* publish to ghcr
* build for target os and arch
* replace deprecated set-output
* fix insufficient scope error
* replace old code with docker metadata action
* disable default latest
Co-authored-by: Marko <marbar3778@yahoo.com>
The workflow uses the new github.com/orijtech/statediff tool that
builds a callgraph from a set of root methods and functions, and
checks whether a patch touches it.
Fixes#13518
Signed-off-by: Elias Naur <elias@orijtech.com>
Signed-off-by: Elias Naur <elias@orijtech.com>
Co-authored-by: Marko <marbar3778@yahoo.com>
Bumps [github.com/cosmos/ledger-cosmos-go](https://github.com/cosmos/ledger-cosmos-go) from 0.11.1 to 0.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/cosmos/ledger-cosmos-go/releases">github.com/cosmos/ledger-cosmos-go's releases</a>.</em></p>
<blockquote>
<h2>Update deps</h2>
<ul>
<li>Update dependencies:</li>
<li>Depends on zondax/ledger-go instead of cosmos/ledger-go</li>
<li>Include updates from zondax/ledger-go and zondax/hid (fixing mac build issue)</li>
<li>Update copyrights</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a105dbb4ed"><code>a105dbb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/cosmos/ledger-cosmos-go/issues/34">#34</a> from cosmos/updates</li>
<li><a href="543eb77c2c"><code>543eb77</code></a> update deps</li>
<li><a href="d852bb596e"><code>d852bb5</code></a> update copyright</li>
<li><a href="036a277666"><code>036a277</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/cosmos/ledger-cosmos-go/issues/25">#25</a> from cosmos/dependabot/go_modules/github.com/stretchr/...</li>
<li><a href="940cd3bd0d"><code>940cd3b</code></a> Bump github.com/stretchr/testify from 1.7.1 to 1.8.0</li>
<li><a href="e736b9afa7"><code>e736b9a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/cosmos/ledger-cosmos-go/issues/26">#26</a> from Zondax/update/ledger-go</li>
<li><a href="998c2b9ed7"><code>998c2b9</code></a> update ledger-go to 0.12.2</li>
<li><a href="343ae35a1a"><code>343ae35</code></a> Bump github.com/stretchr/testify from 1.3.0 to 1.7.1 (<a href="https://github-redirect.dependabot.com/cosmos/ledger-cosmos-go/issues/20">#20</a>)</li>
<li><a href="af7b6f9472"><code>af7b6f9</code></a> migrate to github actions (<a href="https://github-redirect.dependabot.com/cosmos/ledger-cosmos-go/issues/19">#19</a>)</li>
<li><a href="9d8c40fbe7"><code>9d8c40f</code></a> all: use named returns for proper defers + fix fmt.Errorf misuse (<a href="https://github-redirect.dependabot.com/cosmos/ledger-cosmos-go/issues/18">#18</a>)</li>
<li>See full diff in <a href="https://github.com/cosmos/ledger-cosmos-go/compare/v0.11.1...v0.12.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
* wip: nits
* add tests for VerifyInvariant and increase codecov for keeper
* add genesis test
* cover all keeper code in tests
Co-authored-by: Julien Robert <julien@rbrt.fr>
Noticed while examining a bunch of profiles, that the for loop inside
(*CompactBitArry).NumTrueBitsBefore unnecessarily consumed a bunch of
time:
```shell
7.55s 9.88s (flat, cum) 93.38% of Total
240ms 250ms 88:func (bA *CompactBitArray) NumTrueBitsBefore(index int) int {
. . 89: onesCount := 0
70ms 340ms 90: max := bA.Count()
70ms 70ms 91: if index > max {
. . 92: index = max
. . 93: }
. . 94: // below we iterate over the bytes then over bits (in low endian) and count bits set to 1
2.54s 2.76s 95: for elem := 0; elem < len(bA.Elems); elem++ {
```
but we can use the native for loop that produces indices while iterating
over slices. Just by simply changing the form results in an improvement
```shell
7.50s 9.95s (flat, cum) 94.94% of Total
240ms 320ms 88:func (bA *CompactBitArray) NumTrueBitsBefore(index int) int {
. . 89: onesCount := 0
170ms 420ms 90: max := bA.Count()
90ms 100ms 91: if index > max {
. . 92: index = max
. . 93: }
. . 94: // below we iterate over the bytes then over bits (in low endian) and count bits set to 1
1.49s 1.62s 95: for elem := range bA.Elems {
```
and an improvement in CPU time
```shell
$ benchstat before.txt after.txt
name old time/op new time/op delta
NumTrueBitsBefore/new-8 13.3ns ± 1% 12.5ns ± 1% -6.07% (p=0.000 n=10+10)
name old alloc/op new alloc/op delta
NumTrueBitsBefore/new-8 0.00B 0.00B ~ (all equal)
name old allocs/op new allocs/op delta
NumTrueBitsBefore/new-8 0.00 0.00 ~ (all equal)
```
Fixes#13999
* chore: skeleton files for any renderer
* feat: first cut at Any renderer and tests
* test: Any fields, more tests, rename lookup by field
* docs: make Any example match the stated spec, and the implementation.
* refactor: use protojson for better test case legibility
* test: use protocmp for proto equality
See https://developers.google.com/protocol-buffers/docs/reference/go/faq#deepequal
* refactor: use json.RawMessage instead of remarshalling
* refactor: consistent pointer receiver for Textual
## Description
TLDR; check for `s.IsOverHalfOrder()` with less steps
Before this PR:
```go
// parse the signature:
signature := signatureFromBytes(sigStr)
// Reject malleable signatures. libsecp256k1 does this check but btcec doesn't.
// see: f9401ae011/crypto/signature_nocgo.go (L90-L93)
// Serialize() would negate S value if it is over half order.
// Hence, if the signature is different after Serialize() if should be rejected.
modifiedSignature, parseErr := ecdsa.ParseDERSignature(signature.Serialize())
if parseErr != nil {
return false
}
if !signature.IsEqual(modifiedSignature) {
return false
}
```
It's serializing the signature into a new variable and then comparing if both are equal. Inside `Serialize()` we have:
5d537320a0/dcrec/secp256k1/ecdsa/signature.go (L88-L95)
```go
// Ensure the S component of the signature is less than or equal to the half
// order of the group because both S and its negation are valid signatures
// modulo the order, so this forces a consistent choice to reduce signature
// malleability.
sigS := new(secp256k1.ModNScalar).Set(&sig.s)
if sigS.IsOverHalfOrder() {
sigS.Negate()
}
```
Before btcec update to v2:
Until btcec update this was simpler because S was exported in the signature: ed9cd41396 (diff-30a6b594e157a12a28bf8a26f65ab4de1dc3c65c8419e5756f0b9c25d9ce1a93L46)
```go
if signature.S.Cmp(secp256k1halfN) > 0 {
return false
}
```
Closes: #XXXX
---
### Author Checklist
*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*
I have...
- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed
### Reviewers Checklist
*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*
I have...
- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
Simplifies and makes clearer the code in removeZeroCoins by
removing unnecessary checks that boiled down to still running
in the same final for loop.
Fixes#13958
