Revert "chore: temporal removal of ci"

This reverts commit 630804b.

.github/workflows/changelog-reminder.yml

@@ -0,0 +1,19 @@
+# Checks if a changelog is missing in the PR diff
+name: Changelog Reminder
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths: ["**/*.go"]
+permissions:
+  pull-requests: write
+jobs:
+  remind:
+    name: Changelog Reminder
+    runs-on: ubuntu-latest
+    # Skip draft PRs and PRs starting with: revert, test, chore, ci, docs, style, build, refactor
+    if: "!github.event.pull_request.draft && !contains(github.event.pull_request.title, 'revert') && !contains(github.event.pull_request.title, 'test') && !contains(github.event.pull_request.title, 'chore') && !contains(github.event.pull_request.title, 'ci') && !contains(github.event.pull_request.title, 'docs') && !contains(github.event.pull_request.title, 'style') && !contains(github.event.pull_request.title, 'build') && !contains(github.event.pull_request.title, 'refactor')"
+    steps:
+      - uses: actions/checkout@v3
+      - uses: mskelton/changelog-reminder-action@v3
+        with:
+          message: "@${{ github.actor }} your pull request is missing a changelog!"

.github/workflows/clean-action-artifacts.yml

@@ -0,0 +1,17 @@
+name: Remove GitHub Action Old Artifacts
+
+on:
+  schedule:
+    # Every day at 1am
+    - cron: "0 1 * * *"
+
+jobs:
+  remove-old-artifacts:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+      - name: Remove old artifacts
+        uses: c-hive/gha-remove-artifacts@v1
+        with:
+          age: "7 days"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,59 @@
+name: "CodeQL"
+
+on:
+  pull_request:
+    paths:
+      - "**.go"
+  push:
+    branches:
+      - main
+      - release/**
+    paths:
+      - "**.go"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          check-latest: true
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: "go"
+          queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main
+          packs: +crypto-com/cosmos-sdk-codeql
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/consensuswarn.yml

@@ -0,0 +1,19 @@
+# name: "Warn about consensus code changes"
+
+# on:
+#   pull_request_target:
+#     types:
+#       - opened
+#       - edited
+#       - synchronize
+
+# jobs:
+#   main:
+#     permissions:
+#       pull-requests: write # For reading the PR and posting comment
+#     runs-on: ubuntu-latest
+#     steps:
+#       - uses: actions/checkout@v3
+#       - uses: orijtech/consensuswarn@main
+#         with:
+#           roots: "github.com/cosmos/cosmos-sdk/baseapp.BaseApp.PrepareProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.ProcessProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.FinalizeBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.Commit,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.VerifyVoteExtension"

.github/workflows/dependabot-update-all.yml

@@ -0,0 +1,38 @@
+name: Dependabot Update All Go Modules
+on: pull_request
+
+permissions:
+  pull-requests: write
+
+jobs:
+  update-all:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+          # Secret to be added in the repo under Settings > Secrets > Dependabot
+          token: ${{ secrets.PRBOT_PAT }}
+      - uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - name: Extract updated dependency
+        id: deps
+        run: |
+          # Extract the dependency name from the PR title
+          # Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0"
+          # Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0"
+          echo "::set-output name=name::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)"
+          echo "::set-output name=version::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 7)"
+      - name: Update all Go modules
+        run: |
+          ./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }}
+          ./scripts/go-mod-tidy-all.sh
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          default_author: github_actions
+          message: "${{ github.event.pull_request.title }} for all modules"

.github/workflows/dependencies-review.yml

@@ -0,0 +1,28 @@
+name: "Dependency Review"
+on:
+  pull_request:
+  merge_group:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v3
+        with:
+          base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
+          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
+          fail-on-severity: high # otherwise we fail on ourselves due to https://github.com/advisories/GHSA-qfc5-6r3j-jj22, https://github.com/advisories/GHSA-w44m-8mv2-v78h TODO(@julienrbrt) submit a PR to the action to ignore packages
+      - name: "Dependency audit"
+        run: ./scripts/dep-assert.sh
+      - name: "Go vulnerability check"
+        run: make vulncheck

.github/workflows/docker.yml

@@ -0,0 +1,70 @@
+name: Build & Push
+# Build & Push builds the simapp docker image on every push to main and
+# and pushes the image to https://ghcr.io/cosmos/simapp
+on:
+  pull_request:
+    paths:
+      - "Dockerfile"
+  push:
+    branches:
+      - main
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10
+      - "v[0-9]+.[0-9]+.[0-9]+-rc*" # Push events to matching v*, i.e. v1.0-rc1, v20.15.10-rc5
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: "SDK version (e.g 0.47.1)"
+        required: true
+        type: string
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: cosmos/simapp
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern={{version}},value=v${{ inputs.tags }},enable=${{ inputs.tags != '' }}
+          flavor: |
+            latest=false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish to GitHub Packages
+        uses: docker/build-push-action@v4
+        with:
+          platforms: linux/amd64,linux/arm64
+          # push: ${{ github.event_name != 'pull_request' }}
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/fork-cherry-pick.yml

@@ -0,0 +1,39 @@
+# This CI is disabled on main and meant to be enabled on forks as an easy way to cherry pick fork commits into main.
+# In order to submit a PR from your repo to the Cosmos SDK, a PRBOT_PAT secret (personal access token) must be available for the GitHub Action (Settings > Secrets > Actions).
+# The PR will be submitted from the user of the PAT. Note, the PRBOT_PAT user must have write access to the repo.
+name: Cherry pick PR to Cosmos SDK
+on:
+  # Set to trigger on every merge to main, not just a closed PR.
+  workflow_dispatch:
+  pull_request_target:
+    branches:
+      - main
+    types: ["closed"]
+
+jobs:
+  cherry_pick:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    name: Cherry pick into main
+    if: github.event.pull_request.merged == true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Create PR Patch Branch
+        shell: bash
+        env:
+          PR_NAME: pr-patch-${{ github.sha }}
+        run: |
+          git config --global user.name "${{ github.actor }}" # Config have to be set for pushing the cherry-picked changes onto fork pr-patch branch.
+          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+          git remote add upstream https://github.com/cosmos/cosmos-sdk.git
+          git fetch --all  # Get the latest code
+          git checkout -b $PR_NAME upstream/main    # Create new branch based on main branch
+          git cherry-pick -X theirs ${{ github.sha }} # Cherry pick the latest commit of PR
+          git push -u origin $PR_NAME # Push your changes to the remote branch
+      - name: Autocreate PR
+        shell: bash
+        env:
+          GH_TOKEN: ${{ secrets.PRBOT_PAT }}
+        run: |
+          gh pr create --repo cosmos/cosmos-sdk --base main --head "${{ github.event.repository.owner.login }}:pr-patch-${{ github.sha }}" --title "${{ github.event.pull_request.title }}" --body "Automated PR for commit: ${{ github.sha }} from ${{ github.repository }}"

.github/workflows/lint-pr.yml

@@ -0,0 +1,47 @@
+name: "Lint PR"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  contents: read
+
+jobs:
+  main:
+    permissions:
+      pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5.2.0
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true

.github/workflows/md-link-checker.yml

@@ -0,0 +1,15 @@
+name: Check Markdown links
+on: 
+  pull_request:
+    paths:
+      - "docs/**"
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: cd docs && sh ./pre.sh
+      - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15
+        with:
+          folder-path: "docs"
+      - run: cd docs && sh ./post.sh

.github/workflows/pr-reviews.yml

@@ -0,0 +1,26 @@
+# # Request review on PRs without changing our codeowners file (which is stricter than review team)
+# name: Request review on PRs
+
+# on:
+#   pull_request_target:
+#     types:
+#       - opened
+#       - reopened
+#       - ready_for_review
+#     branches:
+#       - "main"
+#       - "release/**"
+
+# jobs:
+#   request:
+#     permissions:
+#       pull-requests: write
+#     name: Request reviews on opened PRs
+#     runs-on: ubuntu-latest
+#     steps:
+#       - name: Create PR review request
+#         if: ${{ !github.event.pull_request.draft }}
+#         run: gh pr edit $PR_URL --add-reviewer @Finschia/sdk-core-review
+#         env:
+#           GH_TOKEN: ${{ secrets.PRBOT_PAT }}
+#           PR_URL: ${{ github.event.pull_request.html_url }}