Skip to content

Wrorflows #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kromsten wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Wrorflows #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ff6f0fa
clippy fix attempt
kromsten Sep 10, 2025
92cac14
fix GHAPH
kromsten Sep 11, 2025
2dcb597
clippy fix attemp
kromsten Sep 11, 2025
c46ba86
clippy fix attempt #2
kromsten Sep 11, 2025
ac8655f
clippy fix attempt #3
kromsten Sep 11, 2025
4d364bb
clippy fix attempt #4
kromsten Sep 11, 2025
0066822
clippy fix attempt #5
kromsten Sep 11, 2025
d4b87c1
clippy fix attempt #6
kromsten Sep 11, 2025
a281bef
clippy fix attempt #7
kromsten Sep 11, 2025
52aa02b
clippy fix attempt #8
kromsten Sep 11, 2025
025f4e4
clippy fix attempt #9
kromsten Sep 11, 2025
8b633e8
clippy fix attempt #10
kromsten Sep 11, 2025
d68411c
vitest and other tweasks
kromsten Sep 11, 2025
ea3f08a
added vite coverate
kromsten Sep 11, 2025
b7670c5
ignore glows
kromsten Sep 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .cargo/config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,3 @@
unit-test = "test --lib"
wasm-debug = "build --target wasm32-unknown-unknown"
wasm = "build --release --target wasm32-unknown-unknown --lib"
integration-test = "test --package e2e -- --ignored --test-threads 1"

[env]
RUST_LOG = "info"
CONFIG = "configs/cosm-orc.yaml"
43 changes: 34 additions & 9 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,42 @@
name: Rust-Build
name: Build Package CI

on:
push:
branches:
- main
branches: [main]
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch:
inputs:
beta_release:
description: Create beta release
type: boolean
default: false
required: false

concurrency:
group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && 'main' || github.ref_name }}
cancel-in-progress: ${{ github.ref_name != 'main' }}

jobs:
optimize_ci:
runs-on: ubuntu-latest
outputs:
skip: ${{ steps.check_skip.outputs.skip || steps.defaults.outputs.skip }}

@ellipsis-dev ellipsis-dev Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The output expression now references 'steps.defaults.outputs.skip' as a fallback, but no step with id 'defaults' is defined. Consider either adding the corresponding step or updating the fallback expression.

Suggested change
skip: ${{ steps.check_skip.outputs.skip || steps.defaults.outputs.skip }}
skip: ${{ steps.check_skip.outputs.skip }}

steps:
Comment on lines +23 to +25

@coderabbitai coderabbitai Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix outputs reference to undefined step (breaks evaluation).

steps.defaults doesn’t exist; actionlint flags it and GitHub will treat it as invalid. Default to 'false' directly.

   outputs:
-      skip: ${{ steps.check_skip.outputs.skip || steps.defaults.outputs.skip }}
+      skip: ${{ steps.check_skip.outputs.skip || 'false' }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
outputs:
skip: ${{ steps.check_skip.outputs.skip || steps.defaults.outputs.skip }}
steps:
outputs:
skip: ${{ steps.check_skip.outputs.skip || 'false' }}
steps:
🧰 Tools
🪛 actionlint (1.7.7)

24-24: property "defaults" is not defined in object type {check_skip: {conclusion: string; outcome: string; outputs: {string => string}}}

(expression)

🤖 Prompt for AI Agents 
.github/workflows/build.yml lines 23-25: the outputs expression references a
non-existent step "steps.defaults", causing actionlint/GitHub validation to
fail; replace that reference with a literal false default so the line becomes an
OR against false (i.e. use ${{ steps.check_skip.outputs.skip || false }}),
ensuring the workflow evaluates correctly without relying on an undefined step.

- uses: withgraphite/graphite-ci-action@v0.0.9
id: check_skip
continue-on-error: true
with:
graphite_token: ${{ secrets.GRAPHITE_TOKEN }}

check:
name: Check
runs-on: ubuntu-latest
needs: [optimize_ci]
if: ${{ needs.optimize_ci.outputs.skip != 'true' }}
steps:
- name: Checkout sources
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Install toolchain
uses: actions-rs/toolchain@v1
Expand All @@ -32,9 +56,11 @@ jobs:
test:
name: Test
runs-on: ubuntu-latest
needs: [optimize_ci]
if: ${{ needs.optimize_ci.outputs.skip != 'true' }}
steps:
- name: Checkout sources
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Install toolchain
uses: actions-rs/toolchain@v1
Expand Down Expand Up @@ -81,10 +107,9 @@ jobs:
components: clippy

- name: Run clippy
uses: actions-rs/cargo@v1
with:
command: clippy
args: --tests -- -D warnings --message-format=json &> clippy_report.json
shell: bash

@codoki-pr-intelligence codoki-pr-intelligence Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ High: This captures only stdout and does not fail on warnings. Clippy diagnostics may be emitted to stderr and Sonar may miss issues; also, removing '-D warnings' means CI won't fail on lint violations.

Suggested change
shell: bash
cargo clippy --tests --message-format=json -- -D warnings &> clippy_report.json

run: |
cargo clippy --tests --message-format=json -- > clippy_report.json

- name: Setup sonarqube
uses: warchant/setup-sonar-scanner@v3

@coderabbitai coderabbitai Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Pin Sonar scanner action to a commit SHA

Another third-party action that should be immutable.

-        uses: warchant/setup-sonar-scanner@v3
+        uses: warchant/setup-sonar-scanner@<PINNED_COMMIT_SHA>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: warchant/setup-sonar-scanner@v3
uses: warchant/setup-sonar-scanner@<PINNED_COMMIT_SHA>
🤖 Prompt for AI Agents 
In .github/workflows/build.yml around line 115, the workflow uses the
third-party action via a mutable tag ("warchant/setup-sonar-scanner@v3"); change
this to an immutable commit SHA by replacing the tag with the specific commit
hash for the v3 release (e.g., "warchant/setup-sonar-scanner@<commit-sha>"),
fetching the latest commit SHA from the action's GitHub repository or release
and updating the workflow file accordingly so the action is pinned to that exact
commit.

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/vitest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ jobs:
run: npx vitest run --coverage

@codoki-pr-intelligence codoki-pr-intelligence Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔷 Medium: With Vitest v3, coverage needs an explicit provider (e.g., @vitest/coverage-v8). Without it, coverage may be disabled or empty, resulting in misleading Codecov uploads.

Suggested change
run: npx vitest run --coverage
run: npx vitest run --coverage --coverage.provider=v8


- name: Upload results to Codecov
uses: codecov/codecov-action@v5
uses: codecov/codecov-action@v5.5.1

@coderabbitai coderabbitai Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Pin Codecov action to a commit SHA (supply-chain hardening)

Pinning third-party actions prevents unexpected changes from upstream.

-      - name: Upload results to Codecov
-        uses: codecov/codecov-action@v5.5.1
+      - name: Upload results to Codecov
+        uses: codecov/codecov-action@<COMMIT_SHA>
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
.github/workflows/vitest.yml around line 26: the workflow references uses:
codecov/codecov-action@v5.5.1 which is an unpinned tag; replace the tag with a
specific commit SHA to pin the action for supply-chain hardening. Locate the
Codecov action usage and update it to uses: codecov/codecov-action@<commit-sha>
(use the exact SHA from the action's GitHub repository release you want), commit
the change, and verify the workflow runs successfully.

with:
token: ${{ secrets.CODECOV_TOKEN }}
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ tarpaulin-report.*
# integration tests
e2e/gas_reports/*

.github

@codoki-pr-intelligence codoki-pr-intelligence Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ High: Ignoring the entire .github directory will prevent future workflow/security policy changes from being tracked and can silently disable CI/CD updates. Keep .github tracked, or narrowly ignore specific non-repo files if needed.

Suggested change
.github
# keep CI workflows tracked (do not ignore .github)
# .github


Comment on lines +39 to +40

@coderabbitai coderabbitai Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Do not ignore .github — this will block future CI/workflow updates.

Adding .github to .gitignore can prevent adding/renaming workflow files and other GitHub configs in future PRs. Remove it to avoid silently missing CI changes.

Apply this diff:

-.github
-
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
.github
🤖 Prompt for AI Agents 
.gitignore around lines 39-40 contains a line ignoring the .github directory
which blocks adding/updating GitHub workflows and configs; remove the ".github"
entry from .gitignore (delete that line), save and commit the change so the
.github directory and its files will be tracked and future workflow/CI updates
aren’t silently ignored.


temp*
ts
Expand Down
Binary file modified bun.lockb
View file
Open in desktop
Binary file not shown.
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
"@eslint/js": "^9.29.0",
"@types/bun": "latest",
"@typescript-eslint/parser": "^8.35.0",
"@vitest/coverage-v8": "^3.2.4",
"dprint": "^0.50.0",
"eslint": "^9.29.0",
"eslint-config-prettier": "^10.1.5",
Expand All @@ -27,6 +28,6 @@
"dotenv": "^16.3.1",
"sinon": "^17.0.1",
"smart-account-auth": "^0.6.6",
"vitest": "^1.3.0"
"vitest": "^3.2.4"

Check warning on line 31 in package.json

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

package.json#L31 

Package dependencies with variant versions may lead to dependency hijack and confusion attacks.
}
}
7 changes: 0 additions & 7 deletions src/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import type { AminoMsg, Secp256k1HdWallet } from '@cosmjs/amino';
import type { setupWasmExtension, SigningCosmWasmClient } from '@cosmjs/cosmwasm-stargate';
import { DirectSecp256k1HdWallet, Registry } from '@cosmjs/proto-signing';
import type { QueryClient, setupBankExtension } from '@cosmjs/stargate';

export interface MsgSignData extends AminoMsg {
Expand All @@ -18,12 +17,6 @@ export type CreateAccount<T = string> = { chain_id: string; code_id: number; msg

export type CreateAccountMsg<T = CredentialData> = { create_account: CreateAccount<T> };

/**
* This file was automatically generated by @cosmwasm/ts-codegen@1.9.0.
* DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file,
* and run the @cosmwasm/ts-codegen generate command to regenerate this file.
*/

export type Uint128 = string;

export interface InstantiateMsg {
Expand Down
2 changes: 2 additions & 0 deletions src/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,5 @@
26,
]).toString('hex');
}

export const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms));

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

"Promise" is not defined.

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

ES2015 'Promise' class is forbidden.

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

ES2015 arrow function expressions are forbidden.

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

ES2015 block-scoped variables are forbidden.

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

ES2015 modules are forbidden.

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

Missing "r" parameter type annotation.

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

Promise is not supported in op_mini all

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

Restricted async operation "setTimeout"

Check warning on line 27 in src/utils.ts

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

src/utils.ts#L27 

Return values from promise executor functions cannot be read.

@codacy-production codacy-production Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codacy has a fix for the issue: Return values from promise executor functions cannot be read.

Suggested change
export const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms));
export const sleep = (ms: number) => new Promise((r) => {setTimeout(r, ms)});

@codacy-production codacy-production Bot Sep 11, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codacy has a fix for the issue: ES2015 arrow function expressions are forbidden.

Suggested change
export const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms));
export const sleep = function(ms: number) { return new Promise((r) => setTimeout(r, ms)) };

2 changes: 1 addition & 1 deletion tests/actions.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import { sleep } from 'bun';
import { beforeAll, describe, expect, test } from 'vitest';
import { getChainData } from '../src/chain';
import {
Expand All @@ -10,6 +9,7 @@
transferToken,
} from '../src/contract';
import type { ChainData, ExecuteAccountMsg, FullInfoResponse } from '../src/types';
import { sleep } from '../src/utils';
import { getEthSigner } from '../src/utils';

describe('Setup Tests', () => {
Expand All @@ -19,7 +19,7 @@
let collection: string;
let cred_acc: string;

beforeAll(async () => {

Check failure on line 22 in tests/actions.test.ts

View workflow job for this annotation

GitHub Actions / Run tests and collect coverage

tests/actions.test.ts > Setup Tests 

Error: Hook timed out in 10000ms.
If this is a long-running hook, pass a timeout value as the last argument or configure it globally with "hookTimeout".
 ❯ tests/actions.test.ts:22:2
chain = await getChainData();
collection = chain.contracts.cw721_base.address!;
await sleep(4500);
Expand Down
Loading