-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: upgrade cometbft to v0.37.12 #3045
Conversation
📝 WalkthroughWalkthroughThe pull request includes updates to several files, primarily focusing on upgrading the Golang version used in various Dockerfiles and the Changes
Possibly related PRs
Suggested labels
Suggested reviewers
📜 Recent review detailsConfiguration used: .coderabbit.yaml ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
✅ Files skipped from review due to trivial changes (2)
🔇 Additional comments (6)Dockerfile-localnet (2)
The upgrade from Go 1.22.5 to 1.22.7 is properly applied across all build stages, maintaining consistency. Let's verify the Go version compatibility with cometbft v0.37.12: Also applies to: 30-30, 33-33 ✅ Verification successfulGo version upgrade is compatible with cometbft v0.37.12 The upgrade to Go 1.22.7 aligns with the cometbft v0.37.12 dependency requirements. The version is consistently declared in both go.mod and Dockerfile-localnet, maintaining build reproducibility across environments. 🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Verify Go version compatibility with cometbft dependency
# Test: Check go.mod for cometbft version and Go requirements
rg -A 5 "github.com/cometbft/cometbft" go.mod
Length of output: 82204 Script: #!/bin/bash
# Check go.mod for cometbft version and Go requirements
rg -p "cometbft/cometbft.*v0.37.12" go.mod
# Check if Go version is compatible with cometbft v0.37.12
rg -p "^go " go.mod
Length of output: 120 Line range hint Since this is a build environment change, it's important to ensure build reproducibility. Run the following script to check for any version-specific build flags or constraints: ✅ Verification successfulGo version upgrade is safe to proceed The codebase shows good compatibility with the Go version upgrade:
🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Check for Go version constraints in build files
# Test 1: Look for Go version constraints in build files
rg -g '*.{go,mod,sum,mk,Makefile}' -A 3 '(go |GO_VERSION|GOLANG_VERSION|go1\.[0-9]+)'
# Test 2: Check for any Go build tags or constraints
fd -e go -x grep -l '^//go:build' {} \;
Length of output: 82204 Script: #!/bin/bash
# Check for Go version-specific build tags and constraints in the codebase
# Look for any build tags or constraints that might be affected by Go version upgrade
# Check for Go version constraints in build files and Go files
rg -g '*.{go,mod,sum,mk,Makefile}' -A 3 'go1\.[0-9]+' --no-filename
# Check for build tags that might be version-specific
rg -g '*.go' '^//\+build go[0-9]' --no-filename
# Check for any Go build constraints that might affect compilation
rg -g '*.go' '^//go:build.*go[0-9]' --no-filename
# Look for any Go version-specific code or features
rg -g '*.go' 'runtime\.Version|go1\.[0-9]+' --no-filename
Length of output: 562 go.mod (4)
The upgrade to Go 1.22.7 and toolchain 1.22.8 keeps the project current with the latest stable releases while maintaining backward compatibility within the 1.22.x series. Line range hint The replace directives are properly documented with comments explaining the reasons for the replacements and linking to the relevant forks and issues.
New indirect dependencies have been added:
Let's verify these are actually required and not accidentally included. ✅ Verification successfulIndirect dependencies verification complete The dependencies are legitimately required:
🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Search for usage of new indirect dependencies
for dep in "cockroachdb/fifo" "hashicorp/golang-lru/v2" "kylelemons/godebug" "munnerz/goautoneg"; do
echo "Checking usage of $dep:"
rg "\"github.com/$dep\""
done
Length of output: 897 Script: #!/bin/bash
# Let's try a different approach by checking go.mod history and dependencies
# First, let's see what changed in go.mod
git diff HEAD^ HEAD go.mod
# Then let's check if these are transitive dependencies
go mod why github.com/cockroachdb/fifo
go mod why github.com/hashicorp/golang-lru/v2
go mod why github.com/kylelemons/godebug
go mod why github.com/munnerz/goautoneg
# Also check for any imports that might be using these packages
# Using -l to include only file names to check if these are used anywhere
rg -l "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg"
Length of output: 847 Script: #!/bin/bash
# Let's examine the actual usage in the files found
echo "=== Checking zetaclient/chains/bitcoin/observer/observer_test.go ==="
rg -C 2 "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg" zetaclient/chains/bitcoin/observer/observer_test.go
echo "=== Checking zetaclient/chains/base/observer.go ==="
rg -C 2 "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg" zetaclient/chains/base/observer.go
echo "=== Checking zetaclient/chains/base/observer_test.go ==="
rg -C 2 "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg" zetaclient/chains/base/observer_test.go
echo "=== Checking zetaclient/chains/evm/observer/outbound_test.go ==="
rg -C 2 "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg" zetaclient/chains/evm/observer/outbound_test.go
echo "=== Checking zetaclient/chains/evm/observer/observer_test.go ==="
rg -C 2 "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg" zetaclient/chains/evm/observer/observer_test.go
echo "=== Checking zetaclient/chains/ton/liteapi/client.go ==="
rg -C 2 "cockroachdb/fifo|hashicorp/golang-lru|kylelemons/godebug|munnerz/goautoneg" zetaclient/chains/ton/liteapi/client.go
Length of output: 2405
The upgrade of ✅ Verification successfulLet me analyze the codebase usage of CometBFT to verify the upgrade impact. CometBFT upgrade from v0.37.4 to v0.37.12 appears safe to proceed Based on the comprehensive analysis of the codebase:
The primary usage patterns involve standard interfaces that are stable within the 0.37.x series:
🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Search for any cometbft-specific type assertions or interface implementations
# that might be affected by the upgrade
# Look for cometbft interface implementations
rg -l "interface {" | xargs rg "cometbft"
# Search for cometbft type assertions
ast-grep --pattern 'interface{} = $expr.(github.com/cometbft/$type)'
Length of output: 17007 Script: #!/bin/bash
# Check for changes in CometBFT interfaces and types between versions
# First, let's check the current version's imports
# Look for interface implementations and type assertions
ast-grep --pattern 'type $name struct {
$$$
cometbft.$rest
$$$
}'
# Check for method implementations that might be affected
ast-grep --pattern 'func ($receiver $type) $method($params) $return {
$$$
cometbft.$rest
$$$
}'
# Search for any specific version constraints or compatibility notes
rg -i "require.*(cometbft.*v0\.37\.(4|12))" -A 5 -B 5
# Look for any migration guides or breaking changes mentioned in docs
fd README.md | xargs rg -i "migration|breaking.*changes|upgrade"
Length of output: 509 Script: #!/bin/bash
# Let's examine the changelog or release notes for breaking changes
curl -sL https://api.github.com/repos/cometbft/cometbft/releases/tags/v0.37.12 | jq -r '.body'
# Check for any specific version constraints in go.mod
rg -A 10 "\[require\]|require \(" go.mod
# Look for any CometBFT interface implementations
ast-grep --pattern 'interface $name {
$$$
}'
# Check for any custom implementations of CometBFT types
rg "implements.*cometbft" -B 2 -A 2
Length of output: 1953 Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #3045 +/- ##
========================================
Coverage 64.47% 64.47%
========================================
Files 412 412
Lines 28985 28985
========================================
Hits 18687 18687
Misses 9515 9515
Partials 783 783 |
21c9127
to
b41ff4a
Compare
b41ff4a
to
45b3215
Compare
This cometbft-db upgrade is a breaking change which caused zeta database corruption (or at least consensus failures) on their cosmos sdk v0.47.x application when upgrading: zeta-chain/node#3045 (revert with details: zeta-chain/node#3065) zeta-chain/node#3045 zeta-chain/node#3065
Description
cometbft/cometbft#4294 was released in v0.37.12 which means that we can upgrade cometbft now.
This sidesteps all the issues described in #2934 and #2959
Update: should upgrade gosec first to avoid those warnings #2933
Upgrade test failures appear unrelated, removing label:
How Has This Been Tested?
Summary by CodeRabbit
New Features
Bug Fixes
Chores