Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add go client stub [SLT-449] #3360

Merged
merged 6 commits into from
Nov 1, 2024
Merged

add go client stub [SLT-449] #3360

merged 6 commits into from
Nov 1, 2024

Conversation

trajan0x
Copy link
Contributor

@trajan0x trajan0x commented Nov 1, 2024

Description
A clear and concise description of the features you're adding in this pull request.

Additional context
Add any other context about the problem you're solving.

Metadata

  • Fixes #[Link to Issue]

Summary by CodeRabbit

  • New Features

    • Introduced a new REST client for the Synapse Protocol REST API, complete with a README for usage guidance.
    • Added a Makefile for project management, including Docker and linting commands.
  • Documentation

    • Updated CONTRIBUTING.md to clarify contribution guidelines and PR submission process.
  • Bug Fixes

    • Ensured coverage metrics are tracked for the restclient module.
  • Chores

    • Updated various Go modules and dependencies to maintain compatibility and incorporate improvements.

Copy link
Contributor

coderabbitai bot commented Nov 1, 2024

Caution

Review failed

The head commit changed during the review from c3c22b0 to aa760eb.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions github-actions bot added go Pull requests that update Go code M-deps size/l labels Nov 1, 2024
Copy link

codecov bot commented Nov 1, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 30.64665%. Comparing base (47194e6) to head (aa760eb).
Report is 7 commits behind head on master.

Additional details and impacted files
@@                 Coverage Diff                  @@
##              master       #3360          +/-   ##
====================================================
- Coverage   90.44834%   30.64665%   -59.80169%     
====================================================
  Files             54         544         +490     
  Lines           1026       37841       +36815     
  Branches          82          82                  
====================================================
+ Hits             928       11597       +10669     
- Misses            95       25218       +25123     
- Partials           3        1026        +1023     
Flag Coverage Δ
cctp-relayer 31.97848% <ø> (?)
core 58.73617% <ø> (?)
ethergo 47.31849% <ø> (?)
git-changes-action 23.48315% <ø> (?)
omnirpc 32.65401% <ø> (?)
opbot 0.48870% <ø> (?)
promexporter 6.81642% <ø> (?)
restclient 0.98007% <ø> (?)
rfq 24.65380% <ø> (?)
screener-api 29.45990% <ø> (?)
scribe 18.24614% <ø> (?)
tools 30.55118% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link

cloudflare-workers-and-pages bot commented Nov 1, 2024

Deploying sanguine-fe with  Cloudflare Pages  Cloudflare Pages

Latest commit: aa760eb
Status: ✅  Deploy successful!
Preview URL: https://1968844c.sanguine-fe.pages.dev
Branch Preview URL: https://feat-client-stub.sanguine-fe.pages.dev

View logs

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (10)
contrib/restclient/client_test.go (1)

20-22: Improve deferred body close

The current implementation silently ignores errors from Body.Close(). Consider logging the error or using a test cleanup function.

-	defer func() {
-		_ = resp.Body.Close()
-	}()
+	t.Cleanup(func() {
+		if err := resp.Body.Close(); err != nil {
+			t.Logf("failed to close response body: %v", err)
+		}
+	})
contrib/restclient/Makefile (4)

Line range hint 8-10: Improve path handling robustness

The current path handling might fail in environments with different path separators or when the Git repository structure changes.

Consider using these more robust alternatives:

-GIT_ROOT := $(shell git rev-parse --show-toplevel)
-CURRENT_PATH := $(shell pwd)
-RELPATH := $(shell perl -e 'use Cwd "abs_path"; use File::Spec; print File::Spec->abs2rel("$(shell pwd)", "$(GIT_ROOT)")')
+GIT_ROOT := $(shell git rev-parse --show-toplevel 2>/dev/null || echo ".")
+CURRENT_PATH := $(CURDIR)
+RELPATH := $(patsubst $(GIT_ROOT)/%,%,$(CURRENT_PATH))

Line range hint 24-25: Add error handling to docker-clean target

The docker commands might fail if no containers exist or if permissions are insufficient.

Apply this fix:

 docker-clean: ## stops and removes all containers at once
-	docker ps -aq | xargs docker stop | xargs docker rm
-	docker network prune
+	docker ps -aq | xargs -r docker stop || true
+	docker ps -aq | xargs -r docker rm || true
+	docker network prune -f || true

Line range hint 27-31: Fix workspace navigation in lint target

The current implementation changes directory twice which could lead to issues if any command fails.

Apply this fix:

 lint: ## lint lints the code with golangci-lint
-	go mod tidy
-	go fmt ./...
-	cd $(GIT_ROOT)
-	go work sync
-	cd $(CURRENT_PATH)
-	@golangci-lint run --fix --config=$(GIT_ROOT)/.golangci.yml
+	cd $(GIT_ROOT) && go work sync
+	cd $(CURRENT_PATH) && go mod tidy
+	cd $(CURRENT_PATH) && go fmt ./...
+	cd $(CURRENT_PATH) && golangci-lint run --fix --config=$(GIT_ROOT)/.golangci.yml

Line range hint 1-31: Add phony targets declaration

The Makefile should declare its phony targets to prevent conflicts with files of the same name.

Add this at the beginning of the file:

+.PHONY: default help docker-clean lint
.codecov.yml (1)

84-86: LGTM with a minor suggestion on entry placement.

The new restclient flag entry is correctly structured with the required properties. However, to maintain consistency with the existing comment "flags should be in order of the directory structure", consider moving this entry up to be grouped with other contrib/ modules (after git-changes-action and before core).

  git-changes-action:
    paths:
      - contrib/git-changes-action/
    carryforward: true
+  restclient:
+    path: contrib/restclient/
+    carryforward: true
  core:
    paths:
      - core/
    carryforward: true
contrib/git-changes-action/go.mod (1)

Line range hint 3-5: Resolve Go version mismatch.

There's an inconsistency between the go directive (1.22.1) and the toolchain directive (1.22.4). These should match to ensure consistent builds.

Apply this diff to align the versions:

-go 1.22.1
+go 1.22.4
core/go.mod (1)

Line range hint 3-5: Align Go version with toolchain version

The module specifies go 1.22.1 while using toolchain go1.22.4. Consider updating the Go version to match the toolchain version for consistency.

-go 1.22.1
+go 1.22.4
CONTRIBUTING.md (1)

94-96: Improve module configuration example formatting

The module configuration example has inconsistent indentation and a repeated comment about version matching. Consider reformatting for better readability:

 module github.com/synapsecns/sanguine/path/to/your/module

-    go 1.22.1
+go 1.22.1

-    toolchain go1.22.4 // or whatever the version is in go.work
+toolchain go1.22.4
services/rfq/go.mod (1)

Line range hint 3-5: Consider aligning Go version with toolchain version.

The module specifies Go 1.22.1 but uses toolchain 1.22.4. Consider updating the Go version to match the toolchain version for consistency.

-go 1.22.1
+go 1.22.4
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f4c956d and ac7f4e7.

⛔ Files ignored due to path filters (16)
  • agents/go.sum is excluded by !**/*.sum
  • contrib/git-changes-action/go.sum is excluded by !**/*.sum
  • contrib/opbot/go.sum is excluded by !**/*.sum
  • contrib/promexporter/go.sum is excluded by !**/*.sum
  • contrib/restclient/go.sum is excluded by !**/*.sum
  • contrib/screener-api/go.sum is excluded by !**/*.sum
  • core/go.sum is excluded by !**/*.sum
  • ethergo/go.sum is excluded by !**/*.sum
  • go.work is excluded by !**/*.work
  • go.work.sum is excluded by !**/*.sum
  • services/cctp-relayer/go.sum is excluded by !**/*.sum
  • services/explorer/go.sum is excluded by !**/*.sum
  • services/omnirpc/go.sum is excluded by !**/*.sum
  • services/rfq/go.sum is excluded by !**/*.sum
  • services/scribe/go.sum is excluded by !**/*.sum
  • tools/go.sum is excluded by !**/*.sum
📒 Files selected for processing (22)
  • .codecov.yml (1 hunks)
  • CONTRIBUTING.md (1 hunks)
  • agents/go.mod (2 hunks)
  • contrib/git-changes-action/go.mod (1 hunks)
  • contrib/opbot/go.mod (2 hunks)
  • contrib/promexporter/go.mod (1 hunks)
  • contrib/restclient/.goreleaser.yml (1 hunks)
  • contrib/restclient/Makefile (1 hunks)
  • contrib/restclient/README.md (1 hunks)
  • contrib/restclient/client_test.go (1 hunks)
  • contrib/restclient/doc.go (1 hunks)
  • contrib/restclient/generate.go (1 hunks)
  • contrib/restclient/go.mod (1 hunks)
  • contrib/screener-api/go.mod (2 hunks)
  • core/go.mod (2 hunks)
  • ethergo/go.mod (1 hunks)
  • services/cctp-relayer/go.mod (1 hunks)
  • services/explorer/go.mod (2 hunks)
  • services/omnirpc/go.mod (2 hunks)
  • services/rfq/go.mod (2 hunks)
  • services/scribe/go.mod (2 hunks)
  • tools/go.mod (1 hunks)
✅ Files skipped from review due to trivial changes (7)
  • contrib/promexporter/go.mod
  • contrib/restclient/.goreleaser.yml
  • contrib/restclient/doc.go
  • contrib/restclient/generate.go
  • contrib/restclient/go.mod
  • ethergo/go.mod
  • tools/go.mod
🧰 Additional context used
🪛 LanguageTool
contrib/restclient/README.md

[grammar] ~20-~20: It appears that a hyphen is missing in the plural noun “to-dos”?
Context: ...il this README indicates otherwise. ## TODOs - Implement built-in/native tracing fo...

(TO_DO_HYPHEN)

🔇 Additional comments (23)
contrib/restclient/client_test.go (1)

1-10: LGTM!

The package name and imports are well-structured and follow Go best practices.

contrib/git-changes-action/go.mod (1)

73-73: Verify security implications of dependency updates.

The update of golang.org/x/text to v0.18.0 looks good. However, given the security-sensitive nature of this module (using crypto, oauth2), let's verify we're using the latest secure versions of critical dependencies.

✅ Verification successful

No security concerns found with golang.org/x/text v0.18.0 update

The update to golang.org/x/text v0.18.0 appears safe. The package is a direct dependency with no security-critical functionality (like crypto or oauth2). No security-related commits or advisories were found in the recent history of the golang.org/x/text repository. The other security-sensitive dependencies in the module are up-to-date and properly versioned.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for known vulnerabilities in dependencies
# Note: This checks if any security-critical packages have newer versions available

# Check versions of security-critical packages
echo "Checking security-critical package versions:"
rg -A 1 "golang.org/x/(crypto|oauth2)" go.mod

# Look for any vulnerability-related commits in golang.org/x/text
echo "Checking security fixes in golang.org/x/text between v0.17.0 and v0.18.0:"
gh api repos/golang/text/commits \
  --jq '.[] | select(.commit.message | contains("security") or contains("CVE"))' \
  -q 'sha=master' \
  -q 'since=2023-01-01'

Length of output: 528


Script:

#!/bin/bash
# Let's first verify if we're in the correct directory and locate the go.mod file
fd -t f "go.mod$"

# Then check the content of the go.mod file to analyze dependencies
echo "Contents of go.mod file(s):"
fd -t f "go.mod$" -x cat {}

# Check for any security-related files or documentation
echo -e "\nChecking for security-related files:"
fd -t f "(security|vulnerability|cve)" -i

Length of output: 175371


Script:

#!/bin/bash
# Let's check the specific go.mod file in question and its dependencies
echo "Content of contrib/git-changes-action/go.mod:"
cat contrib/git-changes-action/go.mod

# Check for any security-related commits in golang.org/x/text repository
echo -e "\nChecking recent security fixes in golang.org/x/text:"
curl -s "https://api.github.com/repos/golang/text/commits?path=&since=2023-01-01" | \
  jq -r '.[] | select(.commit.message | test("security|CVE|vulnerability"; "i")) | {message: .commit.message, date: .commit.committer.date}'

# Check for any security advisories for golang.org/x/text
echo -e "\nChecking security advisories for golang.org/x/text:"
curl -s "https://api.github.com/repos/golang/text/security/advisories" | \
  jq -r '.[] | {title: .summary, severity: .severity, published: .published_at}'

Length of output: 4244

core/go.mod (3)

Line range hint 7-7: LGTM: Replace directive is appropriate

The replacement of github.com/gogo/protobuf with the Regen Network fork is a standard practice for compatibility with the Cosmos ecosystem.


114-114: Verify the necessity of go-test/deep dependency

The newly added indirect dependency github.com/go-test/deep appears to be a testing utility. Let's verify if it's actively used or can be pruned.


189-189: LGTM: Text package version update

The update of golang.org/x/text to v0.18.0 is appropriate and consistent with other modules in the project.

contrib/screener-api/go.mod (2)

Line range hint 3-5: Verify Go version and toolchain compatibility

There's a mismatch between the Go version (1.22.1) and the toolchain version (1.22.4). While this works, it's recommended to align these versions to avoid potential compatibility issues.


85-85: Verify security implications of dependency updates

The updates to go-openapi packages and golang.org/x/text appear to be minor version bumps. While these should be backward compatible, please ensure:

  1. The changes don't introduce breaking changes
  2. There are no known vulnerabilities in these versions

Also applies to: 88-88, 189-189

✅ Verification successful

Let me gather more information about the specific package versions to verify their changes.


Dependencies update verified as safe

Based on the analysis of commit histories and changes:

  1. go-openapi/jsonpointer v0.21.0:

    • Only contains maintenance updates (CI improvements, Go version requirements)
    • Bug fix for pointer to interface{} support
    • No breaking changes or security issues
  2. go-openapi/swag v0.23.0:

    • Performance improvements and bug fixes
    • Added YAML support features
    • Fixed name mangling and Windows file path handling
    • No breaking changes or security concerns

No security vulnerabilities were found in the issue trackers for either package. The only security-related issues found in the broader context were unrelated to these packages (they were about Go's HTML template package and Windows installation permissions).

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any security advisories or breaking changes
echo "Checking for known vulnerabilities in updated packages..."
gh api /repos/golang/go/issues?labels=Security | jq '.[] | select(.body | contains("text"))' || true
gh api /repos/go-openapi/jsonpointer/releases/tags/v0.21.0 | jq .body || true
gh api /repos/go-openapi/swag/releases/tags/v0.23.0 | jq .body || true

Length of output: 14845


Script:

#!/bin/bash
# Check git commit history and changes between versions for the packages
echo "Checking go-openapi/jsonpointer changes..."
gh api /repos/go-openapi/jsonpointer/compare/v0.20.0...v0.21.0 | jq '.commits[] | {message: .commit.message, url: .html_url}'

echo -e "\nChecking go-openapi/swag changes..."
gh api /repos/go-openapi/swag/compare/v0.22.0...v0.23.0 | jq '.commits[] | {message: .commit.message, url: .html_url}'

# Check for any CVEs or security issues
echo -e "\nChecking for CVEs..."
gh api /repos/go-openapi/jsonpointer/issues?state=all | jq '.[] | select(.title | test("(?i)security|cve|vuln"))' || true
gh api /repos/go-openapi/swag/issues?state=all | jq '.[] | select(.title | test("(?i)security|cve|vuln"))' || true

Length of output: 23523

services/omnirpc/go.mod (1)

128-129: Verify breaking changes in dependency updates.

The following dependencies have been updated to newer versions:

  • github.com/go-openapi/jsonpointer: v0.20.2 → v0.21.0
  • github.com/go-openapi/swag: v0.22.9 → v0.23.0
  • golang.org/x/text: v0.17.0 → v0.18.0

Also applies to: 265-265

✅ Verification successful

Dependencies are consistently updated across all Go modules

The verification shows that all Go modules in the repository have consistent versions:

  • golang.org/x/text v0.18.0 is used consistently across all modules
  • github.com/go-openapi/jsonpointer v0.21.0 and github.com/go-openapi/swag v0.23.0 are used consistently in all modules that require these dependencies
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for other go.mod files that might need the same updates
# to maintain version consistency across the project.

# Test: Find all go.mod files and grep for these package versions
echo "Checking version consistency across go.mod files..."
fd --type f "go.mod" --exec sh -c '
  echo "=== {} ==="
  grep -A 1 "go-openapi/jsonpointer\|go-openapi/swag\|golang.org/x/text" "{}"
'

Length of output: 2756

services/explorer/go.mod (4)

Line range hint 7-16: LGTM: Well-documented replace directives

The replace directives are well-organized and properly documented, especially the comment explaining the version constraint for github.com/brianvoe/gofakeit/v6.


Line range hint 3-5: Consider updating to Go 1.22.4

The module currently uses Go 1.22.1, while the toolchain specifies 1.22.4. It's recommended to keep the Go version aligned with the toolchain version to ensure you have all the latest bug fixes and security patches.


287-287: Verify compatibility with golang.org/x/text v0.18.0

The update to golang.org/x/text v0.18.0 could introduce breaking changes. Please ensure all text processing functionality continues to work as expected.


156-156: Verify the need for gomarkdown's pseudo-version

The module is using a pseudo-version (v0.0.0-20230922112808-5421fefb8386) for github.com/gomarkdown/markdown. Consider checking if a stable release is available that meets your requirements.

CONTRIBUTING.md (1)

85-87: Consider aligning Go version with toolchain version

There's a potential inconsistency between the Go version (1.22.1) and toolchain version (1.22.4). To avoid confusion and potential compatibility issues, consider using the same version for both.

Let's verify the Go version used in other modules:

✅ Verification successful

Go version and toolchain configuration in CONTRIBUTING.md is consistent with codebase

The example provided in CONTRIBUTING.md showing go 1.22.1 with toolchain go1.22.4 accurately reflects the configuration used across the codebase. The verification shows that:

  • 13 out of 14 modules use exactly this combination
  • Only one module (contrib/opbot) uses go 1.22.4 without an explicit toolchain directive

This pattern appears to be intentional across the repository, where modules use Go 1.22.1 as the base version while leveraging Go 1.22.4 toolchain features. This is a valid and common Go modules configuration pattern.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check Go versions across all go.mod files
echo "Checking Go versions in go.mod files:"
fd -e mod -x sh -c 'echo "=== {} ==="; cat {} | grep -E "^go |^[[:space:]]*toolchain"'

Length of output: 1012

contrib/opbot/go.mod (1)

139-139: Verify compatibility with the latest stable versions.

The dependency updates look good, but let's verify if these are the latest stable versions and if there are any known issues:

Also applies to: 142-142, 278-278

✅ Verification successful

Let me try a different approach to verify the versions since the GitHub CLI commands didn't provide complete information.


Let me try one final verification to check for any potential breaking changes or issues in the dependency tree.


Dependencies are at stable versions with no apparent compatibility issues

The updated dependencies are part of a well-maintained module ecosystem:

  • github.com/go-openapi/jsonpointer v0.21.0
  • github.com/go-openapi/swag v0.23.0
  • golang.org/x/text v0.18.0

These versions are consistent with the rest of the dependency tree, and there are no conflicting replace directives or version constraints that would cause issues.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the updated dependencies are using the latest stable versions
# and if there are any known issues or breaking changes.

echo "Checking latest versions and release notes for updated dependencies..."

# Check go-openapi/jsonpointer
gh release list --repo go-openapi/jsonpointer --limit 1

# Check go-openapi/swag
gh release list --repo go-openapi/swag --limit 1

# Check golang.org/x/text
# Note: x/text releases are tagged in the main golang/text repository
gh release list --repo golang/text --limit 1

Length of output: 360


Script:

#!/bin/bash
# Use go list to check the available versions
echo "Checking go-openapi/jsonpointer versions:"
rg "github.com/go-openapi/jsonpointer" -A 1 -B 1 contrib/opbot/go.mod

echo -e "\nChecking go-openapi/swag versions:"
rg "github.com/go-openapi/swag" -A 1 -B 1 contrib/opbot/go.mod

echo -e "\nChecking golang.org/x/text versions:"
rg "golang.org/x/text" -A 1 -B 1 contrib/opbot/go.mod

# Check for any replace directives for these packages
echo -e "\nChecking replace directives:"
rg "^replace.*?(jsonpointer|swag|golang.org/x/text)" contrib/opbot/go.mod

Length of output: 1025


Script:

#!/bin/bash
# Check for any potential conflicts or issues in the module dependencies
echo "Checking module dependencies:"
cat contrib/opbot/go.mod | grep -A 20 "require ("

# Look for any related test files that might be affected
echo -e "\nChecking for related test files:"
fd -e go -x grep -l "jsonpointer\|go-openapi/swag\|golang.org/x/text" {} \; -x echo "File: {}"

Length of output: 2276

services/scribe/go.mod (2)

304-304: LGTM: Coordinated text package update.

The minor version bump of golang.org/x/text aligns with the coordinated dependency updates across other modules in the project.


171-171: Verify markdown package compatibility after major version update.

The markdown package is being updated from a 2019 version to a 2023 version, which could introduce breaking changes.

✅ Verification successful

Package update appears safe - indirect dependency only

The github.com/gomarkdown/markdown package is marked as an indirect dependency (// indirect) in all modules where it appears (agents, explorer, scribe). No direct usage of this package was found in the codebase, indicating it's likely a transitive dependency. The version update should not impact the codebase directly.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for markdown package usage to identify potential breaking changes
rg -A 5 "github.com/gomarkdown/markdown" 

Length of output: 4804


Script:

#!/bin/bash
# Search for actual usage of the markdown package in code
rg -A 10 "gomarkdown/markdown" --type go

Length of output: 40

services/cctp-relayer/go.mod (3)

285-285: LGTM: Dependency version update.

The update of golang.org/x/text to v0.18.0 is consistent with other modules in the project.


Line range hint 324-332: Consider documenting the replace directive constraints.

The comment "later versions give errors on uint64 being too high" for gofakeit should be expanded to include:

  1. Which versions specifically cause the error
  2. The specific uint64 error scenario
  3. Whether this is a temporary workaround or permanent solution
#!/bin/bash
# Search for similar replace directives and comments
echo "Checking for similar replace directives across the codebase..."
rg "github.com/brianvoe/gofakeit/v6" -A 2 -B 2

Line range hint 3-5: Verify Go version and toolchain compatibility.

The toolchain version (1.22.4) is newer than the Go version (1.22.1). While this might work, it's recommended to align these versions to avoid potential compatibility issues.

services/rfq/go.mod (1)

161-161: LGTM: Dependency version updates look good.

The updates to go-openapi packages and golang.org/x/text are minor version bumps that likely include improvements and bug fixes.

Also applies to: 164-164, 317-317

agents/go.mod (3)

204-204: LGTM: Markdown dependency update.

The update to github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 is a development version. The implementation looks stable based on the commit hash.


Line range hint 204-329: Verify dependency compatibility with replace directives.

The updated dependencies should be compatible with the replaced modules. Let's verify there are no version conflicts.

✅ Verification successful

No version conflicts found with replace directives

The replace directives in the go.mod file are primarily for local module replacements and one specific version constraint for gofakeit/v6. None of the replaced modules conflict with the updated dependencies (gomarkdown/markdown and golang.org/x/text) as they are not part of the replace directives.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for potential version conflicts in replaced modules
for module in core ethergo "services/omnirpc" "services/scribe" tools; do
  if [ -f "../$module/go.mod" ]; then
    echo "Checking $module dependencies..."
    grep -A 5 "require (" "../$module/go.mod" | grep -E "github.com/gomarkdown/markdown|golang.org/x/text"
  fi
done

Length of output: 526


Script:

#!/bin/bash
# Check for replace directives in go.mod
echo "Checking replace directives in agents/go.mod:"
grep -A 10 "^replace" agents/go.mod || echo "No replace directives found"

# Check for version requirements of specific modules
echo -e "\nChecking version requirements:"
grep -E "github.com/gomarkdown/markdown|golang.org/x/text" agents/go.mod

Length of output: 929


329-329: Verify security implications of golang.org/x/text update.

The update to golang.org/x/text v0.18.0 might include security fixes. Let's verify if there are any known vulnerabilities in the previous version.

✅ Verification successful

Update to golang.org/x/text v0.18.0 appears to be routine

The version update from v0.17.0 to v0.18.0 shows no evidence of security-related changes or vulnerability fixes in the commit history or release notes. This appears to be a routine version update.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the previous version had any known vulnerabilities
gh api \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /repos/golang/text/releases | jq -r '.[] | select(.tag_name=="v0.17.0") | .body' | grep -i "security"

Length of output: 187


Script:

#!/bin/bash
# Let's check the changelog or release notes between v0.17.0 and v0.18.0
gh api \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /repos/golang/text/releases | jq -r '.[] | select(.tag_name=="v0.18.0") | .body'

# Also check for any CVEs or security advisories
gh api \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /repos/golang/text/security/advisories

Length of output: 409


Script:

#!/bin/bash
# Let's check the git commit history between these versions
git clone https://github.com/golang/text.git /tmp/text
cd /tmp/text
git log --oneline v0.17.0..v0.18.0 | grep -iE 'security|vuln|cve|fix'

# Also check the diff for any security-related changes
git diff v0.17.0..v0.18.0 | grep -iE 'security|vuln|cve|fix'

Length of output: 520

Comment on lines +12 to +26
func TestGetRoot(t *testing.T) {
// Create a new client
client, err := restclient.NewClient("https://api.synapseprotocol.com")
assert.NoError(t, err)

// Make a request to the root of the API
resp, err := client.Get(context.Background())
assert.NoError(t, err)
defer func() {
_ = resp.Body.Close()
}()

// Check that the status code is 200
assert.Equal(t, http.StatusOK, resp.StatusCode)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add test cases for error scenarios

The test only covers the happy path. Consider adding test cases for:

  • Network errors
  • Timeout scenarios
  • Non-200 status codes
  • Invalid URLs

Would you like me to help generate additional test cases for these scenarios?

Comment on lines +18 to +19
resp, err := client.Get(context.Background())
assert.NoError(t, err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add timeout to context and improve error handling

The context should have a timeout to prevent hanging tests, and error handling should be more specific.

Suggested improvements:

-	resp, err := client.Get(context.Background())
-	assert.NoError(t, err)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	
+	resp, err := client.Get(ctx)
+	if !assert.NoError(t, err) {
+		return
+	}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
resp, err := client.Get(context.Background())
assert.NoError(t, err)
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
resp, err := client.Get(ctx)
if !assert.NoError(t, err) {
return
}

Comment on lines +14 to +15
client, err := restclient.NewClient("https://api.synapseprotocol.com")
assert.NoError(t, err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Avoid testing against production endpoints

Testing against api.synapseprotocol.com can lead to flaky tests and unnecessary load on production. Consider:

  1. Using a mock HTTP server
  2. Setting up a test environment
  3. Using dependency injection for the base URL

Here's a suggested implementation using httptest:

-	client, err := restclient.NewClient("https://api.synapseprotocol.com")
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer ts.Close()
+	
+	client, err := restclient.NewClient(ts.URL)

Committable suggestion skipped: line range outside the PR's diff.

@@ -0,0 +1 @@
../../make/go.Makefile
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix the Makefile include directive

The reference to the parent Makefile should use the proper 'include' directive.

Apply this fix:

-../../make/go.Makefile
+include ../../make/go.Makefile

Committable suggestion skipped: line range outside the PR's diff.

@trajan0x trajan0x merged commit 5fd2e62 into master Nov 1, 2024
65 of 67 checks passed
@trajan0x trajan0x deleted the feat/client-stub branch November 1, 2024 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant