diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..439e0cf --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,61 @@ +## Description + + + +---- + +Closes #XXX + +**All** items are required. Please add a note to the item if the item is not applicable and +please add links to any relevant follow-up issues. + +PR review checkboxes: + +I have... + +- [ ] Added a relevant changelog entry to the `Unreleased` section in `CHANGELOG.md` +- [ ] Targeted PR against the correct branch +- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title +- [ ] Linked to the GitHub issue with discussion and accepted design +- [ ] Targets only one GitHub issue +- [ ] Wrote unit and integration tests +- [ ] Wrote relevant migration scripts if necessary +- [ ] All CI checks have passed +- [ ] Added relevant `godoc` [comments](https://blog.golang.org/godoc-documenting-go-code) +- [ ] Updated the scripts for local run, e.g genesis_config_commands.sh if the PR changes parameters +- [ ] Add an issue in the [e2e-tests repo](https://github.com/dymensionxyz/e2e-tests) if necessary + +SDK Checklist +- [ ] Import/Export Genesis +- [ ] Registered Invariants +- [ ] Registered Events +- [ ] Updated openapi.yaml +- [ ] No usage of go `map` +- [ ] No usage of `time.Now()` +- [ ] Used fixed point arithmetic and not float arithmetic +- [ ] Avoid panicking in Begin/End block as much as possible +- [ ] No unexpected math Overflow +- [ ] Used `sendCoin` and not `SendCoins` +- [ ] Out-of-block compute is bounded +- [ ] No serialized ID at the end of store keys +- [ ] UInt to byte conversion should use BigEndian + +Full security checklist [here](https://www.faulttolerant.xyz/2024-01-16-cosmos-security-1/) + + +----; + +For Reviewer: + +- [ ] Confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title +- [ ] Reviewers assigned +- [ ] Confirmed all author checklist items have been addressed + +---; + +After reviewer approval: + +- [ ] In case the PR targets the main branch, PR should not be squash merge in order to keep meaningful git history. +- [ ] In case the PR targets a release branch, PR must be rebased. diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..12226a0 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: "CodeQL" + +on: + pull_request: + paths: + - "**.go" + push: + # The branches below must be a subset of the branches above + branches: + - main + - release/** + paths: + - "**.go" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: "1.22" + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: "go" + queries: crypto-com/cosmos-sdk-codeql@main,security-and-quality + + - name: Build + run: make build + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/golangci_lint.yml b/.github/workflows/golangci_lint.yml new file mode 100644 index 0000000..1028461 --- /dev/null +++ b/.github/workflows/golangci_lint.yml @@ -0,0 +1,23 @@ +name: golangci-lint +on: + push: + tags: + - v* + branches: + - main + pull_request: + +jobs: + golangci: + name: golangci-lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version: "1.22" + - name: golangci-lint + uses: golangci/golangci-lint-action@v4.0.0 + with: + version: v1.56.2 + skip-cache: true diff --git a/.github/workflows/markdown_lint.yml b/.github/workflows/markdown_lint.yml new file mode 100644 index 0000000..2f1219c --- /dev/null +++ b/.github/workflows/markdown_lint.yml @@ -0,0 +1,19 @@ +name: markdown-lint +on: + push: + tags: + - v* + branches: + - main + pull_request: + +jobs: + markdownlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: markdownlint-cli + uses: nosborn/github-action-markdown-cli@v3.2.0 + with: + files: ./ + config_file: .markdownlint.yaml \ No newline at end of file