diff --git a/.github/workflows/changelog-reminder.yml b/.github/workflows/changelog-reminder.yml new file mode 100644 index 0000000000..8e04a4a2a0 --- /dev/null +++ b/.github/workflows/changelog-reminder.yml @@ -0,0 +1,19 @@ +# Checks if a changelog is missing in the PR diff +name: Changelog Reminder +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + paths: ["**/*.go"] +permissions: + pull-requests: write +jobs: + remind: + name: Changelog Reminder + runs-on: ubuntu-latest + # Skip draft PRs and PRs starting with: revert, test, chore, ci, docs, style, build, refactor + if: "!github.event.pull_request.draft && !contains(github.event.pull_request.title, 'revert') && !contains(github.event.pull_request.title, 'test') && !contains(github.event.pull_request.title, 'chore') && !contains(github.event.pull_request.title, 'ci') && !contains(github.event.pull_request.title, 'docs') && !contains(github.event.pull_request.title, 'style') && !contains(github.event.pull_request.title, 'build') && !contains(github.event.pull_request.title, 'refactor')" + steps: + - uses: actions/checkout@v3 + - uses: mskelton/changelog-reminder-action@v3 + with: + message: "@${{ github.actor }} your pull request is missing a changelog!" diff --git a/.github/workflows/clean-action-artifacts.yml b/.github/workflows/clean-action-artifacts.yml new file mode 100644 index 0000000000..b84b15d4bb --- /dev/null +++ b/.github/workflows/clean-action-artifacts.yml @@ -0,0 +1,17 @@ +name: Remove GitHub Action Old Artifacts + +on: + schedule: + # Every day at 1am + - cron: "0 1 * * *" + +jobs: + remove-old-artifacts: + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - name: Remove old artifacts + uses: c-hive/gha-remove-artifacts@v1 + with: + age: "7 days" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000000..109423d8cf --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,59 @@ +name: "CodeQL" + +on: + pull_request: + paths: + - "**.go" + push: + branches: + - main + - release/** + paths: + - "**.go" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: "1.21" + check-latest: true + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: "go" + queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main + packs: +crypto-com/cosmos-sdk-codeql + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/consensuswarn.yml b/.github/workflows/consensuswarn.yml new file mode 100644 index 0000000000..924e10f2bd --- /dev/null +++ b/.github/workflows/consensuswarn.yml @@ -0,0 +1,19 @@ +# name: "Warn about consensus code changes" + +# on: +# pull_request_target: +# types: +# - opened +# - edited +# - synchronize + +# jobs: +# main: +# permissions: +# pull-requests: write # For reading the PR and posting comment +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v3 +# - uses: orijtech/consensuswarn@main +# with: +# roots: "github.com/cosmos/cosmos-sdk/baseapp.BaseApp.PrepareProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.ProcessProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.FinalizeBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.Commit,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.VerifyVoteExtension" diff --git a/.github/workflows/dependabot-update-all.yml b/.github/workflows/dependabot-update-all.yml new file mode 100644 index 0000000000..1dc5ddc7cc --- /dev/null +++ b/.github/workflows/dependabot-update-all.yml @@ -0,0 +1,38 @@ +name: Dependabot Update All Go Modules +on: pull_request + +permissions: + pull-requests: write + +jobs: + update-all: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + ref: ${{ github.event.pull_request.head.ref }} + # Secret to be added in the repo under Settings > Secrets > Dependabot + token: ${{ secrets.PRBOT_PAT }} + - uses: actions/setup-go@v4 + with: + go-version: "1.21" + check-latest: true + - name: Extract updated dependency + id: deps + run: | + # Extract the dependency name from the PR title + # Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0" + # Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0" + echo "::set-output name=name::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)" + echo "::set-output name=version::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 7)" + - name: Update all Go modules + run: | + ./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }} + ./scripts/go-mod-tidy-all.sh + - name: Commit changes + uses: EndBug/add-and-commit@v9 + with: + default_author: github_actions + message: "${{ github.event.pull_request.title }} for all modules" diff --git a/.github/workflows/dependencies-review.yml b/.github/workflows/dependencies-review.yml new file mode 100644 index 0000000000..5e834f7e17 --- /dev/null +++ b/.github/workflows/dependencies-review.yml @@ -0,0 +1,28 @@ +name: "Dependency Review" +on: + pull_request: + merge_group: + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: "Checkout Repository" + uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: "1.21" + check-latest: true + - name: "Dependency Review" + uses: actions/dependency-review-action@v3 + with: + base-ref: ${{ github.event.pull_request.base.sha || 'main' }} + head-ref: ${{ github.event.pull_request.head.sha || github.ref }} + fail-on-severity: high # otherwise we fail on ourselves due to https://github.com/advisories/GHSA-qfc5-6r3j-jj22, https://github.com/advisories/GHSA-w44m-8mv2-v78h TODO(@julienrbrt) submit a PR to the action to ignore packages + - name: "Dependency audit" + run: ./scripts/dep-assert.sh + - name: "Go vulnerability check" + run: make vulncheck diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000000..c7ff012b24 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,70 @@ +name: Build & Push +# Build & Push builds the simapp docker image on every push to main and +# and pushes the image to https://ghcr.io/cosmos/simapp +on: + pull_request: + paths: + - "Dockerfile" + push: + branches: + - main + tags: + - "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10 + - "v[0-9]+.[0-9]+.[0-9]+-rc*" # Push events to matching v*, i.e. v1.0-rc1, v20.15.10-rc5 + workflow_dispatch: + inputs: + tags: + description: "SDK version (e.g 0.47.1)" + required: true + type: string + +permissions: + contents: read + packages: write + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: cosmos/simapp + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern={{version}},value=v${{ inputs.tags }},enable=${{ inputs.tags != '' }} + flavor: | + latest=false + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log into registry ${{ env.REGISTRY }} + if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish to GitHub Packages + uses: docker/build-push-action@v4 + with: + platforms: linux/amd64,linux/arm64 + # push: ${{ github.event_name != 'pull_request' }} + push: false + tags: ${{ steps.meta.outputs.tags }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/fork-cherry-pick.yml b/.github/workflows/fork-cherry-pick.yml new file mode 100644 index 0000000000..f89b21b18d --- /dev/null +++ b/.github/workflows/fork-cherry-pick.yml @@ -0,0 +1,39 @@ +# This CI is disabled on main and meant to be enabled on forks as an easy way to cherry pick fork commits into main. +# In order to submit a PR from your repo to the Cosmos SDK, a PRBOT_PAT secret (personal access token) must be available for the GitHub Action (Settings > Secrets > Actions). +# The PR will be submitted from the user of the PAT. Note, the PRBOT_PAT user must have write access to the repo. +name: Cherry pick PR to Cosmos SDK +on: + # Set to trigger on every merge to main, not just a closed PR. + workflow_dispatch: + pull_request_target: + branches: + - main + types: ["closed"] + +jobs: + cherry_pick: + permissions: write-all + runs-on: ubuntu-latest + name: Cherry pick into main + if: github.event.pull_request.merged == true + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Create PR Patch Branch + shell: bash + env: + PR_NAME: pr-patch-${{ github.sha }} + run: | + git config --global user.name "${{ github.actor }}" # Config have to be set for pushing the cherry-picked changes onto fork pr-patch branch. + git config --global user.email "${{ github.actor }}@users.noreply.github.com" + git remote add upstream https://github.com/cosmos/cosmos-sdk.git + git fetch --all # Get the latest code + git checkout -b $PR_NAME upstream/main # Create new branch based on main branch + git cherry-pick -X theirs ${{ github.sha }} # Cherry pick the latest commit of PR + git push -u origin $PR_NAME # Push your changes to the remote branch + - name: Autocreate PR + shell: bash + env: + GH_TOKEN: ${{ secrets.PRBOT_PAT }} + run: | + gh pr create --repo cosmos/cosmos-sdk --base main --head "${{ github.event.repository.owner.login }}:pr-patch-${{ github.sha }}" --title "${{ github.event.pull_request.title }}" --body "Automated PR for commit: ${{ github.sha }} from ${{ github.repository }}" diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml new file mode 100644 index 0000000000..7fc1f5ae94 --- /dev/null +++ b/.github/workflows/lint-pr.yml @@ -0,0 +1,47 @@ +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5.2.0 + id: lint_pr_title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: marocchino/sticky-pull-request-comment@v2 + # When the previous steps fails, the workflow would stop. By adding this + # condition you can continue the execution with the populated error message. + if: always() && (steps.lint_pr_title.outputs.error_message != null) + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋đŸŧ + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + Details: + + ``` + ${{ steps.lint_pr_title.outputs.error_message }} + ``` + + # Delete a previous comment when the issue has been resolved + - if: ${{ steps.lint_pr_title.outputs.error_message == null }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/md-link-checker.yml b/.github/workflows/md-link-checker.yml new file mode 100644 index 0000000000..38560ea8c8 --- /dev/null +++ b/.github/workflows/md-link-checker.yml @@ -0,0 +1,15 @@ +name: Check Markdown links +on: + pull_request: + paths: + - "docs/**" +jobs: + markdown-link-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: cd docs && sh ./pre.sh + - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 + with: + folder-path: "docs" + - run: cd docs && sh ./post.sh diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml new file mode 100644 index 0000000000..18dcfdb175 --- /dev/null +++ b/.github/workflows/pr-reviews.yml @@ -0,0 +1,26 @@ +# # Request review on PRs without changing our codeowners file (which is stricter than review team) +# name: Request review on PRs + +# on: +# pull_request_target: +# types: +# - opened +# - reopened +# - ready_for_review +# branches: +# - "main" +# - "release/**" + +# jobs: +# request: +# permissions: +# pull-requests: write +# name: Request reviews on opened PRs +# runs-on: ubuntu-latest +# steps: +# - name: Create PR review request +# if: ${{ !github.event.pull_request.draft }} +# run: gh pr edit $PR_URL --add-reviewer @Finschia/sdk-core-review +# env: +# GH_TOKEN: ${{ secrets.PRBOT_PAT }} +# PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/pr_labeler.yml b/.github/workflows/pr_labeler.yml new file mode 100644 index 0000000000..292508d34c --- /dev/null +++ b/.github/workflows/pr_labeler.yml @@ -0,0 +1,18 @@ +name: "Pull Request Labeler" +on: + - pull_request_target + +permissions: + contents: read + +jobs: + labeler: + permissions: + contents: read # for actions/labeler to determine modified files + pull-requests: write # for actions/labeler to add labels to PRs + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v4 + with: + configuration-path: .github/pr_labeler.yml + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/proto-docker.yml b/.github/workflows/proto-docker.yml new file mode 100644 index 0000000000..15d5c67f46 --- /dev/null +++ b/.github/workflows/proto-docker.yml @@ -0,0 +1,68 @@ +name: Build & Push SDK Proto Builder +on: + push: + branches: + - main + paths: + - "contrib/devtools/Dockerfile" + workflow_dispatch: + inputs: + tags: + description: "Docker image tags" + required: true + type: string + pull_request: + paths: + - "contrib/devtools/Dockerfile" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: cosmos/proto-builder + +# Allow one concurrent deployment +concurrency: + group: "proto-docker" + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + # set VERSION to new version when making changes, when merged to main the image will automatically be pushed + - uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # modify value when deploying a new version + tags: | + type=semver,pattern={{version}},value=${{ inputs.tags }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + if: ${{ github.event_name != 'pull_request' }} + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish to GHCR + uses: docker/build-push-action@v4 + with: + context: ./contrib/devtools + platforms: linux/amd64,linux/arm64 + # push: ${{ github.event_name != 'pull_request' }} + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/proto-registry.yml b/.github/workflows/proto-registry.yml new file mode 100644 index 0000000000..86471ae93f --- /dev/null +++ b/.github/workflows/proto-registry.yml @@ -0,0 +1,20 @@ +# name: Buf-Push +# # Protobuf runs buf (https://buf.build/) push updated proto files to https://buf.build/Finschia/finschia-sdk +# # This workflow is only run when a .proto file has been changed +# on: +# push: +# branches: +# - main +# paths: +# - "proto/**" + +# jobs: +# push: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v3 +# - uses: bufbuild/buf-setup-action@v1.21.0 +# - uses: bufbuild/buf-push-action@v1 +# with: +# input: "proto" +# buf_token: ${{ secrets.BUF_TOKEN }} diff --git a/.github/workflows/proto.yml b/.github/workflows/proto.yml new file mode 100644 index 0000000000..1c997e8a65 --- /dev/null +++ b/.github/workflows/proto.yml @@ -0,0 +1,31 @@ +name: Protobuf +# Protobuf runs buf (https://buf.build/) lint and check-breakage +# This workflow is only run when a .proto file has been changed +on: + pull_request: + paths: + - "proto/**" + +permissions: + contents: read + +jobs: + lint: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v3 + - uses: bufbuild/buf-setup-action@v1.21.0 + - uses: bufbuild/buf-lint-action@v1 + with: + input: "proto" + + break-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: bufbuild/buf-setup-action@v1.21.0 + - uses: bufbuild/buf-breaking-action@v1 + with: + input: "proto" + against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..3c8d06fc0e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,51 @@ +# name: Release +# # This workflow helps with creating releases. +# # This job will only be triggered when a tag (vX.X.x) is pushed +# on: +# push: +# # Sequence of patterns matched against refs/tags +# # tags: +# # - "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10 + +# permissions: +# contents: read + +# jobs: +# release: +# permissions: +# contents: write # for goreleaser/goreleaser-action to create a GitHub release +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v4 +# - name: Install Go +# uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - name: Unshallow +# run: git fetch --prune --unshallow +# - name: Create release +# uses: goreleaser/goreleaser-action@v3 +# with: +# args: release --rm-dist --release-notes ./RELEASE_NOTES.md +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +# release-success: +# needs: release +# if: ${{ success() }} +# runs-on: ubuntu-latest +# steps: +# - name: Notify Slack on success +# uses: rtCamp/action-slack-notify@v2.2.1 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: cosmos-tech +# SLACK_USERNAME: Cosmos SDK Release Bot +# SLACK_ICON: https://avatars.githubusercontent.com/t/5997665?size=64 +# SLACK_COLOR: good +# SLACK_TITLE: "Cosmos SDK ${{ github.ref_name }} is tagged :tada:" +# SLACK_MESSAGE: "@channel :point_right: https://github.com/cosmos/cosmos-sdk/releases/tag/${{ github.ref_name }}" +# SLACK_FOOTER: "" +# SLACK_LINK_NAMES: true +# MSG_MINIMAL: true diff --git a/.github/workflows/sims-045.yml b/.github/workflows/sims-045.yml new file mode 100644 index 0000000000..08243a675a --- /dev/null +++ b/.github/workflows/sims-045.yml @@ -0,0 +1,145 @@ +# name: Sims release/0.45.x +# # Sims workflow runs multiple types of simulations (nondeterminism, import-export, after-import, multi-seed-short) +# # This workflow will run on all Pull Requests, if a .go, .mod or .sum file have been changed +# on: +# schedule: +# - cron: "0 0,12 * * *" +# release: +# types: [published] + +# concurrency: +# group: ci-${{ github.ref }}-sims-045 +# cancel-in-progress: true + +# jobs: +# build: +# runs-on: ubuntu-latest +# if: "!contains(github.event.head_commit.message, 'skip-sims')" +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.45.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - run: make build + +# install-runsim: +# permissions: +# contents: none +# runs-on: ubuntu-latest +# needs: build +# steps: +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - name: Install runsim +# run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0 +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary + +# test-sim-import-export: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.45.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-import-export +# run: | +# make test-sim-import-export + +# test-sim-after-import: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.45.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-after-import +# run: | +# make test-sim-after-import + +# test-sim-multi-seed-short: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# timeout-minutes: 60 +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.45.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-multi-seed-short +# run: | +# make test-sim-multi-seed-short + +# sims-notify-success: +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ success() }} +# steps: +# - uses: actions/checkout@v3 +# - name: Get previous workflow status +# uses: ./.github/actions/last-workflow-status +# id: last_status +# with: +# github_token: ${{ secrets.GITHUB_TOKEN }} + +# - name: Notify Slack on success +# if: ${{ steps.last_status.outputs.last_status == 'failure' }} +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests release/0.45.x +# SLACK_ICON_EMOJI: ":white_check_mark:" +# SLACK_COLOR: good +# SLACK_MESSAGE: 0.45.x Sims are passing +# SLACK_FOOTER: "" + +# sims-notify-failure: +# permissions: +# contents: none +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ failure() }} +# steps: +# - name: Notify Slack on failure +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests release/0.45.x +# SLACK_ICON_EMOJI: ":skull:" +# SLACK_COLOR: danger +# SLACK_MESSAGE: 0.45.x Sims are failing +# SLACK_FOOTER: "" diff --git a/.github/workflows/sims-046.yml b/.github/workflows/sims-046.yml new file mode 100644 index 0000000000..1e4de8ba1e --- /dev/null +++ b/.github/workflows/sims-046.yml @@ -0,0 +1,145 @@ +# name: Sims release/0.46.x +# # Sims workflow runs multiple types of simulations (nondeterminism, import-export, after-import, multi-seed-short) +# # This workflow will run on all Pull Requests, if a .go, .mod or .sum file have been changed +# on: +# schedule: +# - cron: "0 0,12 * * *" +# release: +# types: [published] + +# concurrency: +# group: ci-${{ github.ref }}-sims-046 +# cancel-in-progress: true + +# jobs: +# build: +# runs-on: ubuntu-latest +# if: "!contains(github.event.head_commit.message, 'skip-sims')" +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.46.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - run: make build + +# install-runsim: +# permissions: +# contents: none +# runs-on: ubuntu-latest +# needs: build +# steps: +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - name: Install runsim +# run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0 +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary + +# test-sim-import-export: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# timeout-minutes: 60 +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.46.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-import-export +# run: | +# make test-sim-import-export + +# test-sim-after-import: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.46.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-after-import +# run: | +# make test-sim-after-import + +# test-sim-multi-seed-short: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.46.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-multi-seed-short +# run: | +# make test-sim-multi-seed-short + +# sims-notify-success: +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ success() }} +# steps: +# - uses: actions/checkout@v3 +# - name: Get previous workflow status +# uses: ./.github/actions/last-workflow-status +# id: last_status +# with: +# github_token: ${{ secrets.GITHUB_TOKEN }} + +# - name: Notify Slack on success +# if: ${{ steps.last_status.outputs.last_status == 'failure' }} +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests release/0.46.x +# SLACK_ICON_EMOJI: ":white_check_mark:" +# SLACK_COLOR: good +# SLACK_MESSAGE: 0.46.x Sims are passing +# SLACK_FOOTER: "" + +# sims-notify-failure: +# permissions: +# contents: none +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ failure() }} +# steps: +# - name: Notify Slack on failure +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests release/0.46.x +# SLACK_ICON_EMOJI: ":skull:" +# SLACK_COLOR: danger +# SLACK_MESSAGE: 0.46.x Sims are failing +# SLACK_FOOTER: "" diff --git a/.github/workflows/sims-047.yml b/.github/workflows/sims-047.yml new file mode 100644 index 0000000000..7f4f800a5b --- /dev/null +++ b/.github/workflows/sims-047.yml @@ -0,0 +1,145 @@ +# name: Sims release/0.47.x +# # Sims workflow runs multiple types of simulations (nondeterminism, import-export, after-import, multi-seed-short) +# # This workflow will run on all Pull Requests, if a .go, .mod or .sum file have been changed +# on: +# schedule: +# - cron: "0 0,12 * * *" +# release: +# types: [published] + +# concurrency: +# group: ci-${{ github.ref }}-sims-047 +# cancel-in-progress: true + +# jobs: +# build: +# runs-on: ubuntu-latest +# if: "!contains(github.event.head_commit.message, 'skip-sims')" +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.47.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - run: make build + +# install-runsim: +# permissions: +# contents: none +# runs-on: ubuntu-latest +# needs: build +# steps: +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - name: Install runsim +# run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0 +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary + +# test-sim-import-export: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# timeout-minutes: 60 +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.47.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-import-export +# run: | +# make test-sim-import-export + +# test-sim-after-import: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.47.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-after-import +# run: | +# make test-sim-after-import + +# test-sim-multi-seed-short: +# runs-on: ubuntu-latest +# needs: [build, install-runsim] +# steps: +# - uses: actions/checkout@v3 +# with: +# ref: "release/v0.47.x" +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-multi-seed-short +# run: | +# make test-sim-multi-seed-short + +# sims-notify-success: +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ success() }} +# steps: +# - uses: actions/checkout@v3 +# - name: Get previous workflow status +# uses: ./.github/actions/last-workflow-status +# id: last_status +# with: +# github_token: ${{ secrets.GITHUB_TOKEN }} + +# - name: Notify Slack on success +# if: ${{ steps.last_status.outputs.last_status == 'failure' }} +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests release/0.47.x +# SLACK_ICON_EMOJI: ":white_check_mark:" +# SLACK_COLOR: good +# SLACK_MESSAGE: 0.47.x Sims are passing +# SLACK_FOOTER: "" + +# sims-notify-failure: +# permissions: +# contents: none +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ failure() }} +# steps: +# - name: Notify Slack on failure +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests release/0.47.x +# SLACK_ICON_EMOJI: ":skull:" +# SLACK_COLOR: danger +# SLACK_MESSAGE: 0.47.x Sims are failing +# SLACK_FOOTER: "" diff --git a/.github/workflows/sims-nightly.yml b/.github/workflows/sims-nightly.yml new file mode 100644 index 0000000000..d562ccbdd9 --- /dev/null +++ b/.github/workflows/sims-nightly.yml @@ -0,0 +1,91 @@ +# name: Sims Nightly (Long) +# # Release Sims workflow runs long-lived (multi-seed & large block size) simulations +# # This workflow only runs mightly at 8am UTC and on releases +# on: +# schedule: +# - cron: "0 8 * * *" +# release: +# types: [published] + +# permissions: +# contents: read + +# concurrency: +# group: ci-${{ github.ref }}-sims-nightly-long +# cancel-in-progress: true + +# jobs: +# install-runsim: +# permissions: +# contents: none +# runs-on: ubuntu-latest +# steps: +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - name: Install runsim +# run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0 +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary + +# test-sim-multi-seed-long: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v3 +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-multi-seed-long +# run: | +# make test-sim-multi-seed-long + +# sims-notify-success: +# needs: [test-sim-multi-seed-long] +# runs-on: ubuntu-latest +# if: ${{ success() }} +# steps: +# - name: Check out repository +# uses: actions/checkout@v3 +# - name: Get previous workflow status +# uses: ./.github/actions/last-workflow-status +# id: last_status +# with: +# github_token: ${{ secrets.GITHUB_TOKEN }} + +# - name: Notify Slack on success +# if: ${{ steps.last_status.outputs.last_status == 'failure' }} +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests +# SLACK_ICON_EMOJI: ":white_check_mark:" +# SLACK_COLOR: good +# SLACK_MESSAGE: Sims Nightly (Long) are passing +# SLACK_FOOTER: "" + +# sims-notify-failure: +# permissions: +# contents: none +# needs: [test-sim-multi-seed-long] +# runs-on: ubuntu-latest +# if: ${{ failure() }} +# steps: +# - name: Notify Slack on failure +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests +# SLACK_ICON_EMOJI: ":skull:" +# SLACK_COLOR: danger +# SLACK_MESSAGE: Sims Nightly (Long) are failing +# SLACK_FOOTER: "" diff --git a/.github/workflows/sims.yml b/.github/workflows/sims.yml new file mode 100644 index 0000000000..6899098a01 --- /dev/null +++ b/.github/workflows/sims.yml @@ -0,0 +1,130 @@ +# name: Sims +# # Sims workflow runs multiple types of simulations (nondeterminism, import-export, after-import, multi-seed-short) +# # This workflow will run on all Pull Requests, if a .go, .mod or .sum file have been changed +# on: +# schedule: +# - cron: "0 */2 * * *" +# release: +# types: [published] + +# concurrency: +# group: ci-${{ github.ref }}-sims +# cancel-in-progress: true + +# jobs: +# build: +# permissions: +# contents: read # for actions/checkout to fetch code +# runs-on: ubuntu-latest +# if: "!contains(github.event.head_commit.message, 'skip-sims')" +# steps: +# - uses: actions/checkout@v3 +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - run: make build +# - name: Install runsim +# run: go install github.com/cosmos/tools/cmd/runsim@v1.0.0 +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary + +# test-sim-import-export: +# runs-on: ubuntu-latest +# needs: [build] +# timeout-minutes: 60 +# steps: +# - uses: actions/checkout@v3 +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-import-export +# run: | +# make test-sim-import-export + +# test-sim-after-import: +# runs-on: ubuntu-latest +# needs: [build] +# steps: +# - uses: actions/checkout@v3 +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-after-import +# run: | +# make test-sim-after-import + +# test-sim-multi-seed-short: +# runs-on: ubuntu-latest +# needs: [build] +# timeout-minutes: 60 +# steps: +# - uses: actions/checkout@v3 +# - uses: actions/setup-go@v4 +# with: +# go-version: "1.21" +# check-latest: true +# - uses: actions/cache@v3 +# with: +# path: ~/go/bin +# key: ${{ runner.os }}-go-runsim-binary +# - name: test-sim-multi-seed-short +# run: | +# make test-sim-multi-seed-short + +# sims-notify-success: +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ success() }} +# steps: +# - name: Check out repository +# uses: actions/checkout@v3 +# - name: Get previous workflow status +# uses: ./.github/actions/last-workflow-status +# id: last_status +# with: +# github_token: ${{ secrets.GITHUB_TOKEN }} + +# - name: Notify Slack on success +# if: ${{ steps.last_status.outputs.last_status == 'failure' }} +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests +# SLACK_ICON_EMOJI: ":white_check_mark:" +# SLACK_COLOR: good +# SLACK_MESSAGE: Sims are passing +# SLACK_FOOTER: "" + +# sims-notify-failure: +# permissions: +# contents: none +# needs: +# [test-sim-multi-seed-short, test-sim-after-import, test-sim-import-export] +# runs-on: ubuntu-latest +# if: ${{ failure() }} +# steps: +# - name: Notify Slack on failure +# uses: rtCamp/action-slack-notify@v2.2.0 +# env: +# SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} +# SLACK_CHANNEL: sdk-sims +# SLACK_USERNAME: Sim Tests +# SLACK_ICON_EMOJI: ":skull:" +# SLACK_COLOR: danger +# SLACK_MESSAGE: Sims are failing +# SLACK_FOOTER: "" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000000..20630a1376 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,26 @@ +name: "Close stale issues & pull requests" +on: + schedule: + - cron: "0 0 * * *" + +permissions: + contents: read + +jobs: + stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v8 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-pr-message: "This pull request has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions." + days-before-stale: -1 + days-before-close: -1 + days-before-pr-stale: 30 + days-before-pr-close: 4 + exempt-pr-labels: "pinned, security, proposal, blocked" diff --git a/.github/workflows/staticmajor.yml b/.github/workflows/staticmajor.yml new file mode 100644 index 0000000000..b3ce4397db --- /dev/null +++ b/.github/workflows/staticmajor.yml @@ -0,0 +1,23 @@ +# Staticmajor: Static analyzer to catch leaking resources & other bad code patterns +name: Detect leaking resources and bad code patterns +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + run_staticmajor: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Staticmajor action + id: staticmajor + uses: orijtech/staticmajor-action@main + with: + packages: ./... + resleak: true + structslop: false + tests: false