Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem: cometbft not up to date #1676

Merged
merged 9 commits into from
Nov 6, 2024
Merged

Conversation

yihuang
Copy link
Collaborator

@yihuang yihuang commented Nov 6, 2024

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

  • Have you read the CONTRIBUTING.md?
  • Does your PR follow the C4 patch requirements?
  • Have you rebased your work on top of the latest master?
  • Have you checked your code compiles? (make)
  • Have you included tests for any non-trivial functionality?
  • Have you checked your code passes the unit tests? (make test)
  • Have you checked your code formatting is correct? (go fmt)
  • Have you checked your basic code style is fine? (golangci-lint run)
  • If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
  • If your changes affect the client infrastructure, have you run the integration test?
  • If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
  • If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
  • If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

Release Notes

  • New Features

    • Introduced support for registration of payees and counterparty payees in the relayer precompile.
  • Improvements

    • Updated dependencies for enhanced performance and compatibility, including the cometbft library and RocksDB.
    • Added support for asynchronous transaction checks and a testnet benchmark command.
  • Bug Fixes

    • Addressed pruning issues with the iavl dependency and improved compatibility with newer compilers.
  • Documentation

    • Updated the CHANGELOG to reflect all recent changes and improvements.

Copy link
Contributor

coderabbitai bot commented Nov 6, 2024

Walkthrough

The pull request includes updates to several files, primarily focusing on dependency version changes, enhancements, and bug fixes. The CHANGELOG.md has been revised to document these changes, including a new feature for payee registration in the relayer precompile. The flake.nix file has updated the gomod2nix input URL. The go.mod file reflects multiple dependency version updates, while gomod2nix.toml introduces a new schema version and a vendorModulesTxt section. Additionally, the nix/rocksdb.nix file updates the RocksDB version and addresses compatibility with newer compilers.

Changes

File Change Summary
CHANGELOG.md Updated to reflect changes including bug fixes, new features, and improvements. Notable updates include iavl dependency pruning fix and new feature for payee registration in the relayer precompile.
flake.nix Updated gomod2nix input URL from github:nix-community/gomod2nix to github:obreitwi/gomod2nix/fix/go_mod_vendor.
go.mod Updated Go version from 1.22.7 to 1.23.1 and modified multiple dependencies to newer versions including grocksdb, protobuf, and cometbft-db.
gomod2nix.toml Schema version updated from 3 to 4; added vendorModulesTxt section; updated versions of several Go modules, including cometbft, badger, and protobuf; replaced github.com/cosmos/cosmos-sdk with github.com/crypto-org-chain/cosmos-sdk.
nix/rocksdb.nix Updated RocksDB version from 9.2.1 to 9.7.4 and corresponding SHA256 hash; added sed commands for GCC 13 compatibility; enhanced platform-specific commands for macOS and Linux.
nix/sources.json Updated gomod2nix entry: changed branch, owner, rev, sha256, and url to reflect new repository details.

Possibly related PRs

Suggested reviewers

  • devashishdxt
  • thomas-nguy
  • mmsqe

🐰 In the meadow, changes bloom,
With versions fresh, they chase the gloom.
From go.mod to rocksdb,
Each update hops with glee!
New features sprout, dependencies align,
In our code garden, all will shine! 🌼


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

codecov bot commented Nov 6, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 35.27%. Comparing base (742d12f) to head (5f8dc2a).
Report is 2 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##             main    #1676       +/-   ##
===========================================
+ Coverage   16.84%   35.27%   +18.42%     
===========================================
  Files          72      123       +51     
  Lines        6161    11752     +5591     
===========================================
+ Hits         1038     4145     +3107     
- Misses       5000     7193     +2193     
- Partials      123      414      +291     

see 70 files with indirect coverage changes

@yihuang yihuang marked this pull request as ready for review November 6, 2024 09:18
@yihuang yihuang requested a review from a team as a code owner November 6, 2024 09:18
@yihuang yihuang requested review from calvinaco, thomas-nguy and mmsqe and removed request for a team November 6, 2024 09:18
@yihuang yihuang enabled auto-merge November 6, 2024 09:42
go.mod Outdated Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)
nix/rocksdb.nix (1)

24-24: Consider database compatibility and migration strategy.

While this is a minor version update, please consider:

  1. Testing with existing databases to ensure compatibility
  2. Documenting any performance improvements or changes
  3. Planning a rollback strategy if issues arise in production
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 742d12f and 5f8dc2a.

⛔ Files ignored due to path filters (2)
  • flake.lock is excluded by !**/*.lock
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (6)
  • CHANGELOG.md (1 hunks)
  • flake.nix (1 hunks)
  • go.mod (8 hunks)
  • gomod2nix.toml (7 hunks)
  • nix/rocksdb.nix (1 hunks)
  • nix/sources.json (1 hunks)
🔇 Additional comments (13)
flake.nix (1)

10-10: Consider the implications of using a forked gomod2nix repository.

While the fork appears to address a specific vendoring issue, using a forked repository instead of the official one introduces potential maintenance and security considerations:

  • The fork could become stale or miss important updates from upstream
  • Long-term maintenance might be affected if the fork is not actively maintained

Let's check if there's an upstream PR for this fix:

Could you please:

  1. Confirm if there's an upstream PR for this fix?
  2. If yes, consider tracking the upstream PR and switching back once merged
  3. If no, consider creating an upstream PR to ensure long-term maintainability
✅ Verification successful

Fork is actively maintained with an open upstream PR #168

The fork github:obreitwi/gomod2nix/fix/go_mod_vendor corresponds to PR #168 in the upstream repository, which addresses building with Go 1.23 by tracking modules.txt. The PR was opened on September 1st, 2024, and is currently under review.

Given that:

The use of this fork is justified as a temporary solution while the upstream PR gets reviewed and merged.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if there's an upstream PR for the vendoring fix
# Expected results: Information about related PRs in the upstream repository

# Check for PRs in the upstream repository that might be related to the vendoring fix
gh pr list --repo nix-community/gomod2nix --search "vendor in:title,body"

# Check the fork's last commit date to assess maintenance status
gh api repos/obreitwi/gomod2nix/commits/fix/go_mod_vendor --jq '.commit.committer.date'

Length of output: 585

nix/rocksdb.nix (2)

Line range hint 1-146: LGTM! Build configuration is well-maintained.

The build system configuration is comprehensive with:

  • Proper dependency handling
  • Appropriate platform-specific adjustments
  • Robust security settings

24-24: Verify RocksDB version update compatibility.

The update from 9.2.1 to 9.7.4 is a minor version bump within the same major version, suggesting backward compatibility. However, please ensure:

  1. The version aligns with the Go bindings update to github.com/linxGnu/grocksdb v1.9.7 mentioned in the summary.
  2. The new hash is correct for version 9.7.4.

Also applies to: 30-30

nix/sources.json (2)

52-52: Review dependency source changes carefully.

The gomod2nix dependency has been moved from the official nix-community repository to a personal fork (obreitwi) and is using a fix branch instead of a stable release. This change requires careful consideration:

  1. Security: Moving from an organization-managed repository to a personal fork
  2. Stability: Using fix/go_mod_vendor branch instead of a stable release
  3. Long-term maintenance: Consider if this is a temporary solution

Please confirm:

  • Is this a temporary fix?
  • Is there a plan to move back to the official repository?
  • Has the fork's code been reviewed for security?

Consider:

  1. Opening an issue/PR in the official repository to integrate the fix
  2. Using a tagged release from the fork instead of a branch
  3. Documenting this deviation in the project's documentation

Also applies to: 55-55, 57-58, 60-60


52-60: Verify the impact of gomod2nix changes.

Let's verify that this dependency change doesn't introduce any breaking changes to the build system.

✅ Verification successful

Let me analyze the changes in nix/sources.json. The change shows that gomod2nix is being updated to use a fork from obreitwi with a specific commit 983228366edc1bed1be6e6f7a45e285b4707b9ba that includes a fix for go_mod_vendor. Let me verify if this is the latest version and if there are any potential issues.


Let me check the actual content of the fork's commit to understand the fix better.


Based on the investigation, I can now provide a final response about the gomod2nix change:

The update to gomod2nix fork is necessary for Go 1.23 compatibility

The change to use the fork from obreitwi is necessary because it includes a fix for Go 1.23 compatibility. The fix tracks vendor/modules.txt which is now required in Go 1.23. The specific commit (983228366e) implements this fix by executing go mod vendor during gomod2nix generation and tracking the content in gomod2nix.toml. While this might not be the most elegant solution, it's a working solution that enables gomod2nix to work with Go 1.23.

Note: While the fork has diverged from upstream, the specific fix addresses a critical compatibility issue with Go 1.23, making this change necessary until the fix is merged upstream or a better solution is implemented.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any go.mod related changes that might be affected by the new gomod2nix version

# Test 1: Look for go.mod files
echo "Checking for go.mod files..."
fd -t f "go\\.mod$"

# Test 2: Check for vendor directory
echo "Checking for vendor directory..."
fd -t d "^vendor$"

# Test 3: Look for gomod2nix configuration files
echo "Checking for gomod2nix configuration files..."
fd -t f "gomod2nix\\.toml$"

Length of output: 380


Script:

#!/bin/bash
# Let's check the content of gomod2nix.toml and go.mod files to understand the dependency structure

echo "=== Content of gomod2nix.toml ==="
cat gomod2nix.toml

echo -e "\n=== Main go.mod ==="
cat go.mod

echo -e "\n=== Looking for any existing gomod2nix related Nix files ==="
fd -t f ".*gomod2nix.*\\.nix$"

echo -e "\n=== Checking git history for previous gomod2nix version ==="
git grep -l "gomod2nix" -- ':!nix/sources.json' | xargs git log -p -- 2>/dev/null

Length of output: 432066


Script:

#!/bin/bash
# Check if the fork is still needed by checking if the fix has been merged upstream
echo "=== Checking upstream gomod2nix repository ==="
gh api repos/nix-community/gomod2nix/commits/main --jq '.sha' || true

# Check the status of the fork
echo -e "\n=== Checking fork status ==="
gh api repos/obreitwi/gomod2nix/commits/fix/go_mod_vendor --jq '.sha' || true

# Check if there are any related issues or PRs
echo -e "\n=== Checking related PRs ==="
gh api search/issues -X GET -f q="repo:nix-community/gomod2nix go_mod_vendor" --jq '.items[] | {title: .title, state: .state, url: .html_url}' || true

Length of output: 756


Script:

#!/bin/bash
# Check the commit content
echo "=== Checking the commit content ==="
gh api repos/obreitwi/gomod2nix/commits/983228366edc1bed1be6e6f7a45e285b4707b9ba --jq '.commit.message'

# Check if the fork is ahead/behind the upstream
echo -e "\n=== Checking if the fork is ahead/behind upstream ==="
gh api repos/obreitwi/gomod2nix/compare/nix-community:gomod2nix:master...obreitwi:gomod2nix:fix/go_mod_vendor --jq '.status' || true

Length of output: 1389

go.mod (2)

36-36: LGTM! Dependency updates look appropriate.

The version updates are incremental and align with the PR objective to update cometbft. The changes follow semantic versioning, suggesting no breaking changes.

Also applies to: 45-45, 87-87, 104-104, 106-107, 193-193


270-270: Security: Track TODO items for dependency replacements.

The cometbft update looks good, but there are several security-related replace directives with associated TODO comments. These should be tracked and addressed in future updates.

✅ Verification successful

Security-related TODOs can be removed as the referenced issues are resolved

The security-related TODOs in go.mod reference issues #13134 and #10409 in cosmos/cosmos-sdk, which are now closed. These comments can be safely removed as they no longer track active security concerns.

  • Remove TODO comment referencing issue #13134 about dgrijalva/jwt-go
  • Remove TODO comment referencing issue #10409 about gin-gonic/gin
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the mentioned security issues are still open
# and if there are any newer security advisories.

# Test: Check if the referenced issue is still open
gh issue view 13134 --repo cosmos/cosmos-sdk
gh issue view 10409 --repo cosmos/cosmos-sdk

# Test: Look for any security-related comments in the codebase
rg -g '*.go' -i '(?:TODO|FIXME).*security' 

Length of output: 2403


Script:

#!/bin/bash
# Let's check the replace directives and their associated comments in go.mod
cat go.mod | grep -A 1 "replace"

# Also search for any security-related comments in go.mod
grep -i "security\|todo\|fixme" go.mod

Length of output: 506

CHANGELOG.md (1)

19-19: LGTM!

The changelog entry follows the proper format, includes the PR reference, and clearly documents the dependency version updates.

gomod2nix.toml (5)

1-1: Schema version update to 4

The schema version has been incremented from 3 to 4, which indicates a structural change in the gomod2nix configuration format.


239-240: Database dependencies updated

Notable updates to database-related dependencies:

  • badger/v4 updated to v4.3.0
  • ristretto updated to v0.1.2-0.20240116140435-c67e07994f91

These updates may improve database performance and stability.

Also applies to: 242-243


166-167: CometBFT-DB upgraded to v0.15.0

The CometBFT-DB dependency has been upgraded from v0.14.1 to v0.15.0. This is a minor version bump that may include new features and improvements.

#!/bin/bash
# Check for CometBFT-DB usage that might need attention with the version upgrade
rg -l "github.com/cometbft/cometbft-db"

702-703: Protocol Buffers updated to v1.35.1

The protobuf dependency has been updated to v1.35.1, which may include improvements in protocol buffer handling and compatibility.

#!/bin/bash
# Check for protobuf generation files that might need regeneration
fd -e proto

162-163: CometBFT dependency updated to latest version

The CometBFT dependency has been updated to a more recent commit (ce418f845d9a) and is replaced with a fork from crypto-org-chain organization.

✅ Verification successful

Let me gather more information about the specific imports and their usage to better understand the impact.


Based on the gathered information, I can now provide the final response:

CometBFT dependency update appears safe and intentional

The update to CometBFT fork (crypto-org-chain/cometbft@ce418f845d9a) is properly configured in the go.mod replace directive. The codebase uses standard CometBFT APIs (abci, proto types, libs) which are stable across minor versions, and the fork is maintained by the same organization (crypto-org-chain) that maintains this repository.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the CometBFT version change impact
# Look for any direct imports of CometBFT packages that might need attention
rg -l "github.com/cometbft/cometbft"

Length of output: 5163


Script:

#!/bin/bash
# Check specific imports and their usage
rg -A 3 "github.com/cometbft/cometbft" app/app.go app/test_helpers.go

# Check if there are any direct version constraints in go.mod
cat go.mod | grep -A 5 "github.com/cometbft/cometbft"

# Look for any replace directives
cat go.mod | grep -A 1 "replace"

Length of output: 2132

go.mod Show resolved Hide resolved
@yihuang yihuang added this pull request to the merge queue Nov 6, 2024
Merged via the queue into crypto-org-chain:main with commit 3120895 Nov 6, 2024
36 checks passed
@yihuang yihuang deleted the cometbft branch November 6, 2024 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants