* build: Makefile: add Go vulnerability checker
Adds the Go vulnerability checker to the Makefile as a directive
dependency to the all directive to ensure that we get security
updates scalably.
* add gh action
* bump to 1.19.3 due to vulnerabilities
Co-authored-by: Julien Robert <julien@rbrt.fr>
## Description
This PR works towards the completion of the Go Workspaces issue #11450
It does the following:
* Upgrades the Cosmos-SDK to Go v1.18
* Changes the version of gogo/protobuf to v1.3.2, which exists upstream, unlike v1.3.3 everywhere possible. The use of the 1.3.3 version number and lack of an upstream version is the blocker for Go Workspaces.
---
### Author Checklist
*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*
I have...
- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [x] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [x] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [x] added a changelog entry to `CHANGELOG.md`
- [x] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [x] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [x] confirmed all CI checks have passed
### Reviewers Checklist
*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*
I have...
- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
* [10948]: Add changelog entry.
* [10948]: Deprecate the types.DBBackend variable and the NewLevelDB function. Create a NewDB function to replace them.
* [10948]: Add a DBBackend string to the simulation config and a flag for setting it. Update the simulation setup to use that instead of the compile-time DBBackend variable.
* [10948]: Update the mock app creator to use the NewDB function. Not sure what to do about the db backend in that case though.
* [10948]: Update changelog to reflect new db-backend field name.
* [10948]: Use the tendermint db-backend type for the snapshot db.
* [10948]: Update the last use of NewLevelDB by adding a parameter to openDB and uppdating calls to that to provide the db type to use.
* [10948]: Upddate the NewDB function to also have a default db backend type if an empty string is provided there.
* [10948]: Remove the new TODO in mock.NewApp. After looking through it's uses, there doesn't seem to be any desire to change it, and there's no easy way to communicate it.
* [10948]: Enhance the NewDB defer function to also add info to any err that is being returned.
* [10948]: Add some unit tests for NewDB.
* [10948]: Lint fixes.
* [10948]: Add a changelog entry to the deprecated section.
* [10948]: Update the makefile to no longer set the types.DBBackend value.
* [10948]: Use memdb for the mock app instead of goleveldb. I know it was a goleveldb before, but for a mock app, a memdb feels like a better choice (assuming 'mock' and 'mem' mean what I assume they mean).
* [10948]: Fix the store benchmark tests (had some index-out-of-range issues).
* [10948]: Fix cachekv store bench test calling iter.Key() before checking iter.Valid().
* [10948]: Remove the panic recovery from types.NewDB since dbm.NewDB returns an error now (it didn't originally, when NewLevelDB was first written).
* [10948]: Add changlog entry indicationg an API breaking change due to the DBBackend change.
* [10948]: Get rid of the types.NewDB function in favor of just using the tm-db version of it.
* [10948]: Fix Update the codeql-analysis github action to use go v1.17.
* [10948]: Add config file option for the app db backend type.
* [10948]: Adjust the comment on the app-db-backend config entry to clarify fallback behavior.
* [10948]: Add a default of GoLevelDBBackend to GetAppDBBackend. The old DBBackend variable defaulted to that, and some unit tests assume that behavior still exists.
* [10948]: Add the missing quotes around the app-db-backend value.
* [10948]: Small tweak to the changelog's deprecated entry.
* Add the go version declaration back into the codeql-analysis github action.
* [10948]: Update new use of openDB.
* [10948]: Put a brief delay after closing the test network. Hopefully that helps with address-in-use and non-empty directory errors.
Co-authored-by: Marko <marbar3778@yahoo.com>
## Description
moving test-race to its own job allows us to run it or normal tests on their own. this reduces running jobs. The down side is if they both fail we then have to rerun both of them.
---
### Author Checklist
*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*
I have...
- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed
### Reviewers Checklist
*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*
I have...
- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
## Description
Closes: #10190
added a basic GH Action pipeline for CodeQL that checks
general security and code quality issues
plus a few custom queries for Cosmos SDK
defined in https://github.com/crypto-com/cosmos-sdk-codeql
---
### Author Checklist
*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*
I have...
- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [x] confirmed all CI checks have passed
### Reviewers Checklist
*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*
I have...
- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
