Merge pull request #34 from blocknative/0.3.9

merge upstream 0.3.9

.github/ISSUE_TEMPLATE/bug.md

@@ -6,7 +6,7 @@ labels: 'type:bug'
 assignees: ''
 ---
 
-Our support team has aggregated some common issues and their solutions from past which are faced while running or interacting with a bor client. In order to prevent redundant efforts, we would encourage you to have a look at the [FAQ's section](https://docs.polygon.technology/docs/faq/technical-faqs) of our documentation mentioning the same, before filing an issue here. In case of additional support, you can also join our [discord](https://discord.com/invite/zdwkdvMNY2) server
+Our support team has aggregated some common issues and their solutions from past which are faced while running or interacting with a bor client. In order to prevent redundant efforts, we would encourage you to have a look at the [FAQ's section](https://wiki.polygon.technology/docs/faq/technical-faqs/) of our documentation mentioning the same, before filing an issue here. In case of additional support, you can also join our [discord](https://discord.com/invite/zdwkdvMNY2) server
 
 <!--
 NOTE: Please make sure to check of any addresses / private keys / rpc url's / IP's before sharing the logs or anything from the additional information section (start.sh or heimdall config).

.github/matic-cli-config.yml

@@ -1,15 +1,25 @@
 defaultStake: 10000
 defaultFee: 2000
-borChainId: "15001"
+borChainId: 15001
 heimdallChainId: heimdall-15001
-contractsBranch: jc/v0.3.1-backport
-sprintSize: 64
-blockNumber: '0'
-blockTime: '2'
-numOfValidators: 3
-numOfNonValidators: 0
+contractsBranch: mardizzone/node-16
+genesisContractsBranch: master
+sprintSize:
+  - '64'
+blockNumber:
+  - '0'
+blockTime:
+  - '2'
+numOfBorValidators: 3
+numOfBorSentries: 0
+numOfBorArchiveNodes: 0
+numOfErigonValidators: 0
+numOfErigonSentries: 0
+numOfErigonArchiveNodes: 0
 ethURL: http://ganache:9545
 ethHostUser: ubuntu
 devnetType: docker
 borDockerBuildContext: "../../bor"
 heimdallDockerBuildContext: "https://github.com/maticnetwork/heimdall.git#develop"
+sprintSizeBlockNumber:
+  - '0'

.github/pull_request_template.md

@@ -8,11 +8,16 @@ Please provide a detailed description of what was done in this PR
 - [ ] Hotfix (change that solves an urgent issue, and requires immediate attention)
 - [ ] New feature (non-breaking change that adds functionality)
 - [ ] Breaking change (change that is not backwards-compatible and/or changes current functionality)
+- [ ] Changes only for a subset of nodes
 
 # Breaking changes
 
 Please complete this section if any breaking changes have been made, otherwise delete it
 
+# Nodes audience
+
+In case this PR includes changes that must be applied only to a subset of nodes, please specify how you handled it (e.g. by adding a flag with a default value...)
+
 # Checklist
 
 - [ ] I have added at least 2 reviewer or the whole pos-v1 team
@@ -41,4 +46,4 @@ Please complete this section with the steps you performed if you ran manual test
 
 # Additional comments
 
-Please post additional comments in this section if you have them, otherwise delete it
+Please post additional comments in this section if you have them, otherwise delete it

.github/workflows/ci.yml

@@ -104,7 +104,7 @@ jobs:
           uses: actions/checkout@v3
           with:
             repository: maticnetwork/matic-cli
-            ref: arpit/pos-655-2
+            ref: master
             path: matic-cli
 
         - name: Install dependencies on Linux
@@ -119,7 +119,7 @@ jobs:
 
         - uses: actions/setup-node@v3
           with:
-            node-version: '10.17.0'
+            node-version: '16.17.1'
             cache: 'npm'
             cache-dependency-path: |
               matic-cli/package-lock.json
@@ -142,11 +142,11 @@ jobs:
             bash docker-heimdall-start-all.sh
             bash docker-bor-setup.sh
             bash docker-bor-start-all.sh
-            sleep 120 && bash ganache-deployment-bor.sh
-            sleep 120 && bash ganache-deployment-sync.sh
-            sleep 120
-            docker exec bor0 bash -c "bor attach /root/.bor/data/bor.ipc -exec 'admin.peers'"
-            docker exec bor0 bash -c "bor attach /root/.bor/data/bor.ipc -exec 'eth.blockNumber'"
+            cd -
+            timeout 2m bash bor/integration-tests/bor_health.sh
+            cd -
+            bash ganache-deployment-bor.sh
+            bash ganache-deployment-sync.sh
 
         - name: Run smoke tests
           run: |

.github/workflows/packager.yml

@@ -12,7 +12,9 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-18.04
+    runs-on:
+      group: ubuntu-runners
+      labels: 18.04RunnerT2Large
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/security-ci.yml

@@ -0,0 +1,67 @@
+name: Security CI
+on: [ push, pull_request ]
+
+jobs:
+  snyk:
+    name: Snyk and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GOFLAGS: "-buildvcs=false"
+        with:
+          args: --org=${{ secrets.SNYK_ORG }} --severity-threshold=medium --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        continue-on-error: true
+        with:
+          sarif_file: snyk.sarif
+
+  snyk-code:
+    name: Snyk Code and Publish
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@master
+      - name: Run Snyk SAST to check for code vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --org=${{ secrets.SNYK_ORG }} --sarif-file-output=snyk.sarif
+          command: code test
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        continue-on-error: true
+        with:
+          sarif_file: snyk.sarif
+
+  govuln:
+    name: Run govuln check and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Running govulncheck
+        uses: Templum/[email protected]
+        continue-on-error: true
+        env:
+          DEBUG: "true"
+        with:
+          go-version: 1.19
+          vulncheck-version: latest
+          package: ./...
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fail-on-vuln: true
+
+      - name: Upload govulncheck report
+        uses: actions/upload-artifact@v3
+        with:
+          name: raw-report
+          path: raw-report.json

.github/workflows/security-sonarqube-ci.yml

@@ -0,0 +1,32 @@
+name: SonarQube CI
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  sonarqube:
+    name: SonarQube
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting.
+          fetch-depth: 0
+
+      # Triggering SonarQube analysis as results of it are required by Quality Gate check.
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # Check the Quality Gate status.
+      - name: SonarQube Quality Gate check
+        id: sonarqube-quality-gate-check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        # Force to fail step after specific time.
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

.gitignore

@@ -54,4 +54,6 @@ profile.cov
 
 dist
 
+.dccache
+
 *.csv

.golangci.yml

@@ -30,7 +30,7 @@ linters:
     - gocognit
     - gofmt
     # - gomnd
-    - gomoddirectives
+    # - gomoddirectives
     - gosec
     - makezero
     - nestif
@@ -65,10 +65,10 @@ linters-settings:
 
   goimports:
     local-prefixes: github.com/ethereum/go-ethereum
-  
+
   nestif:
     min-complexity: 5
-  
+
   prealloc:
     for-loops: true
 
@@ -79,7 +79,7 @@ linters-settings:
     # By default list of stable checks is used.
     enabled-checks:
       - badLock
-      - filepathJoin	
+      - filepathJoin
       - sortSlice
       - sprintfQuotedString
       - syncMapLoadAndDelete
@@ -185,4 +185,4 @@ issues:
   max-issues-per-linter: 0
   max-same-issues: 0
   #new: true
-  new-from-rev: origin/master
+  new-from-rev: origin/master

.snyk

@@ -0,0 +1,41 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'snyk:lic:golang:github.com:karalabe:usb:LGPL-3.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:06:37.028Z
+  'snyk:lic:golang:github.com:mitchellh:cli:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:07:42.661Z
+  'snyk:lic:golang:github.com:hashicorp:hcl:v2:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:09:08.112Z
+  'snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:09:14.673Z
+  'snyk:lic:golang:github.com:hashicorp:go-bexpr:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:09:21.843Z
+  'snyk:lic:golang:github.com:hashicorp:errwrap:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:09:28.257Z
+  'snyk:lic:golang:github.com:ethereum:go-ethereum:LGPL-3.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:09:35.273Z
+  'snyk:lic:golang:github.com:maticnetwork:polyproto:GPL-3.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T08:09:41.635Z
+  'SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322':
+    - '*':
+        reason: 'grpc working on a release to fix the issue'
+        created: 2022-12-12T06:50:00.000Z
+patch: {}

Makefile

@@ -14,20 +14,18 @@ GORUN = env GO111MODULE=on go run
 GOPATH = $(shell go env GOPATH)
 
 GIT_COMMIT ?= $(shell git rev-list -1 HEAD)
-GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
-GIT_TAG    ?= $(shell git describe --tags `git rev-list --tags="v*" --max-count=1`)
 
 PACKAGE = github.com/ethereum/go-ethereum
 GO_FLAGS += -buildvcs=false
-GO_FLAGS += -ldflags "-X ${PACKAGE}/params.GitCommit=${GIT_COMMIT} -X ${PACKAGE}/params.GitBranch=${GIT_BRANCH} -X ${PACKAGE}/params.GitTag=${GIT_TAG}"
+GO_LDFLAGS += -ldflags "-X ${PACKAGE}/params.GitCommit=${GIT_COMMIT} "
 
 TESTALL = $$(go list ./... | grep -v go-ethereum/cmd/)
 TESTE2E = ./tests/...
-GOTEST = GODEBUG=cgocheck=0 go test $(GO_FLAGS) -p 1
+GOTEST = GODEBUG=cgocheck=0 go test $(GO_FLAGS) $(GO_LDFLAGS) -p 1
 
 bor:
 	mkdir -p $(GOPATH)/bin/
-	go build -o $(GOBIN)/bor ./cmd/cli/main.go
+	go build -o $(GOBIN)/bor $(GO_LDFLAGS) ./cmd/cli/main.go 
 	cp $(GOBIN)/bor $(GOPATH)/bin/
 	@echo "Done building."
 
@@ -59,7 +57,10 @@ ios:
 	@echo "Import \"$(GOBIN)/Geth.framework\" to use the library."
 
 test:
-	$(GOTEST) --timeout 5m -shuffle=on -cover -coverprofile=cover.out $(TESTALL)
+	$(GOTEST) --timeout 5m -shuffle=on -cover -short -coverprofile=cover.out -covermode=atomic $(TESTALL)
+
+test-txpool-race:
+	$(GOTEST) -run=TestPoolMiningDataRaces --timeout 600m -race -v ./core/
 
 test-race:
 	$(GOTEST) --timeout 15m -race -shuffle=on $(TESTALL)
@@ -75,7 +76,7 @@ lint:
 
 lintci-deps:
 	rm -f ./build/bin/golangci-lint
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b ./build/bin v1.48.0
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b ./build/bin v1.50.1
 
 goimports:
 	goimports -local "$(PACKAGE)" -w .
@@ -228,4 +229,4 @@ release:
 		-v `pwd`:/go/src/$(PACKAGE_NAME) \
 		-w /go/src/$(PACKAGE_NAME) \
 		goreleaser/goreleaser-cross:${GOLANG_CROSS_VERSION} \
-		--rm-dist --skip-validate
+		--rm-dist --skip-validate

README.md

@@ -56,7 +56,7 @@ We believe one of the things that makes Polygon special is its coherent design a
 
 ### Building the source
 
-- Building `bor` requires both a Go (version 1.14 or later) and a C compiler. You can install
+- Building `bor` requires both a Go (version 1.19 or later) and a C compiler. You can install
 them using your favourite package manager. Once the dependencies are installed, run
 
      ```shell
@@ -74,7 +74,7 @@ them using your favourite package manager. Once the dependencies are installed,
 2. Commit and prepare for pull request (PR). In your PR commit message, reference the issue it resolves (see [how to link a commit message to an issue using a keyword](https://docs.github.com/en/free-pro-team@latest/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword).
 
 
-    Checkout our [Git-Rules](https://docs.polygon.technology/docs/contribute/orientation#git-rules)
+    Checkout our [Git-Rules](https://wiki.polygon.technology/docs/contribute/orientation/#git-rules)
 
     ```
     $ git commit -m "brief description of changes [Fixes #1234]"