Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump deps #78

Merged
merged 4 commits into from
Nov 8, 2024
Merged

bump deps #78

merged 4 commits into from
Nov 8, 2024

Conversation

beer-1
Copy link
Contributor

@beer-1 beer-1 commented Nov 8, 2024

Description

Closes: #XXXX


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title, you can find examples of the prefixes below:
  • confirmed ! in the type prefix if API or client breaking change
  • targeted the correct branch
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • included the necessary unit and integration tests
  • updated the relevant documentation or specification, including comments for documenting Go code
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

Release Notes

  • New Features

    • Updated Go version requirements across multiple workflow configurations to enhance compatibility and utilize new features.
  • Bug Fixes

    • Corrected environment variable settings in the build workflows for improved reliability.
  • Documentation

    • Updated the README to reflect the new Go version requirement.
  • Chores

    • Updated dependencies in the project to their latest versions for better performance and security.

@beer-1 beer-1 self-assigned this Nov 8, 2024
@beer-1 beer-1 requested a review from a team as a code owner November 8, 2024 10:55
Copy link

coderabbitai bot commented Nov 8, 2024

Warning

Rate limit exceeded

@beer-1 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 21 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between a8e68b0 and 2d1ba1d.

Walkthrough

The pull request includes several updates across multiple workflow files and the go.mod file. Key changes involve updating the Go version from 1.22.5 to 1.22 in the build workflows for Darwin AMD64, ARM64, and Linux AMD64, as well as changing the Go version in the linting workflow from 1.22 to 1.23. The README.md file's Go version requirement is updated to 1.22.7, and the go.mod file reflects a version bump to 1.22.7 along with updates to various dependencies.

Changes

File Change Summary
.github/workflows/build-darwin-amd64.yml Updated go-version from 1.22.5 to 1.22, added environment variables, and modified build steps.
.github/workflows/build-darwin-arm64.yml Updated go-version from 1.22.5 to 1.22.
.github/workflows/build-linux-amd64.yml Updated go-version from 1.22.5 to 1.22.
.github/workflows/lint.yml Updated go-version from 1.22 to 1.23 for linting jobs.
README.md Updated Go version requirement from 1.22.5+ to 1.22.7+.
go.mod Updated Go version from 1.22.5 to 1.22.7, added toolchain version go1.23.0, and updated multiple dependencies.

Possibly related PRs

🐰 In the meadow, where bunnies play,
We update our Go, hip-hip-hooray!
From 1.22.5 to 1.22.7,
Our code now shines, like stars in heaven.
With dependencies fresh, we hop with glee,
A brighter future, for you and me! 🌼


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (3)
.github/workflows/build-darwin-arm64.yml (1)

17-17: Document the Go version strategy.

Consider adding a comment in the workflow file explaining the version strategy:

  • Why we use minor version ("1.22") instead of patch version
  • How this relates to the minimum version requirements
      - name: Set up Go
        uses: actions/setup-go@v4
        with:
+          # Using minor version to get security updates while staying on Go 1.22.x
          go-version: "1.22"
.github/workflows/build-darwin-amd64.yml (1)

Line range hint 52-61: Improve build step maintainability and reliability

The build and package step has several issues that could affect maintainability:

  1. Debug ls commands are present in production workflow
  2. Complex command chain with multiple directory changes
  3. Hard-to-read escaped paths

Consider refactoring to improve readability and maintainability:

       - name: Build and Package for Darwin ADM642
         run: |
-          cd ../miniwasm \
-          && make build \
-          && cd ./build \
-          && ls ~/go/pkg/mod/github.com/ \
-          && ls ~/go/pkg/mod/github.com/\!cosm\!wasm/ \
-          && cp ~/go/pkg/mod/github.com/\!cosm\!wasm/wasmvm/v2@${WASMVM_VERSION}/internal/api/libwasmvm.dylib ./ \
-          && tar -czvf miniwasm_"$VERSION"_Darwin_"$ARCH_NAME".tar.gz ./minitiad libwasmvm.dylib \
-          && mv ./miniwasm_"$VERSION"_Darwin_"$ARCH_NAME".tar.gz $GITHUB_WORKSPACE/ \
-          && rm -rf ./libwasmvm.dylib ./minitiad
+          WASMVM_PATH="$HOME/go/pkg/mod/github.com/CosmWasm/wasmvm/v2@${WASMVM_VERSION}"
+          BUILD_DIR="../miniwasm/build"
+          
+          # Build the application
+          cd ../miniwasm
+          make build
+          
+          # Package the artifacts
+          cd ./build
+          cp "${WASMVM_PATH}/internal/api/libwasmvm.dylib" ./
+          tar -czvf "miniwasm_${VERSION}_Darwin_${ARCH_NAME}.tar.gz" ./minitiad libwasmvm.dylib
+          mv "miniwasm_${VERSION}_Darwin_${ARCH_NAME}.tar.gz" "$GITHUB_WORKSPACE/"
+          
+          # Cleanup
+          rm -rf ./libwasmvm.dylib ./minitiad
🧰 Tools
🪛 actionlint

21-21: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)


21-21: shellcheck reported issue in this script: SC2086:info:2:58: Double quote to prevent globbing and word splitting

(shellcheck)


21-21: shellcheck reported issue in this script: SC2086:info:3:24: Double quote to prevent globbing and word splitting

(shellcheck)


21-21: shellcheck reported issue in this script: SC2086:info:4:23: Double quote to prevent globbing and word splitting

(shellcheck)


21-21: shellcheck reported issue in this script: SC2193:warning:5:27: The arguments to this comparison can never be equal. Make sure your syntax is correct

(shellcheck)


21-21: shellcheck reported issue in this script: SC2086:info:10:30: Double quote to prevent globbing and word splitting

(shellcheck)


21-21: shellcheck reported issue in this script: SC2086:info:11:28: Double quote to prevent globbing and word splitting

(shellcheck)


21-21: shellcheck reported issue in this script: SC2086:info:13:44: Double quote to prevent globbing and word splitting

(shellcheck)

go.mod (1)

Line range hint 286-294: Consider tracking temporary replace directives

Several replace directives are using custom forks or specific commits:

  • github.com/cometbft/cometbft → custom fork with specific commit
  • github.com/cosmos/ibc-go/v8 → custom fork
  • github.com/strangelove-ventures/cometbft-client → temporary until PR is merged
  • google.golang.org/grpc → pinned version due to cosmos/relayer issue

Consider:

  1. Adding a tracking issue for removing temporary replacements once upstream PRs are merged
  2. Documenting the rationale for each custom fork in the codebase
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0a5241e and a8e68b0.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (6)
  • .github/workflows/build-darwin-amd64.yml (1 hunks)
  • .github/workflows/build-darwin-arm64.yml (1 hunks)
  • .github/workflows/build-linux-amd64.yml (1 hunks)
  • .github/workflows/lint.yml (2 hunks)
  • README.md (1 hunks)
  • go.mod (12 hunks)
✅ Files skipped from review due to trivial changes (1)
  • README.md
🔇 Additional comments (3)
go.mod (3)

241-241: Verify security package updates

Security-related packages have been updated:

  • golang.org/x/crypto v0.27.0 → v0.28.0
  • golang.org/x/oauth2 v0.21.0 → v0.23.0

Please verify if these updates address any known security vulnerabilities.

Let's check for any security advisories:

#!/bin/bash
# Check for any security advisories in the repository
gh security advisory list

# Search for any security-related imports
rg "crypto|oauth2" --type go

Also applies to: 244-244


38-39: Verify changelog and breaking changes for major dependency updates

Several critical dependencies have been updated:

  • github.com/initia-labs/OPinit v0.5.5 → v0.5.7
  • github.com/initia-labs/initia v0.6.0 → v0.6.1
  • github.com/prometheus/client_golang v1.20.4 → v1.20.5
  • google.golang.org/grpc v1.66.2 → v1.67.1
  • google.golang.org/protobuf v1.34.2 → v1.35.1

Please verify the changelogs for any breaking changes, especially for the initia-labs dependencies.

Let's check for any usage of potentially changed APIs:

#!/bin/bash
# Search for OPinit and initia package usage
rg -l "github.com/initia-labs/(OPinit|initia)" --type go

# Search for prometheus metrics
rg "prometheus\." --type go

Also applies to: 47-47, 56-57


3-5: Verify toolchain compatibility with Go version

The module specifies Go 1.22.7 but uses toolchain go1.23.0. This combination might lead to compatibility issues since the toolchain version is higher than the Go version.

Let's check if this is a common pattern in other repositories:

@@ -12,7 +12,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.22.5"
go-version: "1.22"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Potential issue

Go version mismatch across project files needs to be addressed

The verification confirms version inconsistencies:

  • All workflow files use "1.22" which is too permissive
  • go.mod specifies 1.22.7
  • README.md requires 1.22.7+

To ensure reproducible builds, update all workflow files:

  • .github/workflows/build-darwin-arm64.yml: Change to "1.22.7"
  • .github/workflows/build-linux-amd64.yml: Change to "1.22.7"
  • .github/workflows/build-darwin-amd64.yml: Change to "1.22.7"
🔗 Analysis chain

Ensure consistent Go version across the project.

The Go version "1.22" specified here may lead to inconsistent builds as it will use the latest patch version in the 1.22.x series. This conflicts with:

  • go.mod which specifies version 1.22.7
  • README.md which requires 1.22.7+
  1. Apply this change for reproducible builds:
-          go-version: "1.22"
+          go-version: "1.22.7"
  1. Let's verify Go versions across all workflow files:
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Go versions across workflow files
echo "Checking Go versions in workflow files..."
rg -A 1 "setup-go@v4" .github/workflows/

Length of output: 527


Script:

#!/bin/bash
# Description: Check Go versions in all workflow files
echo "Go versions in workflow files:"
rg -A 2 "setup-go@v4" .github/workflows/

# Check go.mod version
echo -e "\nGo version in go.mod:"
rg "^go " go.mod

# Check README for Go version requirement
echo -e "\nGo version in README:"
rg -i "go.*[0-9]+\.[0-9]+\.[0-9]+" README.md

Length of output: 922

@@ -30,7 +30,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 1.22
go-version: 1.23
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Potential issue

Go version 1.23 is incorrect and inconsistent with go.mod

The go.mod file specifies Go 1.22.7, which conflicts with the Go 1.23 version specified in the workflow. Please update both occurrences in the lint.yml workflow to match the go.mod version:

-          go-version: 1.23
+          go-version: 1.22.7
🔗 Analysis chain

Critical: Incorrect and inconsistent Go version specification

There are several issues with the Go version changes:

  1. Go 1.23 is not yet released and shouldn't be used in production workflows
  2. This creates inconsistency with other workflow files that use Go 1.22
  3. The go.mod file specifies Go 1.22.7, which conflicts with this version

Please update both occurrences to match the go.mod version:

-          go-version: 1.23
+          go-version: 1.22.7

Let's verify the Go versions across the repository:

Also applies to: 75-75

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Go version specifications across the repository
# Expected: Consistent Go version specifications

echo "Checking Go versions in workflow files:"
rg -A 1 "setup-go@v5" .github/workflows/

echo -e "\nChecking Go version in go.mod:"
rg "^go \d+\.\d+(\.\d+)?" go.mod

Length of output: 458

@@ -14,7 +14,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.22.5"
go-version: "1.22"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Go version specification needs alignment across workflows

The verification reveals inconsistent Go version specifications across the project:

  • Build workflows (darwin-arm64, darwin-amd64, linux-amd64) use "1.22"
  • Lint workflow uses 1.23
  • Test workflow uses 1.22
  • README.md requires Go v1.22.7+
  • go.mod specifies go 1.22.7

Recommendations:

  • Align build and test workflows to use "1.22.7" to match go.mod's minimum version
  • Document why lint workflow uses Go 1.23 or align it with other workflows
  • Consider using exact versions for better build reproducibility
🔗 Analysis chain

Verify Go version consistency across the project.

The Go version specification "1.22" differs from versions specified in other files:

  • README.md requires Go v1.22.7+
  • go.mod specifies Go 1.22.7
  • Some workflows use Go 1.23

While using "1.22" in workflows allows for automatic patch updates, we should ensure this aligns with the project's minimum version requirements.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Go version specifications across the project
# Expected: Consistent version requirements or documented differences

# Check Go version in workflow files
echo "Go versions in workflow files:"
rg -A 1 "go-version:" .github/workflows/

# Check Go version in README
echo -e "\nGo version in README:"
rg "Go v\d+\.\d+\.?\d*" README.md

# Check Go version in go.mod
echo -e "\nGo version in go.mod:"
rg "^go \d+\.\d+\.?\d*" go.mod

Length of output: 1041

@@ -15,7 +15,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.22.5"
go-version: "1.22"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Version specification should align with README requirements

The Go version is set to "1.22" which could potentially use an older patch version than the 1.22.7+ requirement mentioned in the README. This might lead to build inconsistencies.

Apply this change to ensure consistency with project requirements:

-          go-version: "1.22"
+          go-version: "1.22.7"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
go-version: "1.22"
go-version: "1.22.7"

@beer-1 beer-1 merged commit dbee224 into main Nov 8, 2024
7 checks passed
@beer-1 beer-1 deleted the bump/deps branch November 8, 2024 11:19
Copy link

codecov bot commented Nov 8, 2024

Codecov Report

Attention: Patch coverage is 14.28571% with 12 lines in your changes missing coverage. Please review.

Project coverage is 64.56%. Comparing base (0a5241e) to head (2d1ba1d).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
app/upgrade.go 14.28% 11 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main      #78      +/-   ##
==========================================
- Coverage   64.73%   64.56%   -0.18%     
==========================================
  Files          39       39              
  Lines        3207     3217      +10     
==========================================
+ Hits         2076     2077       +1     
- Misses        956      965       +9     
  Partials      175      175              
Files with missing lines Coverage Δ
app/upgrade.go 20.00% <14.28%> (-20.00%) ⬇️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant