feat: add e2e tests

[freeelancer]

Summary by CodeRabbit

• New Features

  • Introduced a .dockerignore file to optimize Docker builds by excluding unnecessary files.
  • Added new GitHub Actions workflows for end-to-end (E2E) testing and SDK testing.
  • Implemented integration tests for various functionalities, including bank token transfers, governance proposals, and staking operations.
  • Added functions for querying blockchain data and managing validator operations in the new e2e package.
  • Enhanced the testing framework for IBC functionality, focusing on token transfers and error handling in multi-hop scenarios.
  • Introduced a script for initializing the Hermes relayer configuration.
  • Added utility functions for HTTP requests and file operations to streamline testing processes.

• Bug Fixes

  • Updated test configurations and dependencies to ensure compatibility and functionality.

• Documentation

  • Modified documentation comments for clarity and accuracy.

• Chores

  • Updated dependencies in the go.mod file and organized the Makefile for better structure.
  • Adjusted GitHub Actions workflows to improve testing and coverage processes.
  • Disabled the forcetypeassert linter in the .golangci.yml configuration.

[coderabbitai]

Walkthrough

This pull request introduces a new .dockerignore file and updates various GitHub Actions workflows to enhance testing and build processes for the MANTRA Chain project. The changes include the addition of new workflows for end-to-end (E2E) and SDK tests, modifications to existing workflows for coverage and Docker builds, and a restructuring of the Dockerfile to improve security and maintainability. Additionally, the go.mod file has been updated to reflect changes in dependencies.

Changes

File/Directory	Change Summary
.dockerignore	New file added to specify files and directories to be ignored by Docker during the build process.
.github/workflows/	Added new workflows for E2E tests (tests-e2e.yml) and SDK tests (tests-sdk.yml), modified existing workflows for codecov and Docker builds.
.github/workflows/codecov.yml	Changed test command from go test to make test-cover.
.github/workflows/docker.yml	Updated parameters for Docker image ownership and versioning.
.github/workflows/tests-e2e.yml	New workflow added for automating end-to-end testing.
.github/workflows/tests-sdk.yml	New workflow added for automating SDK testing.
.github/workflows/tests-unit.yml	Reformatted triggers and updated test command to make test-unit.
Dockerfile	Modified to improve security and build process, using a non-root user and updated image configurations.
Makefile	Updated testing commands and Docker build process, introducing specific test targets.
go.mod	Updated dependencies and added new testing-related libraries.
tests/e2e/	Introduced comprehensive end-to-end testing suite with multiple test files covering blockchain functionalities.
.gitignore	New entries added to ignore specific files and directories in version control.
.golangci.yml	Disabled the forcetypeassert linter and retained settings for other linters.

Possibly related PRs

• chore: bump cosmos-sdk MANTRA fork to v0.50.11 #250: Potential connection through build environment and dependency management updates.

Suggested reviewers

• allthatjazzleo

🐰 In the garden of code, we hop with glee,
New files and workflows, as bright as can be.
With tests for the chain and Docker in tow,
Our project now flourishes, watch it grow! 🌱
So let’s raise a cheer, for changes so bright,
In the world of development, we take flight! ✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-advanced-security]

devskim found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[coderabbitai]

Actionable comments posted: 10

🔭 Outside diff range comments (1)

.github/workflows/tests-unit.yml (1)

Line range hint 11-13: Fix invalid Go version

The specified Go version 1.23 doesn't exist yet. The latest stable version is 1.21.x.

- go-version: 1.23
+ go-version: 1.21

🧹 Nitpick comments (44)

tests/e2e/query.go (4)

1-3: Consider organizing imports with gci.
A static analysis tool has flagged that the file could be organized with the "gci" command. This is a minor housekeeping adjustment.

---

25-48: Use a helper function instead of raw http.Get for consistency.
queryTx uses http.Get directly, while other queries use a httpGet helper. Standardizing on a single approach ensures consistent error handling and logging.

🧰 Tools

🪛 golangci-lint (1.62.2)

42-42: type assertion must be checked

(forcetypeassert)

---

43-43: type assertion must be checked

(forcetypeassert)

---

32-32: "200" can be replaced by http.StatusOK

(usestdlibvars)

---

32-34: Use http.StatusOK for clarity.
Using http.StatusOK in place of 200 improves readability and consistency with standard library constants.

-if resp.StatusCode != 200 {
+if resp.StatusCode != http.StatusOK {

🧰 Tools

🪛 golangci-lint (1.62.2)

32-32: "200" can be replaced by http.StatusOK

(usestdlibvars)

---

348-361: Address the TODO comment for CCV module.
You have a commented-out function related to the CCV module. Consider either removing this code or completing it if the module is still intended for future use.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 348-348: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/genesis.go (1)

3-23: Consider using gci to organize imports.
Static analysis suggests that the imports need to be grouped and sorted. This is a minor style preference that helps maintain cleaner source files.

🧰 Tools

🪛 golangci-lint (1.62.2)

8-8: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

11-11: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

22-22: File is not gci-ed with --skip-generated -s standard -s default

(gci)

tests/e2e/validator.go (2)

29-29: Remove or update the unused nolint directive.
The comment //nolint:unparam here apparently does nothing since static analysis reports it as unused.

---

63-63: Remove or update the unused nolint directive.
Same as above, this appears to be an unused //nolint:unparam.

tests/e2e/e2e_ibc_test.go (2)

29-29: Remove or update the unused nolint directive.
//nolint:unparam is flagged as unused. Removing it avoids confusion.

🧰 Tools

🪛 golangci-lint (1.62.2)

29-29: directive //nolint:unparam is unused for linter "unparam"

(nolintlint)

---

63-63: Remove or update the unused nolint directive.
Same as above, the directive //nolint:unparam is no longer needed.

🧰 Tools

🪛 golangci-lint (1.62.2)

63-63: directive //nolint:unparam is unused for linter "unparam"

(nolintlint)

tests/e2e/e2e_gov_test.go (3)

23-23: Address any remaining TODO comments.
Ensure the intended feature is tracked or implement the missing logic before release.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 23-23: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

214-214: Revisit TODO for CCV module.
A “TODO” indicates a future plan for CCV functionality. Kindly confirm whether an issue has been created to track this.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 214-214: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

26-26: Adopt HTTPS if feasible.
These lines rely on http:// for endpoints. It can be acceptable for local dev or tests, but ensure that production environments utilize secure connections when deploying.

Also applies to: 70-70, 106-106, 268-268

🧰 Tools

🪛 GitHub Check: devskim

[warning] 26-26: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_setup_test.go (2)

236-236: Follow up on the “TODO” for manipulating accounts.
This is flagged as incomplete functionality. If a more elegant approach is needed, consider filing a feature request or continuing the refactor.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 236-236: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

578-578: Consider adjusting or removing localhost usage in production.
Running on localhost is common for testing, but be mindful of security and scalability if these tests or scripts ever run in a more public environment.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 578-578: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

tests/e2e/e2e_exec_test.go (7)

135-135: Remove or correct //nolint:unused directives
The linter indicates these directives are not recognized. If these functions are intentionally exported for external usage, remove the //nolint:unused or replace it with the correct linter annotation if you intend to ignore a specific linter rule.

Also applies to: 164-164

🧰 Tools

🪛 golangci-lint (1.62.2)

135-135: directive //nolint:unused is unused for linter "unused"

(nolintlint)

---

257-266: Consider removing or refactoring the opt parameter if it's always nil
Static analysis indicates that opt is never set when calling this function. If you plan to pass options in the future, leaving this parameter is fine. Otherwise, remove it to simplify the API.

🧰 Tools

🪛 golangci-lint (1.62.2)

265-265: (*IntegrationTestSuite).execBankSend - opt always receives nil

(unparam)

🪛 GitHub Check: lint

[failure] 265-265:
(*IntegrationTestSuite).execBankSend - opt always receives nil (unparam)

---

267-267: Resolve or track the TODO
These lines mention removing the hard-coded opt. To keep the code clear, consider creating a GitHub issue or addressing this TODO promptly if there's a clear plan.

Also applies to: 304-304

🧰 Tools

🪛 GitHub Check: devskim

[notice] 267-267: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

431-432: Remove unnecessary leading newline
A style check indicates an unnecessary blank line before the function definition. Removing it will keep the code style consistent.

- 
 func (s *IntegrationTestSuite) execDelegate(c *chain, valIdx int, ...

🧰 Tools

🪛 golangci-lint (1.62.2)

432-432: unnecessary leading newline

(whitespace)

---

731-731: Consider using HTTPS for improved security
The code currently constructs an HTTP endpoint string. If TLS is supported, switch to an HTTPS endpoint to reduce the risk of traffic interception or tampering.

Also applies to: 754-754

🧰 Tools

🪛 GitHub Check: devskim

[warning] 731-731: An HTTP-based URL without TLS was detected.
Insecure URL

---

770-781: Consider removing or using the expectTxSubmitError function
This function is flagged as unused by static analysis. If no longer needed, remove it. If planned for future negative test cases, ensure references are properly implemented or tested.

🧰 Tools

🪛 golangci-lint (1.62.2)

770-770: func (*IntegrationTestSuite).expectTxSubmitError is unused

(unused)

🪛 GitHub Check: lint

[failure] 770-770:
func (*IntegrationTestSuite).expectTxSubmitError is unused (unused)

---

783-806: Consider removing or using the executeValidatorBond function
Static analysis indicates this function is unused. If it's no longer needed, remove it. Otherwise, ensure that references are present in your testing flow.

🧰 Tools

🪛 golangci-lint (1.62.2)

783-783: func (*IntegrationTestSuite).executeValidatorBond is unused

(unused)

tests/e2e/http_util.go (1)

10-23: Validate HTTP status codes
Consider adding checks for non-2xx HTTP status codes to better handle failed requests and surface errors.

tests/e2e/io.go (3)

9-9: Clarify function documentation.
It might be beneficial to indicate in the function’s comments whether the copyFile function overwrites the destination file if it exists. This clarification will help future contributors quickly understand the function’s behavior.

---

10-34: Ensure atomic writes and verify partial writes handling.
While this function works as intended, consider scenarios where a partial file might be created if the process is interrupted mid-write, leaving a corrupted corrupted destination file. Options to mitigate this include writing to a temporary file and then renaming it to the final destination upon successful completion.

 func copyFile(src, dst string) (int64, error) {
     ...
-    destination, err := os.Create(dst)
+    tmpDst := dst + ".tmp"
+    destination, err := os.Create(tmpDst)
     if err != nil {
         return 0, err
     }
     defer destination.Close()

     nBytes, err := io.Copy(destination, source)
     if err != nil {
         return 0, err
     }

+    // Safely rename the temporary file to the final name
+    if err := os.Rename(tmpDst, dst); err != nil {
+        return 0, fmt.Errorf("failed to rename temporary file: %w", err)
+    }

     return nBytes, nil
 }

---

36-41: Reconsider file permissions.
Using 0o666 for writeFile grants read and write permissions to all users. If that level of access is not desired, consider restricting file permissions to the application’s user or group.

tests/e2e/e2e_encode_test.go (1)

24-32: Consider verifying decoding edge cases.
The test covers a successful decode scenario. It might be helpful to test for failures (e.g., invalid data, partially corrupted base64 strings) to ensure the decoder fails gracefully and returns meaningful errors.

tests/e2e/util.go (1)

47-52: Prevent side effects by returning a new slice in concatFlags.
Appending flags in-place mutates the original slice. If that slice is reused elsewhere in the test code, errors can arise. It may be safer to create a new slice.

 func concatFlags(originalCollection []string, commandFlags []string, generalFlags []string) []string {
-   originalCollection = append(originalCollection, commandFlags...)
-   originalCollection = append(originalCollection, generalFlags...)
+   merged := make([]string, len(originalCollection))
+   copy(merged, originalCollection)
+   merged = append(merged, commandFlags...)
+   merged = append(merged, generalFlags...)
 
-   return originalCollection
+   return merged
 }

tests/e2e/e2e_evidence_test.go (1)

48-51: Address the TODO.
The code references a pending fix in the SDK, preventing evidence parsing. Consider adding a reference to the SDK version or expected timeline for the fix. This will help track the TODO so it doesn’t become stale.

Do you want me to open a GitHub issue or propose a draft that integrates the fix once the SDK resolves the referenced issue?

🧰 Tools

🪛 GitHub Check: devskim

[notice] 49-49: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_test.go (3)

10-10: Address the TODO placeholder for IBC tests.
Enable the IBC tests once they're ready, or remove the placeholder if no longer needed.

Would you like me to open a GitHub issue to track enabling the IBC tests?

🧰 Tools

🪛 GitHub Check: devskim

[notice] 10-10: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

15-15: Address the TODO placeholder for RateLimit tests.
The RateLimit tests are disabled until IBC is fixed. Consider creating a follow-up ticket to ensure they aren’t forgotten.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 15-15: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

55-58: Replace or remove commented code.
The commented code for CCV and expedited proposals might lead to confusion. Either re-enable if needed or remove/comment with a rationale.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 55-55: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_staking_test.go (2)

39-39: Promote code reuse in delegation invocations

The call to s.execDelegate(...) appears multiple times. Consider refactoring repeated code segments into a helper function for improved maintainability.

---

114-124: Ensure test coverage for canceling unbonding delegation

This section correctly tests the cancel unbonding flow. You may want to add a separate scenario test for partial amounts or multiple unbonding entries to ensure complete coverage.

tests/e2e/chain.go (1)

135-177: Optional: unify createAndInitValidators and createAndInitValidatorsWithMnemonics

These methods share significant logic. Extracting common functionality into a helper would reduce duplication.

tests/e2e/e2e_vesting_test.go (1)

167-184: Comprehensive coverage for continuous vesting

The test correctly checks both the start and end times. For thoroughness, consider a partial vest scenario test (e.g., halfway to end time).

app/test_helpers.go (1)

395-395: Code readability: remove leftover debug output if not needed

Check for any debugging output like println(...) calls. They can clutter logs and are typically not ideal in production or library code.

.github/workflows/tests-unit.yml (1)

2-4: Fix YAML formatting

Remove trailing spaces after colons to comply with YAML best practices.

-on: 
-  push: 
+on:
+  push:
     branches: main

🧰 Tools

🪛 yamllint (1.35.1)

[error] 2-2: trailing spaces

(trailing-spaces)

.github/workflows/tests-e2e.yml (1)

8-15: Enhance E2E test workflow configuration

Consider the following improvements for the E2E test workflow:

1. Add a timeout as E2E tests typically take longer
2. Add caching for Go dependencies to speed up the workflow

 test:
   runs-on: ubuntu-latest
+  timeout-minutes: 30
   steps:
     - uses: actions/setup-go@v5
       with:
         go-version: 1.21
     - uses: actions/checkout@v4
+    - uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
     - run: make test-e2e

.github/workflows/codecov.yml (1)

Line range hint 17-20: Consider enhancing coverage configuration

Consider adding coverage thresholds and making the workflow fail if coverage drops significantly.

 - name: Upload coverage to Codecov
   uses: codecov/codecov-action@v5
   with:
     token: ${{ secrets.CODECOV_TOKEN }}
+    fail_ci_if_error: true
+    files: ./coverage.txt
+    verbose: true

Also, consider adding a codecov.yml file to configure coverage thresholds:

coverage:
  status:
    project:
      default:
        target: auto
        threshold: 1%
        base: auto

.github/workflows/tests-sdk.yml (1)

32-33: Add test result artifacts

Consider uploading test results and logs as artifacts for better debugging capabilities.

Add these steps after running tests:

- name: Upload test results
  if: always()
  uses: actions/upload-artifact@v4
  with:
    name: test-results
    path: cosmos-sdk/test-results/
    retention-days: 7

.github/workflows/docker.yml (1)

53-54: Consider parameterizing the heighliner owner

The heighliner owner is hardcoded to "strangelove-ventures". Consider making it configurable through environment variables or repository secrets for better maintainability.

- heighliner-owner: strangelove-ventures
+ heighliner-owner: ${{ secrets.HEIGHLINER_OWNER || 'strangelove-ventures' }}

tests/e2e/scripts/hermes_bootstrap.sh (2)

3-3: Add error handling for script execution

The script uses set -ex but could benefit from additional error handling.

Add these lines at the beginning of the script:

-set -ex
+set -euo pipefail
+
+# Error handling
+cleanup() {
+    rm -f /root/.hermes/MANTRA_*_E2E_RLY_MNEMONIC.txt
+}
+trap cleanup EXIT

---

80-83: Add retry mechanism for key import

The key import commands might fail due to timing issues, and the static sleep isn't ideal.

Replace the current implementation with a retry mechanism:

-hermes keys add --key-name rly01-mantra-b --chain $MANTRA_B_E2E_CHAIN_ID --mnemonic-file /root/.hermes/MANTRA_B_E2E_RLY_MNEMONIC.txt
-sleep 5
-hermes keys add --key-name rly01-mantra-a --chain $MANTRA_A_E2E_CHAIN_ID --mnemonic-file /root/.hermes/MANTRA_A_E2E_RLY_MNEMONIC.txt
+# Function to retry commands
+retry_command() {
+    local max_attempts=5
+    local attempt=1
+    until "$@" || [ $attempt -eq $max_attempts ]; do
+        echo "Command failed. Attempt $attempt of $max_attempts. Retrying in 5 seconds..."
+        attempt=$((attempt + 1))
+        sleep 5
+    done
+    if [ $attempt -eq $max_attempts ]; then
+        echo "Command failed after $max_attempts attempts"
+        return 1
+    fi
+}
+
+retry_command hermes keys add --key-name rly01-mantra-b --chain $MANTRA_B_E2E_CHAIN_ID --mnemonic-file /root/.hermes/MANTRA_B_E2E_RLY_MNEMONIC.txt
+retry_command hermes keys add --key-name rly01-mantra-a --chain $MANTRA_A_E2E_CHAIN_ID --mnemonic-file /root/.hermes/MANTRA_A_E2E_RLY_MNEMONIC.txt

Makefile (1)

142-151: Consider adding test documentation

The test targets are well-structured but could benefit from documentation explaining their purpose and usage.

Add comments above each test target explaining its purpose:

+# Run unit tests excluding e2e and simulation tests
 test-unit: ARGS=-timeout=5m -tags='norace'
 test-unit: TEST_PACKAGES=$(PACKAGES_UNIT)
+
+# Run end-to-end tests with increased timeout
 test-e2e: ARGS=-timeout=35m -v
 test-e2e: TEST_PACKAGES=$(PACKAGES_E2E)
 test-e2e: build-image
+
+# Run tests with coverage reporting
 test-cover: ARGS=-timeout=30m -coverprofile=coverage.txt -covermode=atomic -tags='norace'
 test-cover: TEST_PACKAGES=$(PACKAGES_UNIT)
+
+# Run connection tests with race detection
 test-connect: ARGS=-v -race
 test-connect: DIR=$(CURDIR)/tests/connect

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff910d1 and 086f45f.

⛔ Files ignored due to path filters (2)

• go.sum is excluded by !**/*.sum
• tests/connect/go.sum is excluded by !**/*.sum

📒 Files selected for processing (37)

• .dockerignore (1 hunks)
• .github/workflows/codecov.yml (1 hunks)
• .github/workflows/docker.yml (1 hunks)
• .github/workflows/tests-e2e.yml (1 hunks)
• .github/workflows/tests-sdk.yml (1 hunks)
• .github/workflows/tests-unit.yml (2 hunks)
• .gitignore (1 hunks)
• Dockerfile (2 hunks)
• Makefile (1 hunks)
• app/params/doc.go (1 hunks)
• app/test_helpers.go (1 hunks)
• go.mod (8 hunks)
• tests/connect/connect_integration_test.go (1 hunks)
• tests/connect/go.mod (5 hunks)
• tests/e2e/address.go (1 hunks)
• tests/e2e/chain.go (1 hunks)
• tests/e2e/e2e_bank_test.go (1 hunks)
• tests/e2e/e2e_distribution_test.go (1 hunks)
• tests/e2e/e2e_encode_test.go (1 hunks)
• tests/e2e/e2e_evidence_test.go (1 hunks)
• tests/e2e/e2e_exec_test.go (1 hunks)
• tests/e2e/e2e_gov_test.go (1 hunks)
• tests/e2e/e2e_ibc_test.go (1 hunks)
• tests/e2e/e2e_rest_regression_test.go (1 hunks)
• tests/e2e/e2e_setup_test.go (1 hunks)
• tests/e2e/e2e_slashing_test.go (1 hunks)
• tests/e2e/e2e_staking_test.go (1 hunks)
• tests/e2e/e2e_test.go (1 hunks)
• tests/e2e/e2e_vesting_test.go (1 hunks)
• tests/e2e/genesis.go (1 hunks)
• tests/e2e/http_util.go (1 hunks)
• tests/e2e/io.go (1 hunks)
• tests/e2e/keys.go (1 hunks)
• tests/e2e/query.go (1 hunks)
• tests/e2e/scripts/hermes_bootstrap.sh (1 hunks)
• tests/e2e/util.go (1 hunks)
• tests/e2e/validator.go (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• app/params/doc.go
• .gitignore
• tests/connect/connect_integration_test.go
• .dockerignore

🧰 Additional context used

🪛 yamllint (1.35.1)

.github/workflows/tests-unit.yml

[error] 2-2: trailing spaces

(trailing-spaces)

.github/workflows/tests-e2e.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

.github/workflows/tests-sdk.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

🪛 GitHub Check: devskim

tests/e2e/scripts/hermes_bootstrap.sh

[notice] 43-43: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

tests/e2e/e2e_staking_test.go

[warning] 15-15: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_rest_regression_test.go

[warning] 53-53: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_evidence_test.go

[warning] 19-19: An HTTP-based URL without TLS was detected.
Insecure URL

---

[notice] 49-49: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_bank_test.go

[warning] 17-17: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_distribution_test.go

[warning] 13-13: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 65-65: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_gov_test.go

[notice] 23-23: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 26-26: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 70-70: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 106-106: An HTTP-based URL without TLS was detected.
Insecure URL

---

[notice] 214-214: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 268-268: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_ibc_test.go

[warning] 161-161: An HTTP-based URL without TLS was detected.
Insecure URL

---

[notice] 217-217: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 241-241: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 319-319: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_test.go

[notice] 10-10: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 15-15: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 55-55: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 75-75: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 92-92: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/query.go

[notice] 348-348: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_setup_test.go

[notice] 236-236: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 578-578: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

tests/e2e/e2e_exec_test.go

[notice] 267-267: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 304-304: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 731-731: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 754-754: An HTTP-based URL without TLS was detected.
Insecure URL

🪛 actionlint (1.7.4)

.github/workflows/tests-sdk.yml

16-16: shellcheck reported issue in this script: SC2034:warning:7:3: SDK_VERSION appears unused. Verify use (or export if used externally)

(shellcheck)

---

16-16: shellcheck reported issue in this script: SC2086:info:9:34: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 golangci-lint (1.62.2)

tests/e2e/e2e_vesting_test.go

10-10: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

200-200: unnecessary leading newline

(whitespace)

tests/e2e/genesis.go

8-8: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

11-11: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

22-22: File is not gci-ed with --skip-generated -s standard -s default

(gci)

tests/e2e/chain.go

7-7: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

15-15: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

16-16: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

29-29: File is not gci-ed with --skip-generated -s standard -s default

(gci)

tests/e2e/e2e_ibc_test.go

29-29: directive //nolint:unparam is unused for linter "unparam"

(nolintlint)

---

63-63: directive //nolint:unparam is unused for linter "unparam"

(nolintlint)

tests/e2e/query.go

10-10: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

14-14: File is not gci-ed with --skip-generated -s standard -s default

(gci)

---

79-79: func querySupplyOf is unused

(unused)

---

93-93: func queryStakingParams is unused

(unused)

---

291-291: func queryAllRateLimits is unused

(unused)

---

306-306: func queryRateLimit is unused

(unused)

---

320-320: func queryRateLimitsByChainID is unused

(unused)

---

334-334: func queryICAAccountAddress is unused

(unused)

---

42-42: type assertion must be checked

(forcetypeassert)

---

43-43: type assertion must be checked

(forcetypeassert)

---

32-32: "200" can be replaced by http.StatusOK

(usestdlibvars)

---

224-224: directive //nolint:unused // this is called during e2e tests is unused for linter "unused"

(nolintlint)

---

305-305: directive //nolint:unparam is unused for linter "unparam"

(nolintlint)

tests/e2e/e2e_exec_test.go

265-265: (*IntegrationTestSuite).execBankSend - opt always receives nil

(unparam)

---

201-201: func (*IntegrationTestSuite).execFeeGrant is unused

(unused)

---

232-232: func (*IntegrationTestSuite).execFeeGrantRevoke is unused

(unused)

---

770-770: func (*IntegrationTestSuite).expectTxSubmitError is unused

(unused)

---

783-783: func (*IntegrationTestSuite).executeValidatorBond is unused

(unused)

---

432-432: unnecessary leading newline

(whitespace)

---

711-711: type assertion must be checked

(forcetypeassert)

---

712-712: type assertion must be checked

(forcetypeassert)

---

135-135: directive //nolint:unused is unused for linter "unused"

(nolintlint)

---

164-164: directive //nolint:unused is unused for linter "unused"

(nolintlint)

🪛 GitHub Check: lint

tests/e2e/query.go

[failure] 79-79:
func querySupplyOf is unused (unused)

---

[failure] 93-93:
func queryStakingParams is unused (unused)

---

[failure] 291-291:
func queryAllRateLimits is unused (unused)

---

[failure] 306-306:
func queryRateLimit is unused (unused)

---

[failure] 320-320:
func queryRateLimitsByChainID is unused (unused)

---

[failure] 334-334:
func queryICAAccountAddress is unused (unused)

tests/e2e/e2e_exec_test.go

[failure] 265-265:
(*IntegrationTestSuite).execBankSend - opt always receives nil (unparam)

---

[failure] 201-201:
func (*IntegrationTestSuite).execFeeGrant is unused (unused)

---

[failure] 232-232:
func (*IntegrationTestSuite).execFeeGrantRevoke is unused (unused)

---

[failure] 770-770:
func (*IntegrationTestSuite).expectTxSubmitError is unused (unused)

🔇 Additional comments (36)

tests/e2e/query.go (3)

42-45: Check type assertions to avoid a runtime panic.
The type assertions on lines 42 (txResp := result["tx_response"].(map[string]interface{})) and 43 (v.(float64)) can panic if the cast fails. Consider handling the possibility that these fields might not exist or may have unexpected data types.

🧰 Tools

🪛 golangci-lint (1.62.2)

42-42: type assertion must be checked

(forcetypeassert)

---

43-43: type assertion must be checked

(forcetypeassert)

---

79-91: Unused functions flagged by static analysis.
Several functions (querySupplyOf, queryStakingParams, queryAllRateLimits, queryRateLimit, queryRateLimitsByChainID, and queryICAAccountAddress) are reported as unused. If they are indeed unused in production code, consider removing them or adding tests that demonstrate their usage.

Also applies to: 93-105, 291-303, 306-319, 320-332, 334-346

🧰 Tools

🪛 golangci-lint (1.62.2)

79-79: func querySupplyOf is unused

(unused)

🪛 GitHub Check: lint

[failure] 79-79:
func querySupplyOf is unused (unused)

---

224-224: Review nolint directives.
//nolint:unused and //nolint:unparam appear to be overridden by the linter. If these functions are legitimately used in e2e tests, confirm the correct directive or remove them if no longer relevant.

Also applies to: 305-305

🧰 Tools

🪛 golangci-lint (1.62.2)

224-224: directive //nolint:unused // this is called during e2e tests is unused for linter "unused"

(nolintlint)

tests/e2e/genesis.go (2)

57-61: Confirm desired behavior for duplicate accounts.
The code returns an error when an account already exists in genesis. If the intended action is to skip duplicates or update existing accounts, consider revising the condition.

---

112-153: Governance state migration looks good.
The logic for sequential migration (v1beta1 → v3 → v4) is clear and consistent. Ensure that the test coverage includes scenarios where parameters like expedited votes and deposit/voting periods are exercised.

tests/e2e/e2e_ibc_test.go (1)

161-161: Use HTTPS for API endpoints if possible.
Calls to http:// might be acceptable in a local testing context, but in real or production-like environments consider secure connections (HTTPS) to prevent possible man-in-the-middle attacks.

Also applies to: 241-241, 319-319

🧰 Tools

🪛 GitHub Check: devskim

[warning] 161-161: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_exec_test.go (2)

201-230: Check usage for the execFeeGrant function
Static analysis flags this function as unused. If you do not use it in your tests or code, consider removing it to reduce dead code. Otherwise, confirm that references exist in other test files or the tests that are not part of the snippet.

🧰 Tools

🪛 golangci-lint (1.62.2)

201-201: func (*IntegrationTestSuite).execFeeGrant is unused

(unused)

🪛 GitHub Check: lint

[failure] 201-201:
func (*IntegrationTestSuite).execFeeGrant is unused (unused)

---

232-255: Check usage for the execFeeGrantRevoke function
Static analysis flags this function as unused. If it is truly not used, remove it for clarity; if it is used elsewhere, ensure that references are recognized by the build and tests.

🧰 Tools

🪛 golangci-lint (1.62.2)

232-232: func (*IntegrationTestSuite).execFeeGrantRevoke is unused

(unused)

🪛 GitHub Check: lint

[failure] 232-232:
func (*IntegrationTestSuite).execFeeGrantRevoke is unused (unused)

tests/e2e/keys.go (1)

8-20: Looks good
The mnemonic generation logic is straightforward, checks errors properly, and is suitable for tests.

tests/e2e/e2e_slashing_test.go (1)

5-23: Well-structured unjailing test
Your logic correctly checks for jailed validators, calls execUnjail, and asserts that the validator is no longer jailed afterwards.

tests/e2e/address.go (1)

1-33: LGTM
The address utility functions are concise and sufficient for test data generation.

tests/e2e/http_util.go (1)

25-40: Clear approach for JSON parsing
Reading and unmarshalling the response body is handled cleanly, ensuring that errors are surfaced properly.

tests/e2e/e2e_encode_test.go (2)

14-22: Validate JSON representation before asserting.
When asserting the equality of the encoded transaction, consider also validating that the encoding adheres to the expected JSON structure to catch potential schema mismatches or serialization issues.

---

34-50: Confirm global variables in buildRawTx.
The function relies on variables like txConfig, gas, and standardFees. Ensure these are properly defined and documented in the test suite so that maintainers can quickly locate and update them when needed.

tests/e2e/util.go (1)

10-45: Improve clarity around double unmarshalling.
The function uses unknownproto.RejectUnknownFieldsStrict first, then unpacks into raw again with cdc.Unmarshal. While correct, it might be worth adding a comment explaining that performing two unmarshalling passes is intentional—first to reject unknown fields, and second to handle known fields. This helps maintainers understand the rationale behind the approach.

tests/e2e/e2e_test.go (2)

75-75: Consider using HTTPS for chainAPI.
Line 75 references an HTTP-based endpoint, which may not be secure. If this is for internal or testing only, confirm if encryption is unnecessary; otherwise, consider switching to HTTPS.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 75-75: An HTTP-based URL without TLS was detected.
Insecure URL

---

92-92: Consider using HTTPS for chainAAPI.
Similar to the earlier endpoint, evaluate whether HTTPS is an option for improved security.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 92-92: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_distribution_test.go (2)

13-13: Consider secure connections for chainEndpoint.
An HTTP-based URL is referenced, which may not be secure. If secure connections are possible, consider switching to HTTPS.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 13-13: An HTTP-based URL without TLS was detected.
Insecure URL

---

65-65: Consider secure connections for chainAAPIEndpoint.
As before, evaluate whether HTTPS is an option for improved security.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 65-65: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_bank_test.go (1)

17-17: Assess the use of an HTTP-based URL for chainEndpoint.
If feasible, consider using HTTPS for stronger security, especially if these tests can be exposed beyond local development.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 17-17: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_rest_regression_test.go (1)

53-53: Use HTTPS if possible.
An HTTP-based URL might expose sensitive endpoints. Consider migrating to HTTPS for real deployments.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 53-53: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_staking_test.go (2)

15-15: Use HTTPS for security-sensitive endpoints

You are using an HTTP-based URL. During integration or production environments, consider switching to HTTPS to ensure secure communication.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 15-15: An HTTP-based URL without TLS was detected.
Insecure URL

---

41-52: Good use of Eventually to validate asynchronous state

Verifying delegation success with Eventually is a good best practice for asynchronous blockchain operations. The logic looks correct and robust.

tests/e2e/chain.go (2)

76-80: Proper handling of temporary directory errors

Nice job returning an error if directory creation fails. This prevents panics and ensures robust handling of file system issues.

---

92-133: Initialize ephemeral application properly

The lazy loading approach for tempApplication ensures minimal overhead. However, if concurrency is introduced in the future, ensure thread safety when reusing in tests.

tests/e2e/e2e_vesting_test.go (1)

252-269: Periodic vesting logic is well-structured

The code nicely handles multiple vesting periods. Including a test path for an early or zero-length period might further strengthen coverage.

app/test_helpers.go (1)

416-420: AppOptionsMap provides flexible testing options

This is a simple and effective solution for injecting custom arguments into the app. Confirm that all critical parameters (like security-related settings) are adequately tested.

.github/workflows/tests-unit.yml (1)

15-15: Verify make target existence

The workflow now uses make test-unit instead of direct Go test commands.

✅ Verification successful

test-unit target is properly defined and configured

The test-unit target is correctly defined in the Makefile with the following configuration:

• Sets a 5-minute timeout
• Uses the 'norace' tag
• Executes tests on all packages except e2e tests and simulation packages
• Properly integrated with the run-tests target for execution

The target is implemented as follows:

test-unit: ARGS=-timeout=5m -tags='norace'
test-unit: TEST_PACKAGES=$(PACKAGES_UNIT)

where PACKAGES_UNIT is defined as:

PACKAGES_UNIT=$(shell go list ./... | grep -v -e '/tests/e2e' | grep -v '/simulation')

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the make target exists and check its implementation
if [ -f "Makefile" ]; then
  # Search for test-unit target
  grep -A 5 "^test-unit:" Makefile
fi

Length of output: 367

---

Script:

#!/bin/bash
# Let's check the full Makefile to understand the target definitions and variables
cat Makefile

Length of output: 9388

.github/workflows/tests-e2e.yml (1)

15-15: Verify make target existence

The workflow uses make test-e2e. Let's verify this target exists and check its implementation.

✅ Verification successful

Make target test-e2e exists and is properly configured

The test-e2e target exists in the Makefile with the following configuration:

• Uses a 35-minute timeout with verbose output
• Runs tests from packages in tests/e2e directory
• Depends on build-image target which builds a Docker image for testing
• The target appears to be properly integrated with the project's testing infrastructure

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the make target exists and check its implementation
if [ -f "Makefile" ]; then
  # Search for test-e2e target
  grep -A 5 "^test-e2e:" Makefile
fi

Length of output: 377

---

Script:

#!/bin/bash
# Let's check the variables and dependencies used in the test-e2e target
grep -A 10 "^PACKAGES_E2E\|^build-image:" Makefile

Length of output: 948

.github/workflows/codecov.yml (1)

16-16: Verify coverage report generation

The workflow now uses make test-cover instead of direct Go test commands. Let's verify the target generates coverage data in the format expected by Codecov.

✅ Verification successful

Let me gather more information about the test coverage setup.

---

Coverage setup is correctly configured

The verification shows that:

• The test-cover make target correctly sets up coverage with -coverprofile=coverage.txt -covermode=atomic
• It excludes e2e tests and simulation packages, focusing on unit tests
• The workflow properly uploads the coverage.txt file to Codecov using the official action

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the make target exists and check its implementation
if [ -f "Makefile" ]; then
  # Search for test-cover target
  grep -A 5 "^test-cover:" Makefile
fi

Length of output: 314

---

Script:

#!/bin/bash
# Check for variables used in the make target
grep -A 2 "^PACKAGES_UNIT" Makefile

# Check if coverage.txt is used in any upload steps in the workflow
cat .github/workflows/codecov.yml

Length of output: 723

Dockerfile (1)

47-54: LGTM: Improved security with nonroot user

Good security practice:

• Using nonroot user/group with specific UID/GID
• Installing minimal required packages
• Proper port exposures including gRPC port 9090

Makefile (1)

137-138: LGTM! Well-structured test package organization

The separation of unit and e2e test packages is clean and follows best practices.

tests/connect/go.mod (2)

19-22: LGTM! Well-documented dependency replacement

The cosmos-sdk replacement is well-documented with clear links to the fork, branch, commit, and tag.

---

8-8: Verify compatibility with updated cosmos-sdk version

The update to cosmos-sdk v0.50.11 might require testing with the entire test suite to ensure compatibility.

Run the following script to check for any breaking changes in the SDK update:

✅ Verification successful

Let me analyze the cosmos-sdk usage in the codebase to verify the compatibility with v0.50.11.

---

Let me try a different approach to check the cosmos-sdk version changes.

---

Cosmos SDK update appears compatible with existing codebase

The update from v0.50.10 to v0.50.11 is a minor version bump within the same major version (v0.50.x). Additionally, the codebase is using a custom fork of cosmos-sdk (MANTRA-Chain/cosmos-sdk) with version v0.50.11-v2-mantra-1, which suggests the changes have been tested and adapted for compatibility.

Key observations:

• The update is from v0.50.10 to v0.50.11 (patch version bump)
• The project uses a custom fork that's already aligned with v0.50.11
• The extensive usage of cosmos-sdk APIs shown in the codebase scan suggests thorough integration

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential breaking changes in cosmos-sdk update

# Search for cosmos-sdk API usage that might be affected
rg --type go "github.com/cosmos/cosmos-sdk" -A 3

Length of output: 49717

---

Script:

#!/bin/bash
# Check for any breaking changes in cosmos-sdk update by examining git history
git log --oneline tests/connect/go.mod | grep -A 1 "cosmos-sdk"

Length of output: 0

---

Script:

#!/bin/bash
# Check for go.mod files that might contain cosmos-sdk version info
fd "go.mod" --exec cat {} \; | grep "cosmos-sdk"

Length of output: 979

go.mod (2)

47-47: Well-structured selection of e2e testing dependencies!

The added dependencies form a robust foundation for e2e testing:

• dockertest for container-based testing
• JSON schema validation libraries for response validation
• Container runtime dependencies for advanced container control

Also applies to: 58-58, 101-101, 173-173, 250-250, 288-290

---

58-58: Verify compatibility in the e2e testing environment

Please ensure these versions are compatible with your e2e testing environment and CI/CD pipeline.

Also applies to: 101-101, 173-173, 250-250, 288-290

✅ Verification successful

Let me gather more information about the e2e test setup and dockertest usage.

---

Let me check the Docker-related test implementation to verify compatibility.

---

Let me check the dockertest implementation details.

---

Based on the analysis of the e2e test implementation and dockertest usage, I can now provide a final response.

The dockertest version v3.11.0 is compatible with the e2e testing environment

The e2e test setup is properly configured to work with dockertest v3.11.0:

• The test suite successfully uses dockertest for managing test containers
• The implementation includes proper container lifecycle management (setup and teardown)
• The version is recent and stable, with no known compatibility issues
• The e2e tests use standard dockertest features that are well-supported in v3.11.0

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the e2e test setup works with the specified dependency versions

# Look for any existing e2e test configurations
echo "Checking for e2e test configurations..."
fd -e yaml -e json . | grep -i "e2e\|test"

# Check for Docker-related test files
echo "Checking for Docker-related test files..."
rg -l "dockertest" 

# Check for container configurations
echo "Checking for container configurations..."
fd -e dockerfile -e compose.yml -e compose.yaml .

Length of output: 478

---

Script:

#!/bin/bash
# Check the e2e test implementation and dockertest usage
echo "Checking e2e test implementation..."
cat tests/e2e/e2e_setup_test.go

echo -e "\nChecking dockertest version in test dependencies..."
cat tests/connect/go.sum | grep dockertest

Length of output: 28772

---

Script:

#!/bin/bash
# Check the e2e test execution implementation
cat tests/e2e/e2e_exec_test.go

# Check if there are any specific Docker version requirements in the test files
rg -i "docker.*version|version.*docker" tests/

Length of output: 29517

---

Script:

#!/bin/bash
# Check the dockertest implementation in e2e setup
cat tests/e2e/e2e_setup_test.go

# Check if there are any Docker version constraints in go.mod
cat go.mod | grep -A 5 -B 5 "github.com/ory/dockertest"

Length of output: 28809

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

.github/workflows/connect-test.yml (1)

Line range hint 10-11: Fix OS runner specification

The OS specification ubuntu-latest-x64-xlarge appears non-standard. GitHub-hosted runners typically use ubuntu-latest.

- os: [ubuntu-latest-x64-xlarge]
+ os: [ubuntu-latest]

♻️ Duplicate comments (2)

.github/workflows/tests-sdk.yml (2)

11-13: ⚠️ Potential issue

Fix Go version specification

The specified Go version 1.23 is not released yet. This will cause the workflow to fail.

- go-version: 1.23
+ go-version: '1.22'

---

16-25: ⚠️ Potential issue

Fix version extraction script issues

The script has several issues:

1. The SDK_VERSION variable is set but VERSION is used in the environment export
2. Missing error handling for the go list command
3. No validation of extracted version

  run: |
+   set -eo pipefail
    FULL_VERSION=$(go list -m github.com/cosmos/cosmos-sdk 2> /dev/null | sed 's:.* ::')
+   if [ -z "$FULL_VERSION" ]; then
+     echo "Error: Failed to extract SDK version" >&2
+     exit 1
+   fi
    if [[ $FULL_VERSION == *"-0."* ]]; then
      # This is a pseudo-version (commit-based)
      SDK_VERSION=${FULL_VERSION##*-}
    else
      # This is a regular version tag
      SDK_VERSION=$FULL_VERSION
    fi
-   echo "SDK_VERSION=${VERSION}" >> $GITHUB_ENV
+   echo "SDK_VERSION=${SDK_VERSION}" >> $GITHUB_ENV
+   echo "Extracted SDK version: ${SDK_VERSION}"

🧰 Tools

🪛 actionlint (1.7.4)

16-16: shellcheck reported issue in this script: SC2034:warning:7:3: SDK_VERSION appears unused. Verify use (or export if used externally)

(shellcheck)

---

16-16: shellcheck reported issue in this script: SC2086:info:9:34: Double quote to prevent globbing and word splitting

(shellcheck)

🧹 Nitpick comments (4)

.github/workflows/tests-e2e.yml (1)

8-10: Add timeout for E2E tests

E2E tests can be long-running. Consider adding a timeout to prevent hanging jobs:

   test:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:

.github/workflows/connect-test.yml (1)

Line range hint 15-22: Consider caching tparse installation

Since tparse is installed in all workflows, consider using GitHub Actions cache to speed up the workflows:

      - uses: actions/checkout@v4
+     - uses: actions/cache@v3
+       with:
+         path: ~/go/bin
+         key: ${{ runner.os }}-go-tparse-${{ hashFiles('**/go.sum') }}
      - name: Install tparse
        run: |
          go install github.com/mfridman/tparse@latest

.github/workflows/tests-sdk.yml (2)

1-6: Fix YAML formatting: Remove trailing spaces

Minor formatting issue: Remove trailing spaces from lines 1 and 2.

-on: 
-  push: 
+on:
+  push:

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

---

32-36: Enhance test execution robustness

Consider adding error handling and output capture for the test execution:

  - name: Install tparse
    run: |
      go install github.com/mfridman/tparse@latest
+     command -v tparse >/dev/null 2>&1 || { echo "tparse not installed" >&2; exit 1; }
-  - run: make test-all
+  - name: Run tests
+    run: |
+      cd cosmos-sdk
+      if [ ! -f Makefile ]; then
+        echo "Error: Makefile not found in cosmos-sdk directory" >&2
+        exit 1
+      fi
+      make test-all 2>&1 | tee test-output.log
+      if [ ${PIPESTATUS[0]} -ne 0 ]; then
+        echo "Error: Tests failed" >&2
+        exit 1
+      fi
    working-directory: cosmos-sdk

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 086f45f and 75a00b2.

📒 Files selected for processing (4)

• .github/workflows/connect-test.yml (1 hunks)
• .github/workflows/tests-e2e.yml (1 hunks)
• .github/workflows/tests-sdk.yml (1 hunks)
• .github/workflows/tests-unit.yml (2 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/tests-sdk.yml

16-16: shellcheck reported issue in this script: SC2034:warning:7:3: SDK_VERSION appears unused. Verify use (or export if used externally)

(shellcheck)

---

16-16: shellcheck reported issue in this script: SC2086:info:9:34: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/tests-sdk.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

.github/workflows/tests-e2e.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

.github/workflows/tests-unit.yml

[error] 2-2: trailing spaces

(trailing-spaces)

🔇 Additional comments (4)

.github/workflows/tests-unit.yml (2)

Line range hint 11-12: Fix invalid Go version

The specified Go version 1.23 doesn't exist yet. The latest stable version is 1.21.x.

- go-version: 1.23
+ go-version: 1.21

---

18-18: Verify make target existence

Ensure that the test-unit target exists in the Makefile.

✅ Verification successful

test-unit target exists and is properly configured

The test-unit target is correctly defined in the Makefile and is properly configured with appropriate test packages and arguments. The target:

• Excludes e2e and simulation tests
• Sets a 5-minute timeout
• Uses the 'norace' tag
• Runs unit tests for all packages except tests/e2e and simulation

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if test-unit target exists in Makefile
if ! grep -q "^test-unit:" $(find . -name "Makefile"); then
  echo "Warning: test-unit target not found in Makefile"
fi

Length of output: 59

---

Script:

#!/bin/bash
# Let's first check if the Makefile exists and see its content
if [ -f "./Makefile" ]; then
    echo "Makefile content:"
    cat ./Makefile
else
    echo "Makefile not found in root directory"
fi

Length of output: 9459

.github/workflows/tests-e2e.yml (1)

18-18: Verify make target existence

Ensure that the test-e2e target exists in the Makefile.

✅ Verification successful

The test-e2e target exists and is properly configured

The Makefile contains the test-e2e target with the following configuration:

• It's defined under the TEST_TARGETS with proper dependencies
• It sets specific test arguments: -timeout=35m -v
• It runs E2E packages from the tests/e2e directory
• It has a dependency on build-image target
• It uses the run-tests target for execution

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if test-e2e target exists in Makefile
if ! grep -q "^test-e2e:" $(find . -name "Makefile"); then
  echo "Warning: test-e2e target not found in Makefile"
fi

Length of output: 58

---

Script:

#!/bin/bash
# Let's first check if Makefile exists and see its content
fd Makefile --type f --exec cat {}

Length of output: 9412

.github/workflows/connect-test.yml (1)

22-22: Verify make target existence

Ensure that the test-connect target exists in the Makefile.

✅ Verification successful

The test-connect target exists in the Makefile

The verification confirms that the test-connect target is properly defined in the Makefile. It's listed under the TEST_TARGETS variable and has its specific configuration:

test-connect: ARGS=-v -race
test-connect: DIR=$(CURDIR)/tests/connect
test-connect: build-image

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if test-connect target exists in Makefile
if ! grep -q "^test-connect:" $(find . -name "Makefile"); then
  echo "Warning: test-connect target not found in Makefile"
fi

Length of output: 62

---

Script:

#!/bin/bash
# Let's first check if Makefile exists and see its content
fd Makefile --type f --exec cat {}

Length of output: 9412

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (36)

tests/e2e/e2e_ibc_test.go (4)

218-218: Address the TODO comment.

You have a placeholder indicating a needed change ("TODO: Add back only if ..."). Resolve or remove it to keep the code clean and consistent.

Would you like me to open a dedicated issue or propose a follow-up PR to address this TODO?

🧰 Tools

🪛 GitHub Check: devskim

[notice] 218-218: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

320-320: Use HTTPS to avoid insecure connections.

This endpoint uses plain HTTP ("http://"). Prefer HTTPS to safeguard data in transit.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 320-320: An HTTP-based URL without TLS was detected.
Insecure URL

---

303-303: Avoid fixed sleep intervals in tests.

Consider using a more dynamic approach (e.g., polling with timeouts or asynchronous signals) instead of time.Sleep(30 * time.Second). This can significantly reduce test run time and flakiness.

---

157-157: Add negative test scenarios for token transfers.

While the tests already include a "failed multihop" scenario, consider integrating additional negative tests—for example, verifying error messages when sending tokens with invalid denominations, insufficient balance, or an invalid chain ID—to improve reliability.

tests/e2e/e2e_gov_test.go (3)

22-22: Consider in-place upgrades to avoid container restarts.
The TODO suggests performing upgrades in place of chain restarts, which could simplify test logic and reduce the overhead of tearing down and recreating containers.

Do you want me to open a tracking issue to plan in-place upgrades?

🧰 Tools

🪛 GitHub Check: devskim

[notice] 22-22: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

44-44: Consider a more granular teardown.
Calling s.TearDownSuite() in the middle of a single test flow may introduce overhead or side effects. You might encapsulate container restarts within smaller teardown logic or use a subtest approach for clarity.

---

214-214: Evaluate relevance of commented-out code.
This large commented block references a TODO about CCV modules. If you anticipate enabling it soon, keep the code in place; otherwise, consider removing it to reduce clutter.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 214-214: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_test.go (1)

10-10: Resolve or track TODOs for completeness.
These lines indicate incomplete functionality or skipped tests. Ensure they are properly tracked to avoid stale code.

Also applies to: 15-15, 55-55

🧰 Tools

🪛 GitHub Check: devskim

[notice] 10-10: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_staking_test.go (1)

1-142: Consider negative scenario coverage.
While the test thoroughly checks normal staking flows (delegation, redelegation, unbonding, cancellation), you might also consider adding negative scenario tests (e.g., insufficient funds, invalid validator) to bolster reliability.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 14-14: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_exec_test.go (2)

265-265: Address the TODO comment regarding hardcoded options
The comment indicates a plan to remove hardcoded options. Refactoring this logic to accept custom flags in all methods will improve code maintainability and flexibility.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 265-265: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

302-302: Consider removing hardcoded options
Same as line 265: using dynamically passed flags instead of hardcoding them will help keep test scenarios flexible and maintainable.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 302-302: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

Dockerfile (1)

11-12: Pin the base images to a specific version for reproducible builds
Using flexible tags like alpine:latest and not pinning the patch version in golang:${GO_VERSION}-alpine3.20 can lead to non-deterministic builds. Consider switching to fully qualified tags (e.g., golang:1.23.4-alpine3.20 and alpine:3.20.4) to guarantee consistent build results.

Also applies to: 47-47

tests/e2e/e2e_setup_test.go (6)

78-79: Remove or revise the nolint:unused directive if govAuthority is actively used.
The govAuthority variable appears to be used, so retaining //nolint:unused may be misleading and could mask potential future issues.

---

155-160: Uncomment or remove the chain B setup code.
This code is currently commented out. If there's no immediate plan to support a second chain, consider removing it to reduce clutter. Otherwise, uncomment it and ensure it remains actively tested.

---

232-232: Address the TODO regarding account manipulation.
The code references a "better way to manipulate accounts," indicating incomplete functionality.

Would you like help drafting an improved approach?

🧰 Tools

🪛 GitHub Check: devskim

[notice] 232-232: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

574-574: Confirm usage of localhost in production or staging environments.
The static analysis flagged the use of tcp://localhost:26657. For ephemeral end-to-end tests, this may be acceptable, but ensure the final setup can scale beyond a local endpoint.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 574-574: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

---

609-609: Validate the nolint:unused directive on runIBCRelayer.
If the function is intentionally commented out or not yet ready, consider removing it altogether. Otherwise, if it's in active use, remove the nolint:unused directive.

---

826-826: Revisit the nolint:unused directive in writeFailingExpeditedProposal.
Confirm whether this function is truly unused. If so, remove it. If it’s needed, ensure it’s invoked and remove the directive.

tests/e2e/validator.go (4)

1-3: Consider adding documentation for this new package.
Documenting the purpose of the e2e package and explaining its role helps future maintainers and testers quickly understand how it ties into the rest of the codebase.

---

66-96: Refine error handling for genesis export.
In init(), a failure to export the genesis state would disrupt tests. Consider adding logs or retention of partial artifacts for debugging.

---

224-250: Add a sanity check for commission rates.
Hard-coded commission rates in buildCreateValidatorMsg might mismatch real-world scenarios. Consider making these configurable or verifying validity in tests.

---

252-319: Consider enhanced error logging in signMsg.
This code is crucial for transaction signing. Incorporating logging or structured error messages would facilitate troubleshooting if signatures fail.

tests/e2e/chain.go (6)

1-3: Consolidate or document imports.
The extensive imports here can cause confusion. Briefly comment on the core packages used for chain initialization, especially around dbm and wasmkeeper.

---

41-60: Initialize custom modules if needed.
You register many standard Cosmos SDK interfaces but might consider separately registering any MANTRA-specific interfaces for clarity.

---

72-82: Clean up tmpDir in newChain if tests fail prematurely.
Consider deferring a cleanup routine or storing references in ephemeral test contexts.

---

88-129: Add logging or comments on how many validators are created.
This helps clarify test coverage and makes debugging easier, especially if something fails mid-loop.

---

131-173: Merge duplicated logic with createAndInitValidators if desired.
createAndInitValidatorsWithMnemonics shares logic with createAndInitValidators. You could unify them to reduce duplication, passing mnemonics optionally.

---

175-181: Parameterize createValidator further.
Consider making initial key names or monikers configurable to test dynamic scenarios.

tests/e2e/e2e_vesting_test.go (5)

1-3: Add docs explaining vesting test coverage.
Describing the outcome each test is validating (delayed, continuous, periodic vesting, etc.) helps new developers quickly map the test logic.

---

34-41: Consider verifying offline or edge scenarios.
Tests only show normal usage of vesting. For thorough coverage, also test how negative vesting amounts or extremely large amounts are handled.

---

43-110: Time-based tests can be flaky.
Use a faster polling loop or a time mocking mechanism to avoid slow or unpredictable sleeps if possible.

---

112-197: Prefer checking vesting progress with a mock or faster approach.
As with delayed vesting, consider a more deterministic approach than real-time sleeps to reduce test runtime and flakiness.

---

199-319: Consolidate repeated wait and transfer logic.
Large amounts of duplicated code around waiting, querying balance, and sending bank transfers can be factored into helper methods to reduce complexity in each test.

tests/e2e/query.go (3)

75-102: Remove or replace large commented blocks.

Large commented sections (e.g., querySupplyOf, queryStakingParams) can cause confusion and clutter. If not needed, remove them. Otherwise, add a TODO: with a clear implementation plan or reference to an open issue.

---

246-259: Consider abstracting repeated validator query logic.

Repeated patterns for constructing URLs, performing httpGet, and unmarshalling appear in queryValidator and queryValidators. You might enhance maintainability by extracting a helper function that handles common tasks like building the URL, calling httpGet, and unmarshalling.

---

344-344: Address the TODO comment.

A TODO at line 344 references “Uncomment this function when CCV module is added.” Since this file is for end-to-end tests, consider opening a ticket or doc reference to track when CCV module becomes available to ensure the function is properly implemented.

🧰 Tools

🪛 GitHub Check: devskim

[notice] 344-344: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 75a00b2 and 5eec32d.

📒 Files selected for processing (14)

• .golangci.yml (0 hunks)
• Dockerfile (3 hunks)
• tests/e2e/chain.go (1 hunks)
• tests/e2e/e2e_distribution_test.go (1 hunks)
• tests/e2e/e2e_exec_test.go (1 hunks)
• tests/e2e/e2e_gov_test.go (1 hunks)
• tests/e2e/e2e_ibc_test.go (1 hunks)
• tests/e2e/e2e_setup_test.go (1 hunks)
• tests/e2e/e2e_staking_test.go (1 hunks)
• tests/e2e/e2e_test.go (1 hunks)
• tests/e2e/e2e_vesting_test.go (1 hunks)
• tests/e2e/genesis.go (1 hunks)
• tests/e2e/query.go (1 hunks)
• tests/e2e/validator.go (1 hunks)

💤 Files with no reviewable changes (1)

• .golangci.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/e2e/genesis.go

🧰 Additional context used

🪛 GitHub Check: devskim

tests/e2e/e2e_staking_test.go

[warning] 14-14: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_ibc_test.go

[warning] 162-162: An HTTP-based URL without TLS was detected.
Insecure URL

---

[notice] 218-218: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 242-242: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 320-320: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_test.go

[notice] 10-10: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 15-15: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 55-55: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 75-75: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 92-92: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/query.go

[notice] 344-344: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

tests/e2e/e2e_gov_test.go

[notice] 22-22: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 25-25: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 69-69: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 105-105: An HTTP-based URL without TLS was detected.
Insecure URL

---

[notice] 214-214: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 268-268: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_setup_test.go

[notice] 232-232: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 574-574: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

tests/e2e/e2e_exec_test.go

[notice] 265-265: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 302-302: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[warning] 728-728: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 751-751: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_distribution_test.go

[warning] 12-12: An HTTP-based URL without TLS was detected.
Insecure URL

---

[warning] 64-64: An HTTP-based URL without TLS was detected.
Insecure URL

🔇 Additional comments (25)

tests/e2e/e2e_ibc_test.go (1)

242-242: Use HTTPS to avoid insecure connections.

This endpoint uses plain HTTP ("http://"). For best security practices, switch to HTTPS or another secure protocol.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 242-242: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_gov_test.go (2)

25-25: Use HTTPS or secure context if you're not in a trusted environment.
These lines rely on an HTTP endpoint ("http://%s"). If your tests run in a production-like environment, consider adding TLS or ensuring the endpoints are strictly local.

Also applies to: 69-69, 105-105, 268-268

🧰 Tools

🪛 GitHub Check: devskim

[warning] 25-25: An HTTP-based URL without TLS was detected.
Insecure URL

---

31-31: Serial usage of global counter may cause concurrency issues.
proposalCounter++ could lead to data races if the tests are ever run in parallel. If the suite is guaranteed to run serially, this is safe. Otherwise, consider a thread-safe mechanism (e.g., atomic operations).

Also applies to: 78-78, 85-85, 117-117, 272-272

tests/e2e/e2e_test.go (1)

75-75: Validate HTTP usage for chain endpoints.
Both lines use an unencrypted "http://%s" string. If these calls move beyond a local test environment, consider using HTTPS or explaining why HTTP is acceptable.

Also applies to: 92-92

🧰 Tools

🪛 GitHub Check: devskim

[warning] 75-75: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_distribution_test.go (1)

12-12: Review security implications of HTTP-based endpoints.
If your environment is local or containerized, HTTP may be acceptable. Otherwise, consider TLS or an alternative.

Also applies to: 64-64

🧰 Tools

🪛 GitHub Check: devskim

[warning] 12-12: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_staking_test.go (1)

14-14: Confirm HTTP endpoint usage is restricted to local testing.
Ensure you’re not exposing sensitive transactions if this endpoint is ever accessible externally.

🧰 Tools

🪛 GitHub Check: devskim

[warning] 14-14: An HTTP-based URL without TLS was detected.
Insecure URL

tests/e2e/e2e_exec_test.go (2)

708-711: **Handle type assertions safely **
This repeats a past suggestion about using the comma-ok idiom to avoid potential runtime panics. Replace direct assertions like lvl.(string) with safer checks, for instance:

- if lvl := out["level"]; lvl != nil && strings.ToLower(lvl.(string)) == "error" {
-     errMsg := out["fields"].(map[string]interface{})["message"]
+ if lvlVal, ok := out["level"].(string); ok && strings.ToLower(lvlVal) == "error" {
+     if fields, ok := out["fields"].(map[string]interface{}); ok {
+         errMsg := fields["message"]
+         ...
+     }
 }

---

728-728: Use HTTPS or secure protocols when possible
Currently, both lines construct an HTTP-based endpoint (e.g., "http://%s") for chain queries. Consider using HTTPS for secure communication if the environment or test setup supports it.

Also applies to: 751-751

🧰 Tools

🪛 GitHub Check: devskim

[warning] 728-728: An HTTP-based URL without TLS was detected.
Insecure URL

Dockerfile (2)

22-23: Efficient caching approach
Leveraging Docker’s build cache for Go modules and builds significantly reduces build times. Great job setting up these cache mounts!

Also applies to: 39-40

---

49-50: Good practice: nonroot user
Running the application as a non-root user improves container security and follows Docker best practices. Nicely done!

tests/e2e/e2e_setup_test.go (1)

1-891: Overall, this is a robust E2E test suite.
These tests lay a solid foundation for verifying the blockchain’s end-to-end functionality. Apart from the minor suggestions, the code appears organized and purposeful. Great job!

🧰 Tools

🪛 GitHub Check: devskim

[notice] 232-232: A "TODO" or similar was left in source code, possibly indicating incomplete functionality
Suspicious comment

---

[notice] 574-574: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

tests/e2e/validator.go (8)

32-44: Validate potential concurrency usage for validator fields.
While the validator struct appears to be used single-threadedly in tests, any future concurrent usage should be guarded or clarified with synchronization. Consider adding documentation if concurrency might occur.

---

53-55: Use of instanceName for node identification looks good.
The method is concise, clearly named, and straightforward.

---

57-59: Check for directory naming collisions.
Consider verifying or handling potential name conflicts. In large test suites, collisions could cause subtle bugs or overwriting if test runs share the same location.

---

61-64: Ensure createConfig() gracefully handles existing directories.
If the directory already exists, confirm that any existing config contents do not inadvertently carry over from previous runs of tests.

---

98-112: Confirm node identity collisions are not possible.
Generating node keys in a loop across multiple validators can produce overlapping IDs if the random generator is not robust. Ensure there's no identity collision in large-scale tests.

---

137-170: Revisit private key handling in memory.
Although this is test code, consider ensuring that private keys are never printed or logged. This comment mirrors prior reviews on private key storage.

---

172-213: Validate possible concurrency in addAccountFromMnemonic.
This function appends to c.genesisAccounts. If run in parallel with other chain setup calls, you may need a mutex or a concurrency-safe approach.

---

215-222: createKey is straightforward but watch for mnemonic duplication.
Ensure that each validator name and mnemonic combination is unique if used concurrently.

tests/e2e/chain.go (3)

30-33: Confirm keyringAppName and passphrase usage.
Relying on a fixed passphrase is fine for local tests, but confirm it won't be used in staging or production pipelines.

---

62-70: chain struct is well-defined for test contexts.
It centralizes data directories and references to validators. Good approach for end-to-end test orchestration.

---

84-86: configDir approach is consistent.
This is consistent with the validator’s configDir. Good job keeping paths predictable.

tests/e2e/e2e_vesting_test.go (1)

9-11: Good usage of math and SDK.
Leveraging cosmossdk.io/math and sdk is standard and looks consistent for vesting amounts.

tests/e2e/query.go (2)

176-192: Validate queryAccount error handling.

The function returns a partially unpacked account when res.Account is not nil but fails to confirm that res.Account is present. If res.Account is unexpectedly nil, cdc.UnpackAny might return an error. Consider adding an explicit check for res.Account before unpacking or returning a more descriptive error message.

---

1-19: Ensure codec (cdc) is declared and initialized.

The code references a global cdc variable (e.g., line 68, 111), but it neither appears in this file nor is it imported, which may cause compile-time errors. Verify that cdc is declared and initialized properly in an imported package or in a different file within the same module.

✅ Verification successful

Let me gather more information about the usage of cdc in the test file.

---

The cdc variable is properly declared and initialized

The cdc variable is correctly declared as a package-level variable in the e2e package (tests/e2e/chain.go):

var (
    encodingConfig params.EncodingConfig
    cdc            codec.Codec
    txConfig       client.TxConfig
)

It's initialized in the package's init() function through the params.MakeEncodingConfig() call, and all necessary interfaces are registered with the codec. The variable is accessible to all files within the e2e package, including query.go.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for "var cdc" or "cdc := ..." declarations in the entire codebase to ensure it's properly defined and accessible.

rg -A 5 -B 2 "var cdc" 
rg -A 5 -B 2 "cdc := "

Length of output: 1470

---

Script:

#!/bin/bash
# Search for cdc usage in the test file
rg -A 5 -B 2 "cdc" tests/e2e/query.go

# Check if there's any codec initialization in the e2e package
rg -A 5 -B 2 "codec" tests/e2e/

Length of output: 7602

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5eec32d and 4f996c2.

📒 Files selected for processing (1)

• Makefile (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: test
• GitHub Check: Analyze (go)
• GitHub Check: test
• GitHub Check: connect-test (1.23.x, ubuntu-latest-x64-xlarge)

🔇 Additional comments (3)

Makefile (3)

137-138: Well-structured test package organization!

Good separation of unit and e2e test packages using clear filtering criteria.

---

139-151: Well-designed test target configuration!

The test targets are well-organized with:

• Appropriate timeouts for different test types
• Proper build dependencies
• Flexible output formatting with tparse

Also applies to: 153-162

---

246-246: Security: Consider non-zero minimum gas prices

Setting minimum gas prices to 0 could make the network vulnerable to spam attacks. Even for testing purposes, it's better to use a small non-zero value to simulate realistic conditions.

-	./build/mantrachaind start --home .mantrasinglenodetest --minimum-gas-prices 0uom
+	./build/mantrachaind start --home .mantrasinglenodetest --minimum-gas-prices 0.0001uom

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

.github/workflows/tests-sdk.yml (2)

11-13: ⚠️ Potential issue

Fix Go version specification.

The specified Go version 1.23 is not released yet. This will cause the workflow to fail.

- go-version: 1.23
+ go-version: '1.22'

---

16-26: ⚠️ Potential issue

Fix version extraction script issues.

The script has several critical issues that need to be addressed.

  run: |
+   set -eo pipefail
-   FULL_VERSION=$(go list -m github.com/cosmos/cosmos-sdk 2> /dev/null | sed 's:.* ::')
+   FULL_VERSION=$(go list -m "github.com/cosmos/cosmos-sdk" 2> /dev/null | sed 's:.* ::')
+   if [ -z "$FULL_VERSION" ]; then
+     echo "Error: Failed to extract SDK version" >&2
+     exit 1
+   fi
    if [[ $FULL_VERSION == *"-0."* ]]; then
      # This is a pseudo-version (commit-based)
      SDK_VERSION=${FULL_VERSION##*-}
    else
      # This is a regular version tag
      SDK_VERSION=$FULL_VERSION
    fi
-   echo "SDK_VERSION=${VERSION}" >> $GITHUB_ENV
+   echo "SDK_VERSION=${SDK_VERSION}" >> $GITHUB_ENV
+   echo "Extracted SDK version: ${SDK_VERSION}"

🧰 Tools

🪛 actionlint (1.7.4)

16-16: shellcheck reported issue in this script: SC2086:info:9:34: Double quote to prevent globbing and word splitting

(shellcheck)

🧹 Nitpick comments (2)

.github/workflows/tests-sdk.yml (2)

1-6: Remove trailing spaces from YAML.

Minor formatting issue: Remove trailing spaces from lines 1 and 2.

-on: 
-  push: 
+on:
+  push:

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

---

33-37: Add error handling for test execution.

The test execution steps should include error handling and proper output capture.

  - name: Install tparse
    run: |
+     set -eo pipefail
      go install github.com/mfridman/tparse@latest
-  - run: make test-all
+  - name: Run SDK tests
+    run: |
+      set -eo pipefail
+      make test-all 2>&1 | tee test-output.log
+      if [ ${PIPESTATUS[0]} -ne 0 ]; then
+        echo "::error::Tests failed. Check test-output.log for details"
+        exit 1
+      fi
    working-directory: cosmos-sdk

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f996c2 and 0865c6a.

📒 Files selected for processing (1)

• .github/workflows/tests-sdk.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/tests-sdk.yml

16-16: shellcheck reported issue in this script: SC2086:info:9:34: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/tests-sdk.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (9)

• GitHub Check: Build - MacOS x86_64 and aarch64
• GitHub Check: Build - Linux aarch64
• GitHub Check: test
• GitHub Check: Build - Linux x86_64
• GitHub Check: test
• GitHub Check: test
• GitHub Check: build
• GitHub Check: build
• GitHub Check: lint

🔇 Additional comments (1)

.github/workflows/tests-sdk.yml (1)

27-32: Verify SDK version checkout.

The checkout configuration looks correct, but please verify that the repository and version exist after fixing the version extraction script.

✅ Verification successful

SDK version checkout configuration is valid ✓

The repository MANTRA-Chain/cosmos-sdk exists and the version tag v0.50.11-v2-mantra-1 is available, ensuring the checkout step will work correctly.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the SDK version checkout logic
# Test: Check if the repository and version exist

# Check if the repository exists
gh repo view MANTRA-Chain/cosmos-sdk --json url || {
  echo "Error: Repository MANTRA-Chain/cosmos-sdk not found"
  exit 1
}

# Extract and verify SDK version from go.mod
SDK_VERSION=$(go list -m "github.com/cosmos/cosmos-sdk" 2>/dev/null | sed 's:.* ::' || echo "")
if [ -n "$SDK_VERSION" ]; then
  echo "Found SDK version: $SDK_VERSION"
  
  # Check if the version exists in the repository
  gh api "repos/MANTRA-Chain/cosmos-sdk/git/ref/tags/${SDK_VERSION}" --silent || {
    echo "Warning: Version $SDK_VERSION not found in tags"
    echo "Checking if it's a commit hash..."
    gh api "repos/MANTRA-Chain/cosmos-sdk/git/commits/${SDK_VERSION}" --silent || {
      echo "Error: Version $SDK_VERSION not found in commits either"
      exit 1
    }
  }
else
  echo "Error: Failed to extract SDK version from go.mod"
  exit 1
fi

Length of output: 309

---

Script:

#!/bin/bash
# Find and read go.mod to extract SDK version
echo "Searching for go.mod file..."
fd --type f "go.mod$" --exec cat {} \; | grep -A 1 "github.com/cosmos/cosmos-sdk"

# Check repository and its default branch
echo -e "\nChecking repository..."
gh api repos/MANTRA-Chain/cosmos-sdk --jq '.default_branch'

Length of output: 730

---

Script:

#!/bin/bash
# Check if the version exists
VERSION="v0.50.11-v2-mantra-1"
echo "Checking version: $VERSION"

# Try as a tag first
echo "Checking tags..."
gh api "repos/MANTRA-Chain/cosmos-sdk/git/refs/tags/${VERSION}" --jq '.ref' || {
  echo "Not found in tags, checking branches..."
  # Try as a branch
  gh api "repos/MANTRA-Chain/cosmos-sdk/git/refs/heads/${VERSION}" --jq '.ref' || {
    echo "Not found in branches, checking as commit..."
    # Try as a commit
    gh api "repos/MANTRA-Chain/cosmos-sdk/commits/${VERSION}" --jq '.sha'
  }
}

Length of output: 275

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/tests-sdk.yml (1)

11-13: ⚠️ Potential issue

Fix Go version specification

The specified Go version 1.23 is not released yet. This will cause the workflow to fail.

Update to the latest stable version:

- go-version: 1.23
+ go-version: '1.22'

🧹 Nitpick comments (2)

.github/workflows/tests-sdk.yml (2)

1-6: Fix YAML formatting.

Remove trailing spaces from lines 1 and 2:

-on: 
-  push: 
+on:
+  push:

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

---

32-36: Enhance test execution robustness

Consider improving the test execution step:

1. Add error handling for tparse installation
2. Capture and format test output
3. Set timeout for long-running tests

Apply this enhancement:

  - name: Install tparse
    run: |
+     set -eo pipefail
      go install github.com/mfridman/tparse@latest
-  - run: make test-all
+  - name: Run tests
+    run: |
+      set -eo pipefail
+      make test-all 2>&1 | tee output.log
+      if [ -s output.log ]; then
+        tparse -all output.log
+      fi
+    timeout-minutes: 30
    working-directory: cosmos-sdk

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0865c6a and 88aa810.

📒 Files selected for processing (1)

• .github/workflows/tests-sdk.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/tests-sdk.yml

16-16: shellcheck reported issue in this script: SC2086:info:9:44: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/tests-sdk.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (11)

• GitHub Check: Build - MacOS x86_64 and aarch64
• GitHub Check: Build - Linux aarch64
• GitHub Check: test
• GitHub Check: Build - Linux x86_64
• GitHub Check: build
• GitHub Check: lint
• GitHub Check: build
• GitHub Check: Analyze (go)
• GitHub Check: test
• GitHub Check: test
• GitHub Check: connect-test (1.23.x, ubuntu-latest-x64-xlarge)

🔇 Additional comments (1)

.github/workflows/tests-sdk.yml (1)

16-31: ⚠️ Potential issue

Improve version extraction script robustness

The script has several issues that need to be addressed:

1. Missing error handling for the go list command
2. Potential globbing issues with unquoted variables
3. No validation of extracted version
4. Using incorrect variable name in environment export

Apply this fix:

  run: |
+   set -eo pipefail
-   FULL_VERSION=$(go list -m github.com/cosmos/cosmos-sdk 2> /dev/null | sed 's:.* ::')
+   FULL_VERSION="$(go list -m github.com/cosmos/cosmos-sdk 2> /dev/null | sed 's:.* ::')"
+   if [ -z "$FULL_VERSION" ]; then
+     echo "Error: Failed to extract SDK version" >&2
+     exit 1
+   fi
    if [[ $FULL_VERSION == *"-0."* ]]; then
      # This is a pseudo-version (commit-based)
-     SDK_VERSION=${FULL_VERSION##*-}
+     SDK_VERSION="${FULL_VERSION##*-}"
    else
      # This is a regular version tag
-     SDK_VERSION=$FULL_VERSION
+     SDK_VERSION="$FULL_VERSION"
    fi
-   echo "SDK_VERSION=${SDK_VERSION}" | tee -a $GITHUB_ENV
+   echo "SDK_VERSION=${SDK_VERSION}" | tee -a "$GITHUB_ENV"
+   echo "Extracted SDK version: ${SDK_VERSION}"

Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

16-16: shellcheck reported issue in this script: SC2086:info:9:44: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/tests-sdk.yml (1)

11-13: ⚠️ Potential issue

Fix Go version specification

The specified Go version 1.23 is not released yet. This will cause the workflow to fail.

Update to the latest stable version:

- go-version: 1.23
+ go-version: '1.22'

🧹 Nitpick comments (3)

.github/workflows/tests-sdk.yml (3)

1-6: Fix YAML formatting.

Remove trailing spaces from lines 1 and 2 to improve YAML formatting.

-on: 
-  push: 
+on:
+  push:

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

---

36-37: Document tools directory removal.

Add a more detailed comment explaining why the tools directory needs to be removed before testing.

-          # skip test on tools
+          # Remove tools directory to skip its tests as they're not relevant for SDK testing

---

38-39: Add error handling for test execution.

The test execution should fail fast if any command fails.

-          make test-all
+          set -e
+          make test-all || {
+            echo "::error::SDK tests failed"
+            exit 1
+          }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88aa810 and 9a6cc1c.

📒 Files selected for processing (1)

• .github/workflows/tests-sdk.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/tests-sdk.yml

16-16: shellcheck reported issue in this script: SC2086:info:9:44: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/tests-sdk.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (10)

• GitHub Check: Build - Linux aarch64
• GitHub Check: build
• GitHub Check: test
• GitHub Check: test
• GitHub Check: Build - Linux x86_64
• GitHub Check: lint
• GitHub Check: Analyze (go)
• GitHub Check: test
• GitHub Check: build
• GitHub Check: connect-test (1.23.x, ubuntu-latest-x64-xlarge)

🔇 Additional comments (2)

.github/workflows/tests-sdk.yml (2)

7-10: LGTM!

The job configuration is well-structured and uses appropriate runner.

---

16-31: 🛠️ Refactor suggestion

Improve version extraction script robustness.

The script needs better error handling and validation:

  run: |
+   set -eo pipefail
    FULL_VERSION=$(go list -m github.com/cosmos/cosmos-sdk 2> /dev/null | sed 's:.* ::')
+   if [ -z "$FULL_VERSION" ]; then
+     echo "Error: Failed to extract SDK version" >&2
+     exit 1
+   fi
    if [[ $FULL_VERSION == *"-0."* ]]; then
      # This is a pseudo-version (commit-based)
      SDK_VERSION=${FULL_VERSION##*-}
    else
      # This is a regular version tag
      SDK_VERSION=$FULL_VERSION
    fi
-   echo "SDK_VERSION=${SDK_VERSION}" | tee -a $GITHUB_ENV
+   echo "SDK_VERSION=${SDK_VERSION}" | tee -a "$GITHUB_ENV"
+   echo "Extracted SDK version: ${SDK_VERSION}"

Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint (1.7.4)

16-16: shellcheck reported issue in this script: SC2086:info:9:44: Double quote to prevent globbing and word splitting

(shellcheck)

[sonarqubecloud]

Quality Gate passed

Issues
34 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.7% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

.github/workflows/tests-sdk.yml (2)

11-13: ⚠️ Potential issue

Fix Go version specification.

The specified Go version 1.23 is not released yet. This will cause the workflow to fail.

Update to the latest stable version:

- go-version: 1.23
+ go-version: '1.22'

---

16-31: ⚠️ Potential issue

Improve version extraction script robustness.

The script needs better error handling and validation:

  run: |
+   set -eo pipefail
-   FULL_VERSION=$(go list -m github.com/cosmos/cosmos-sdk 2> /dev/null | sed 's:.* ::')
+   FULL_VERSION=$(go list -m github.com/cosmos/cosmos-sdk | sed 's:.* ::')
+   if [ -z "$FULL_VERSION" ]; then
+     echo "Error: Failed to extract SDK version" >&2
+     exit 1
+   fi
    if [[ $FULL_VERSION == *"-0."* ]]; then
      # This is a pseudo-version (commit-based)
      SDK_VERSION=${FULL_VERSION##*-}
    else
      # This is a regular version tag
      SDK_VERSION=$FULL_VERSION
    fi
-   echo "SDK_VERSION=${SDK_VERSION}" | tee -a $GITHUB_ENV
+   echo "SDK_VERSION=${SDK_VERSION}" | tee -a "$GITHUB_ENV"
+   echo "Extracted SDK version: ${SDK_VERSION}"

🧰 Tools

🪛 actionlint (1.7.4)

16-16: shellcheck reported issue in this script: SC2086:info:9:44: Double quote to prevent globbing and word splitting

(shellcheck)

🧹 Nitpick comments (1)

.github/workflows/tests-sdk.yml (1)

1-6: Fix YAML formatting issues.

Remove trailing spaces from lines 1 and 2 to improve YAML formatting:

-on: 
-  push: 
+on:
+  push:

🧰 Tools

🪛 yamllint (1.35.1)

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a6cc1c and 5a0f81b.

📒 Files selected for processing (1)

• .github/workflows/tests-sdk.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/tests-sdk.yml

16-16: shellcheck reported issue in this script: SC2086:info:9:44: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/tests-sdk.yml

[error] 1-1: trailing spaces

(trailing-spaces)

---

[error] 2-2: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (11)

• GitHub Check: Build - MacOS x86_64 and aarch64
• GitHub Check: test
• GitHub Check: Build - Linux aarch64
• GitHub Check: connect-test (1.23.x, ubuntu-latest-x64-xlarge)
• GitHub Check: build
• GitHub Check: lint
• GitHub Check: Build - Linux x86_64
• GitHub Check: build
• GitHub Check: test
• GitHub Check: test
• GitHub Check: Analyze (go)

🔇 Additional comments (2)

.github/workflows/tests-sdk.yml (2)

7-10: LGTM!

The job configuration is well-structured and uses appropriate runner.

---

32-40: Improve test execution robustness and documentation.

1. The comment "skip test on tools" needs more context about why these tests are skipped
2. Add error handling for the make command
3. Consider preserving the tools directory or document why it needs to be removed

  run: |
+   set -eo pipefail
    # skip test on tools
+   # TODO: Add explanation why tools tests are skipped
    rm -rf tools
-   make test-all
+   make test-all || {
+     echo "Tests failed. Check the logs above for details."
+     exit 1
+   }

Let me verify if the tools directory contains tests that should be preserved: