Merge branch 'master' into gno-test-debug

.github/workflows/bot-proxy.yml

@@ -0,0 +1,48 @@
+# This workflow must be kept in sync to some extent with bot.yml
+name: GitHub Bot Proxy
+
+on:
+  # Watch for any completed run on bot.yml workflow
+  workflow_run:
+    workflows: [GitHub Bot]
+    types: [completed]
+
+jobs:
+  # This workflow monitors any run completed on the GitHub Bot workflow and
+  # checks if the event that triggered it is limited to read-only permissions
+  # (e.g 'pull_request_review' on a pull request opened from a fork).
+  # In this case, it reruns the GitHub Bot workflow using a 'workflow_dispatch'
+  # event, thereby allowing it to run with write permissions.
+  #
+  # Complete flow:
+  # 'pull_request_review' from fork on bot.yml (read-only) -> 'workflow_run' on bot-proxy.yml (write) -> 'workflow_dispatch' on bot.yml (write)
+  rerun-with-write-perm:
+    name: Rerun Bot with write permission
+    # Skip this workflow if the original event is not 'pull_request_review'
+    if: github.event.workflow_run.event == 'pull_request_review'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+
+    steps:
+      - name: Download artifact from previous run
+        uses: actions/download-artifact@v4
+        with:
+          name: pr-number
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+        # Even if the artifact doesn't exist, do not mark the workflow as failed
+        # Useful if the 'pull_request_review' event was emitted by a PR opened
+        # from a branch on the main repo, so it has already been processed by
+        # the bot workflow, and no artifact has been uploaded.
+        continue-on-error: true
+        id: download
+
+      - name: Send workflow_dispatch event to Github Bot
+        # Run only if an artifact was downloaded
+        if: steps.download.outcome == 'success'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.event.workflow_run.repository.full_name }}
+        run: |
+          gh workflow run bot.yml -R "$REPO" -f "pull-request-list=$(cat pr-number)"

.github/workflows/bot.yml

@@ -1,3 +1,4 @@
+# This workflow must be kept in sync to some extent with bot-proxy.yml
 name: GitHub Bot
 
 on:
@@ -37,8 +38,14 @@ jobs:
   # handle the parallel processing of the pull-requests
   define-prs-matrix:
     name: Define PRs matrix
-    # Prevent bot from retriggering itself and ignore event emitted by codecov
-    if: ${{ github.actor != vars.GH_BOT_LOGIN && github.actor != 'codecov[bot]' }}
+    # Skip this workflow if:
+    #   - the bot is retriggering itself
+    #   - the event is emitted by codecov
+    #   - the event is a review on a pull request from a fork (see save-pr-number job below)
+    if: |
+      github.actor != vars.GH_BOT_LOGIN &&
+      github.actor != 'codecov[bot]' &&
+      (github.event_name != 'pull_request_review' || github.event.pull_request.base.repo.full_name == github.event.pull_request.head.repo.full_name)
     runs-on: ubuntu-latest
     permissions:
       pull-requests: read
@@ -61,13 +68,36 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: go run . matrix -matrix-key 'pr-numbers' -verbose
 
+  # This job is executed if an event with read-only permission has triggered this
+  # workflow (e.g 'pull_request_review' on a pull request opened from a fork).
+  # In this case, this job persists the PR number in an artifact so that the
+  # proxy workflow can use it to rerun the current workflow with write permission.
+  # See bot-proxy.yml for more info.
+  save-pr-number:
+    name: Persist PR number for proxy
+    # Run this job if the event is a review on a pull request opened from a fork
+    if: github.event_name == 'pull_request_review' && github.event.pull_request.base.repo.full_name != github.event.pull_request.head.repo.full_name
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Write PR number to a file
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: echo $PR_NUMBER > pr-number
+
+      - name: Upload it as an artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pr-number
+          path: pr-number
+
   # This job processes each pull request in the matrix individually while ensuring
   # that a same PR cannot be processed concurrently by mutliple runners
   process-pr:
     name: Process PR
     needs: define-prs-matrix
     # Just skip this job if PR numbers matrix is empty (prevent failed state)
-    if: ${{ needs.define-prs-matrix.outputs.pr-numbers != '[]' && needs.define-prs-matrix.outputs.pr-numbers != '' }}
+    if: needs.define-prs-matrix.outputs.pr-numbers != '[]' && needs.define-prs-matrix.outputs.pr-numbers != ''
     runs-on: ubuntu-latest
     strategy:
       matrix:

.github/workflows/gh-pages.yml

@@ -24,12 +24,19 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
+      - run: echo "GOROOT=$(go env GOROOT)" >> $GITHUB_ENV
+      - run: echo $GOROOT
+      - run: "cd misc/stdlib_diff && make gen"
       - run: "cd misc/gendocs && make install gen"
+      - run: "mkdir -p pages_output/stdlib_diff"
+      - run: |
+          cp -r misc/gendocs/godoc/* pages_output/
+          cp -r misc/stdlib_diff/stdlib_diff/* pages_output/stdlib_diff/
       - uses: actions/configure-pages@v5
         id: pages
       - uses: actions/upload-pages-artifact@v3
         with:
-          path: ./misc/gendocs/godoc
+          path: ./pages_output
 
   deploy:
     if: ${{ github.repository == 'gnolang/gno' }} # Alternatively, validate based on provided tokens and permissions.

.github/workflows/gnoland.yml

@@ -16,3 +16,25 @@ jobs:
       tests-extra-args: "-coverpkg=github.com/gnolang/gno/gno.land/..."
     secrets:
       codecov-token: ${{ secrets.CODECOV_TOKEN }}
+
+  gnoweb_generate:
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: ["1.22.x"]
+        # unittests: TODO: matrix with contracts
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: lts/Jod # (22.x) https://github.com/nodejs/Release
+      - uses: actions/checkout@v4
+      - run: |
+          make -C gno.land/pkg/gnoweb fclean generate
+          # Check if there are changes after running generate.gnoweb
+          git diff --exit-code || \
+             (echo "\`gnoweb generate\` out of date, please run \`make gnoweb.generate\` within './gno.land'" && exit 1)

CONTRIBUTING.md

@@ -469,6 +469,18 @@ Resources for idiomatic Go docs:
 - [godoc](https://go.dev/blog/godoc)
 - [Go Doc Comments](https://tip.golang.org/doc/comment)
 
+## Avoding Unhelpful Contributions
+
+While we welcome all contributions to the Gno project, it's important to ensure that your changes provide meaningful value or improve the quality of the codebase. Contributions that fail to meet these criteria may not be accepted. Examples of unhelpful contributions include (but not limited to):
+
+- Airdrop farming & karma farming: Making minimal, superficial changes, with the goal of becoming eligible for airdrops and GovDAO participation.
+- Incomplete submissions: Changes that lack adequate context, link to a related issue, documentation, or test coverage.
+
+Before submitting a pull request, ask yourself:
+- Does this change solve a specific problem or add clear value?
+- Is the implementation aligned with the gno.land's goals and style guide?
+- Have I tested my changes and included relevant documentation?
+
 ## Additional Notes
 
 ### Issue and Pull Request Labels
@@ -502,3 +514,4 @@ automatic label management.
 | info needed      | Issue is lacking information needed for resolving |
 | investigating    | Issue is still being investigated by the team     |
 | question         | Issue starts a discussion or raises a question    |
+

Dockerfile

@@ -52,7 +52,6 @@ ENTRYPOINT  ["/usr/bin/gno"]
 # gnoweb
 FROM        base AS gnoweb
 COPY        --from=build-gno /gnoroot/build/gnoweb /usr/bin/gnoweb
-COPY        --from=build-gno /opt/gno/src/gno.land/cmd/gnoweb /opt/gno/src/gnoweb
 EXPOSE      8888
 ENTRYPOINT  ["/usr/bin/gnoweb"]
 

contribs/github-bot/internal/config/config.go

@@ -24,7 +24,7 @@ type ManualCheck struct {
 
 // This is the description for a persistent rule with a non-standard behavior
 // that allow maintainer to force the "success" state of the CI check
-const ForceSkipDescription = "**SKIP**: Do not block the CI for this PR"
+const ForceSkipDescription = "**IGNORE** the bot requirements for this PR (force green CI check)"
 
 // This function returns the configuration of the bot consisting of automatic and manual checks
 // in which the GitHub client is injected.
@@ -35,11 +35,6 @@ func Config(gh *client.GitHub) ([]AutomaticCheck, []ManualCheck) {
 			If:          c.CreatedFromFork(),
 			Then:        r.MaintainerCanModify(),
 		},
-		{
-			Description: "The pull request head branch must be up-to-date with its base ([more info](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/keeping-your-pull-request-in-sync-with-the-base-branch))",
-			If:          c.Always(),
-			Then:        r.UpToDateWith(gh, r.PR_BASE),
-		},
 		{
 			Description: "Changes to 'docs' folder must be reviewed/authored by at least one devrel and one tech-staff",
 			If:          c.FileChanged(gh, "^docs/"),

contribs/gnodev/cmd/gnobro/main.go

@@ -429,14 +429,14 @@ func getSignerForAccount(io commands.IO, address string, kb keys.Keybase, cfg *b
 	}
 
 	// try empty password first
-	if _, err := kb.ExportPrivKeyUnsafe(address, ""); err != nil {
+	if _, err := kb.ExportPrivKey(address, ""); err != nil {
 		prompt := fmt.Sprintf("[%.10s] Enter password:", address)
 		signer.Password, err = io.GetPassword(prompt, true)
 		if err != nil {
 			return nil, fmt.Errorf("error while reading password: %w", err)
 		}
 
-		if _, err := kb.ExportPrivKeyUnsafe(address, signer.Password); err != nil {
+		if _, err := kb.ExportPrivKey(address, signer.Password); err != nil {
 			return nil, fmt.Errorf("invalid password: %w", err)
 		}
 	}

contribs/gnodev/cmd/gnodev/main.go

@@ -57,9 +57,10 @@ type devCfg struct {
 	txsFile      string
 
 	// Web Configuration
+	noWeb               bool
+	webHTML             bool
 	webListenerAddr     string
 	webRemoteHelperAddr string
-	webWithHTML         bool
 
 	// Node Configuration
 	minimal     bool
@@ -123,6 +124,20 @@ func (c *devCfg) RegisterFlags(fs *flag.FlagSet) {
 		"gno root directory",
 	)
 
+	fs.BoolVar(
+		&c.noWeb,
+		"no-web",
+		defaultDevOptions.noWeb,
+		"disable gnoweb",
+	)
+
+	fs.BoolVar(
+		&c.webHTML,
+		"web-html",
+		defaultDevOptions.webHTML,
+		"gnoweb: enable unsafe HTML parsing in markdown rendering",
+	)
+
 	fs.StringVar(
 		&c.webListenerAddr,
 		"web-listener",
@@ -137,13 +152,6 @@ func (c *devCfg) RegisterFlags(fs *flag.FlagSet) {
 		"gnoweb: web server help page's remote addr (default to <node-rpc-listener>)",
 	)
 
-	fs.BoolVar(
-		&c.webWithHTML,
-		"web-with-html",
-		defaultDevOptions.webWithHTML,
-		"gnoweb: enable HTML parsing in markdown rendering",
-	)
-
 	fs.StringVar(
 		&c.nodeRPCListenerAddr,
 		"node-rpc-listener",
@@ -323,7 +331,10 @@ func execDev(cfg *devCfg, args []string, io commands.IO) (err error) {
 	defer server.Close()
 
 	// Setup gnoweb
-	webhandler := setupGnoWebServer(logger.WithGroup(WebLogName), cfg, devNode)
+	webhandler, err := setupGnoWebServer(logger.WithGroup(WebLogName), cfg, devNode)
+	if err != nil {
+		return fmt.Errorf("unable to setup gnoweb server: %w", err)
+	}
 
 	// Setup unsafe APIs if enabled
 	if cfg.unsafeAPI {
@@ -351,14 +362,17 @@ func execDev(cfg *devCfg, args []string, io commands.IO) (err error) {
 		mux.Handle("/", webhandler)
 	}
 
-	go func() {
-		err := server.ListenAndServe()
-		cancel(err)
-	}()
+	// Serve gnoweb
+	if !cfg.noWeb {
+		go func() {
+			err := server.ListenAndServe()
+			cancel(err)
+		}()
 
-	logger.WithGroup(WebLogName).
-		Info("gnoweb started",
-			"lisn", fmt.Sprintf("http://%s", server.Addr))
+		logger.WithGroup(WebLogName).
+			Info("gnoweb started",
+				"lisn", fmt.Sprintf("http://%s", server.Addr))
+	}
 
 	watcher, err := watcher.NewPackageWatcher(loggerEvents, emitterServer)
 	if err != nil {
@@ -377,7 +391,7 @@ func execDev(cfg *devCfg, args []string, io commands.IO) (err error) {
 	return runEventLoop(ctx, logger, book, rt, devNode, watcher)
 }
 
-var helper string = `For more in-depth documentation, visit the GNO Tooling CLI documentation: 
+var helper string = `For more in-depth documentation, visit the GNO Tooling CLI documentation:
 https://docs.gno.land/gno-tooling/cli/gno-tooling-gnodev
 
 P           Previous TX  - Go to the previous tx

contribs/gnodev/cmd/gnodev/setup_web.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"fmt"
 	"log/slog"
 	"net/http"
 
@@ -9,19 +10,25 @@ import (
 )
 
 // setupGnowebServer initializes and starts the Gnoweb server.
-func setupGnoWebServer(logger *slog.Logger, cfg *devCfg, dnode *gnodev.Node) http.Handler {
-	webConfig := gnoweb.NewDefaultConfig()
+func setupGnoWebServer(logger *slog.Logger, cfg *devCfg, dnode *gnodev.Node) (http.Handler, error) {
+	if cfg.noWeb {
+		return http.HandlerFunc(http.NotFound), nil
+	}
+
+	remote := dnode.GetRemoteAddress()
 
-	webConfig.HelpChainID = cfg.chainId
-	webConfig.RemoteAddr = dnode.GetRemoteAddress()
-	webConfig.HelpRemote = cfg.webRemoteHelperAddr
-	webConfig.WithHTML = cfg.webWithHTML
+	appcfg := gnoweb.NewDefaultAppConfig()
+	appcfg.UnsafeHTML = cfg.webHTML
+	appcfg.NodeRemote = remote
+	appcfg.ChainID = cfg.chainId
+	if cfg.webRemoteHelperAddr != "" {
+		appcfg.RemoteHelp = cfg.webRemoteHelperAddr
+	}
 
-	// If `HelpRemote` is empty default it to `RemoteAddr`
-	if webConfig.HelpRemote == "" {
-		webConfig.HelpRemote = webConfig.RemoteAddr
+	router, err := gnoweb.NewRouter(logger, appcfg)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create router app: %w", err)
 	}
 
-	app := gnoweb.MakeApp(logger, webConfig)
-	return app.Router
+	return router, nil
 }