add ci, makefile, linter, etc.

Author: MalteHerrmann

.github/workflows/golangci.yaml

@@ -0,0 +1,29 @@
+name: Lint codebase
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v8
+        with:
+          version: v2.2.2
+

.github/workflows/markdown-link-check.yaml

@@ -0,0 +1,9 @@
+name: Markdown Link Check
+on:
+  pull_request:
+jobs:
+  link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15

.github/workflows/spell-check.yaml

@@ -0,0 +1,27 @@
+name: Spell Check
+on:
+  pull_request:
+    paths:
+      - '**/*.md'
+
+permissions:
+  contents: read
+
+jobs:
+  spellcheck:
+    name: Run codespell
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+      - name: Install codespell
+        run: pip install codespell
+      - name: Run codespell for codebase
+        run: codespell --skip="*/go.mod,*/go.sum"
+      - name: Run codespell for doc
+        run: |
+          codespell README.md

.github/workflows/vuln_nancy.yaml

@@ -0,0 +1,38 @@
+name: Scan Vulnerabilities
+
+on:
+  pull_request:
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+
+jobs:
+  nancy-scan:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: go.mod
+
+    - name: Run Nancy vulnerability scanner
+      run: make nancy
+
+  vulncheck:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Run vulncheck
+        run: go tool govulncheck ./...

.gitignore

@@ -28,5 +28,8 @@ go.work.sum
 .env
 
 # Editor/IDE
-# .idea/
-# .vscode/
+.idea/
+.vscode/
+
+# Build
+build/

.golangci.yaml

@@ -0,0 +1,80 @@
+version: '2'
+run:
+  allow-parallel-runners: true
+linters:
+  default: standard
+  enable:
+    - containedctx
+    - contextcheck
+    - dupword
+    - embeddedstructfieldcheck
+    - errchkjson
+    - errname
+    - errorlint
+    - exhaustive
+    - forcetypeassert
+    - funcorder
+    - goconst
+    - gocritic
+    - godot
+    - godox
+    - gosec
+    - misspell
+    - intrange
+    - musttag
+    - makezero
+    - nilerr
+    - nilnesserr
+    - nilnil
+    - nlreturn
+    - noctx
+    - nolintlint
+    # - paralleltest
+    - prealloc
+    - protogetter
+    - predeclared
+    - recvcheck
+    - thelper
+    # - tparallel
+    - unconvert
+    - unparam
+    - whitespace
+    # - wrapcheck
+  settings:
+    goconst:
+      min-occurrences: 2
+      numbers: true
+    govet:
+      disable:
+        - fieldalignment
+        - shadow
+      enable-all: true
+  exclusions:
+    paths:
+      - .*\.pb\.go
+      - .*\.pulsar\.go
+      - api/
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - golines
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/cosmos/,cosmossdk.io/,github.com/cometbft/)
+        - blank
+        - dot
+        - localmodule
+      custom-order: true
+      no-inline-comments: true
+      no-prefix-comments: true
+    gofmt:
+      rewrite-rules:
+        - pattern: 'interface{}'
+          replacement: 'any'
+    golines:
+      shorten-comments: true

.nancy-ignore

@@ -0,0 +1,8 @@
+# CVE-2023-42319 - go-ethereum vulnerability - inherent to protocol, low risk
+CVE-2023-42319
+
+# CVE-2015-20112 - go-ethereum old vulnerability - low severity, affects private networks only
+CVE-2015-20112
+
+# CVE-2021-43668 - goleveldb vulnerability - affects go-ethereum nodes
+CVE-2021-43668

Makefile

@@ -0,0 +1,48 @@
+.PHONY: build
+
+build:
+	go build -o ./build/orbgen .
+
+install:
+	go install -o ./build/orbgen .
+
+#=============================================================================#
+#                                 Tooling                                     #
+#=============================================================================#
+.PHONY: tool-all license format lint vulncheck nancy
+
+# This runs all the common tools like linting, etc.
+tool-all : license format lint vulncheck nancy
+
+FILES := $(shell find . -name "*.go" -not -path "./simapp/*" -not -name "*.pb.go" -not -name "*.pb.gw.go" -not -name "*.pulsar.go")
+license:
+	@echo "Adding license to files..."
+	@go-license --config .github/license.yaml $(FILES)
+	@echo "Completed license addition!"
+
+check-license:
+	@echo "Checking files for license..."
+	@go-license --config .github/license.yaml $(FILES) --verify
+
+GOLANGCI_LINT_VERSION="v2.2.2"
+GOLANGCI_LINT_IMAGE=golangci/golangci-lint:$(GOLANGCI_LINT_VERSION)
+GOLANGCI_LINT_CMD=docker run --rm -v $(PWD):/app -w /app $(GOLANGCI_LINT_IMAGE) golangci-lint
+format:
+	@echo "Running formatters..."
+	@$(GOLANGCI_LINT_CMD) fmt -c ./.golangci.yaml
+	@echo "Completed formatting!"
+
+lint:
+	@echo "Running linter..."
+	@$(GOLANGCI_LINT_CMD) run -c ./.golangci.yaml
+	@$(MAKE) check-license
+	@echo "Completed linting!"
+
+NANCY_VERSION=v1.0
+NANCY_IMAGE=sonatypecommunity/nancy:$(NANCY_VERSION)
+NANCY_CMD=docker run --rm -i --volume "$(PWD)":/app --workdir /app $(NANCY_IMAGE)
+nancy:
+	@echo "Running Nancy vulnerability scanner..."
+	@go list -json -deps ./... | $(NANCY_CMD) sleuth --exclude-vulnerability-file .nancy-ignore
+	@echo "Completed Nancy vulnerability scan!"
+