fix: isolate CheckTx and simulation state from DeliverTx commits #51282
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Dependency Review" | |
| on: | |
| pull_request: | |
| merge_group: | |
| permissions: | |
| contents: read | |
| jobs: | |
| dependency-review: | |
| runs-on: depot-ubuntu-22.04-4 | |
| steps: | |
| - name: "Checkout Repository" | |
| uses: actions/checkout@v5 | |
| - name: "Setup Go" | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: "1.25" | |
| check-latest: true | |
| - name: "Dependency Review" | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| base-ref: ${{ github.event.pull_request.base.sha || 'main' }} | |
| head-ref: ${{ github.event.pull_request.head.sha || github.ref }} | |
| fail-on-severity: high | |
| - name: "Dependency audit" | |
| run: ./scripts/dep-assert.sh | |
| - name: "Go vulnerability check" | |
| id: govuln | |
| run: | | |
| # Run the vulnerability check and capture its output (ignoring non-zero exit codes) | |
| make vulncheck 2>&1 | tee govulncheck-output.txt || true | |
| # Extract vulnerability identifiers from the output (e.g., GO-2025-3443) | |
| vulnerabilities=$(grep -o 'GO-[0-9]\{4\}-[0-9]\+' govulncheck-output.txt | sort | uniq) | |
| echo "Detected vulnerabilities: $vulnerabilities" | |
| # Check if any vulnerability other than GO-2025-3443 exists | |
| for vuln in $vulnerabilities; do | |
| if [ "$vuln" != "GO-2025-3443" ]; then | |
| echo "Found vulnerability $vuln, failing..." | |
| exit 1 | |
| fi | |
| done | |
| echo "Only known vulnerability (GO-2025-3443) present. Continuing." |