the 1.22.7+ requirement mentioned in the README. This might lead to build inconsistencies.
Apply this change to ensure consistency with project requirements:
- go-version: "1.22"
+ go-version: "1.22.7"
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
go-version: "1.22" | |
go-version: "1.22.7" |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #78 +/- ##
==========================================
- Coverage 64.73% 64.56% -0.18%
==========================================
Files 39 39
Lines 3207 3217 +10
==========================================
+ Hits 2076 2077 +1
- Misses 956 965 +9
Partials 175 175
|
Description
Closes: #XXXX
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
in the type prefix if API or client breaking changeReviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
Summary by CodeRabbit
Release Notes
New Features
Bug Fixes
Documentation
Chores