forked from Finschia/finschia-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revert "chore: temporal removal of ci"
This reverts commit 630804b.
- Loading branch information
1 parent
503e004
commit 597637f
Showing
23 changed files
with
1,270 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Checks if a changelog is missing in the PR diff | ||
name: Changelog Reminder | ||
on: | ||
pull_request: | ||
types: [opened, synchronize, reopened, ready_for_review] | ||
paths: ["**/*.go"] | ||
permissions: | ||
pull-requests: write | ||
jobs: | ||
remind: | ||
name: Changelog Reminder | ||
runs-on: ubuntu-latest | ||
# Skip draft PRs and PRs starting with: revert, test, chore, ci, docs, style, build, refactor | ||
if: "!github.event.pull_request.draft && !contains(github.event.pull_request.title, 'revert') && !contains(github.event.pull_request.title, 'test') && !contains(github.event.pull_request.title, 'chore') && !contains(github.event.pull_request.title, 'ci') && !contains(github.event.pull_request.title, 'docs') && !contains(github.event.pull_request.title, 'style') && !contains(github.event.pull_request.title, 'build') && !contains(github.event.pull_request.title, 'refactor')" | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: mskelton/changelog-reminder-action@v3 | ||
with: | ||
message: "@${{ github.actor }} your pull request is missing a changelog!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
name: Remove GitHub Action Old Artifacts | ||
|
||
on: | ||
schedule: | ||
# Every day at 1am | ||
- cron: "0 1 * * *" | ||
|
||
jobs: | ||
remove-old-artifacts: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 30 | ||
|
||
steps: | ||
- name: Remove old artifacts | ||
uses: c-hive/gha-remove-artifacts@v1 | ||
with: | ||
age: "7 days" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
name: "CodeQL" | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- "**.go" | ||
push: | ||
branches: | ||
- main | ||
- release/** | ||
paths: | ||
- "**.go" | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
- uses: actions/setup-go@v4 | ||
with: | ||
go-version: "1.21" | ||
check-latest: true | ||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: "go" | ||
queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main | ||
packs: +crypto-com/cosmos-sdk-codeql | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
# queries: ./path/to/local/query, your-org/your-repo/queries@main | ||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v2 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 https://git.io/JvXDl | ||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines | ||
# and modify them (or add more) to build your code if your project | ||
# uses a compiled language | ||
|
||
#- run: | | ||
# make bootstrap | ||
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# name: "Warn about consensus code changes" | ||
|
||
# on: | ||
# pull_request_target: | ||
# types: | ||
# - opened | ||
# - edited | ||
# - synchronize | ||
|
||
# jobs: | ||
# main: | ||
# permissions: | ||
# pull-requests: write # For reading the PR and posting comment | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - uses: actions/checkout@v3 | ||
# - uses: orijtech/consensuswarn@main | ||
# with: | ||
# roots: "github.com/cosmos/cosmos-sdk/baseapp.BaseApp.PrepareProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.ProcessProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.FinalizeBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.Commit,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.VerifyVoteExtension" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
name: Dependabot Update All Go Modules | ||
on: pull_request | ||
|
||
permissions: | ||
pull-requests: write | ||
|
||
jobs: | ||
update-all: | ||
runs-on: ubuntu-latest | ||
if: ${{ github.actor == 'dependabot[bot]' }} | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
repository: ${{ github.event.pull_request.head.repo.full_name }} | ||
ref: ${{ github.event.pull_request.head.ref }} | ||
# Secret to be added in the repo under Settings > Secrets > Dependabot | ||
token: ${{ secrets.PRBOT_PAT }} | ||
- uses: actions/setup-go@v4 | ||
with: | ||
go-version: "1.21" | ||
check-latest: true | ||
- name: Extract updated dependency | ||
id: deps | ||
run: | | ||
# Extract the dependency name from the PR title | ||
# Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0" | ||
# Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0" | ||
echo "::set-output name=name::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)" | ||
echo "::set-output name=version::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 7)" | ||
- name: Update all Go modules | ||
run: | | ||
./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }} | ||
./scripts/go-mod-tidy-all.sh | ||
- name: Commit changes | ||
uses: EndBug/add-and-commit@v9 | ||
with: | ||
default_author: github_actions | ||
message: "${{ github.event.pull_request.title }} for all modules" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
name: "Dependency Review" | ||
on: | ||
pull_request: | ||
merge_group: | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
dependency-review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: "Checkout Repository" | ||
uses: actions/checkout@v3 | ||
- uses: actions/setup-go@v4 | ||
with: | ||
go-version: "1.21" | ||
check-latest: true | ||
- name: "Dependency Review" | ||
uses: actions/dependency-review-action@v3 | ||
with: | ||
base-ref: ${{ github.event.pull_request.base.sha || 'main' }} | ||
head-ref: ${{ github.event.pull_request.head.sha || github.ref }} | ||
fail-on-severity: high # otherwise we fail on ourselves due to https://github.com/advisories/GHSA-qfc5-6r3j-jj22, https://github.com/advisories/GHSA-w44m-8mv2-v78h TODO(@julienrbrt) submit a PR to the action to ignore packages | ||
- name: "Dependency audit" | ||
run: ./scripts/dep-assert.sh | ||
- name: "Go vulnerability check" | ||
run: make vulncheck |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
name: Build & Push | ||
# Build & Push builds the simapp docker image on every push to main and | ||
# and pushes the image to https://ghcr.io/cosmos/simapp | ||
on: | ||
pull_request: | ||
paths: | ||
- "Dockerfile" | ||
push: | ||
branches: | ||
- main | ||
tags: | ||
- "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10 | ||
- "v[0-9]+.[0-9]+.[0-9]+-rc*" # Push events to matching v*, i.e. v1.0-rc1, v20.15.10-rc5 | ||
workflow_dispatch: | ||
inputs: | ||
tags: | ||
description: "SDK version (e.g 0.47.1)" | ||
required: true | ||
type: string | ||
|
||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
env: | ||
# Use docker.io for Docker Hub if empty | ||
REGISTRY: ghcr.io | ||
# github.repository as <account>/<repo> | ||
IMAGE_NAME: cosmos/simapp | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Extract Docker metadata | ||
id: meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=raw,value=latest,enable={{is_default_branch}} | ||
type=semver,pattern=v{{major}}.{{minor}} | ||
type=semver,pattern={{version}},value=v${{ inputs.tags }},enable=${{ inputs.tags != '' }} | ||
flavor: | | ||
latest=false | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Log into registry ${{ env.REGISTRY }} | ||
if: ${{ github.event_name != 'pull_request' }} | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Publish to GitHub Packages | ||
uses: docker/build-push-action@v4 | ||
with: | ||
platforms: linux/amd64,linux/arm64 | ||
# push: ${{ github.event_name != 'pull_request' }} | ||
push: false | ||
tags: ${{ steps.meta.outputs.tags }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# This CI is disabled on main and meant to be enabled on forks as an easy way to cherry pick fork commits into main. | ||
# In order to submit a PR from your repo to the Cosmos SDK, a PRBOT_PAT secret (personal access token) must be available for the GitHub Action (Settings > Secrets > Actions). | ||
# The PR will be submitted from the user of the PAT. Note, the PRBOT_PAT user must have write access to the repo. | ||
name: Cherry pick PR to Cosmos SDK | ||
on: | ||
# Set to trigger on every merge to main, not just a closed PR. | ||
workflow_dispatch: | ||
pull_request_target: | ||
branches: | ||
- main | ||
types: ["closed"] | ||
|
||
jobs: | ||
cherry_pick: | ||
permissions: write-all | ||
runs-on: ubuntu-latest | ||
name: Cherry pick into main | ||
if: github.event.pull_request.merged == true | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Create PR Patch Branch | ||
shell: bash | ||
env: | ||
PR_NAME: pr-patch-${{ github.sha }} | ||
run: | | ||
git config --global user.name "${{ github.actor }}" # Config have to be set for pushing the cherry-picked changes onto fork pr-patch branch. | ||
git config --global user.email "${{ github.actor }}@users.noreply.github.com" | ||
git remote add upstream https://github.com/cosmos/cosmos-sdk.git | ||
git fetch --all # Get the latest code | ||
git checkout -b $PR_NAME upstream/main # Create new branch based on main branch | ||
git cherry-pick -X theirs ${{ github.sha }} # Cherry pick the latest commit of PR | ||
git push -u origin $PR_NAME # Push your changes to the remote branch | ||
- name: Autocreate PR | ||
shell: bash | ||
env: | ||
GH_TOKEN: ${{ secrets.PRBOT_PAT }} | ||
run: | | ||
gh pr create --repo cosmos/cosmos-sdk --base main --head "${{ github.event.repository.owner.login }}:pr-patch-${{ github.sha }}" --title "${{ github.event.pull_request.title }}" --body "Automated PR for commit: ${{ github.sha }} from ${{ github.repository }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: "Lint PR" | ||
|
||
on: | ||
pull_request_target: | ||
types: | ||
- opened | ||
- edited | ||
- synchronize | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
main: | ||
permissions: | ||
pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs | ||
statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: amannn/action-semantic-pull-request@v5.2.0 | ||
id: lint_pr_title | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- uses: marocchino/sticky-pull-request-comment@v2 | ||
# When the previous steps fails, the workflow would stop. By adding this | ||
# condition you can continue the execution with the populated error message. | ||
if: always() && (steps.lint_pr_title.outputs.error_message != null) | ||
with: | ||
header: pr-title-lint-error | ||
message: | | ||
Hey there and thank you for opening this pull request! 👋🏼 | ||
We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. | ||
Details: | ||
``` | ||
${{ steps.lint_pr_title.outputs.error_message }} | ||
``` | ||
# Delete a previous comment when the issue has been resolved | ||
- if: ${{ steps.lint_pr_title.outputs.error_message == null }} | ||
uses: marocchino/sticky-pull-request-comment@v2 | ||
with: | ||
header: pr-title-lint-error | ||
delete: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
name: Check Markdown links | ||
on: | ||
pull_request: | ||
paths: | ||
- "docs/**" | ||
jobs: | ||
markdown-link-check: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- run: cd docs && sh ./pre.sh | ||
- uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 | ||
with: | ||
folder-path: "docs" | ||
- run: cd docs && sh ./post.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# # Request review on PRs without changing our codeowners file (which is stricter than review team) | ||
# name: Request review on PRs | ||
|
||
# on: | ||
# pull_request_target: | ||
# types: | ||
# - opened | ||
# - reopened | ||
# - ready_for_review | ||
# branches: | ||
# - "main" | ||
# - "release/**" | ||
|
||
# jobs: | ||
# request: | ||
# permissions: | ||
# pull-requests: write | ||
# name: Request reviews on opened PRs | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - name: Create PR review request | ||
# if: ${{ !github.event.pull_request.draft }} | ||
# run: gh pr edit $PR_URL --add-reviewer @Finschia/sdk-core-review | ||
# env: | ||
# GH_TOKEN: ${{ secrets.PRBOT_PAT }} | ||
# PR_URL: ${{ github.event.pull_request.html_url }} |
Oops, something went wrong.