Skip to content

feat: use golang 1.25.0 #1927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
songgaoye wants to merge 25 commits into
base: main
Choose a base branch
from
Open

feat: use golang 1.25.0 #1927

songgaoye wants to merge 25 commits into from

Conversation

@songgaoye
Copy link
Contributor

@songgaoye songgaoye commented Dec 3, 2025
edited by coderabbitai bot
Loading

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

  • Have you read the CONTRIBUTING.md?
  • Does your PR follow the C4 patch requirements?
  • Have you rebased your work on top of the latest master?
  • Have you checked your code compiles? (make)
  • Have you included tests for any non-trivial functionality?
  • Have you checked your code passes the unit tests? (make test)
  • Have you checked your code formatting is correct? (go fmt)
  • Have you checked your basic code style is fine? (golangci-lint run)
  • If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
  • If your changes affect the client infrastructure, have you run the integration test?
  • If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
  • If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
  • If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

  • Chores
    • Updated Go toolchain to 1.25 and Nixpkgs to release-25.11; bumped lint/build tooling, updated packaging overlays and build inputs; added gitignore pattern to exclude chain-main artifacts.
  • New Features
    • Added integration-test tooling (Hardhat, TypeScript, ts-node, tsconfig), switched contract installs to npm ci, and expanded pytest markers.
  • Bug Fixes
    • Adjusted expected gas for an ERC20 event test.

✏️ Tip: You can customize this high-level summary in your review settings.

@github-actions github-actions bot added the nix label Dec 3, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 3, 2025
edited
Loading

Walkthrough

Bumps Go toolchains to 1.25.x and upgrades nixpkgs to release-25.11 across CI and Nix; adds a gomod-overlay/gomod2nix wiring and a go_1_25 derivation; updates ethermint pins; adds TypeScript tooling for integration tests; and adjusts macOS SDK inputs and related package/version hashes.

Changes

Cohort / File(s) Summary
GitHub Actions workflows
\.github/workflows/...<br>`.github/workflows/build.yml`, `.github/workflows/codeql-analysis.yml`, `.github/workflows/dependabot-update-all.yml`, `.github/workflows/dependencies-review.yml`, `.github/workflows/lint.yml`, `.github/workflows/release.yml`, `.github/workflows/sims.yml`, `.github/workflows/test.yml``		 Bumped Go versions to ~1.25.x and updated nixpkgs channel references to release-25.11 in multiple jobs/steps; no control-flow changes.
Flake & top-level Nix
\flake.nix`, `default.nix`, `nix/sources.json``		 Switched nixpkgs input to release-25.11; added gomodOverlay/gomod2nix wiring; switched final go to go_1_25; adjusted test-env wiring and modRoot overrides.
Nix overlays & packages
\nix/build_overlay.nix`, `nix/default.nix`, `nix/go-ethereum.nix`, `nix/golangci-lint.nix`, `nix/hermes.nix`, `nix/rocksdb.nix`, `nix/testenv.nix``		 Added go_1_25 derivation and Darwin solc entries; replaced buildGo123Module with buildGoModule (or pinned overrides); updated golangci-lint version/hashes and nativeBuildInputs; replaced Darwin framework inputs with apple-sdk_15; added custom poetry2nix override wiring and test-env pkgs plumbing.
Go module pins & gomod2nix mapping
\go.mod`, `gomod2nix.toml``		 Bumped module Go version to 1.25.x and updated github.com/evmos/ethermint pseudo-version and hash mapping.
Integration tests & JS tooling
\integration_tests/contracts/package.json`, `integration_tests/contracts/tsconfig.json`, `integration_tests/pytest.ini`, `integration_tests/test_basic.py`, `scripts/run-integration-tests``		 Added hardhat and TypeScript dev deps and tsconfig.json; added pytest markers; adjusted an expected gas assertion; changed npm installnpm ci.
Build / lint tooling & repo config
\Makefile`, `.gitignore`, `nix/golangci-lint.nix``		 Bumped GOLANGCI_VERSION, updated lint find/prune rules, added .gitignore pattern chain-main-*; updated golangci package to 2.7.2 with new hashes and nativeBuildInputs.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Areas to focus review on:

  • nix/default.nix — overlay signature changes, buildPackages mapping, chain-maind override and modRoot handling.
  • flake.nix & nix/build_overlay.nix — new gomodOverlay, go_1_25 derivation and gomod2nix overrides.
  • nix/testenv.nix — custom poetry2nix override scope and rpds-py Rust/vendor handling.
  • nix/golangci-lint.nix — version/vendorHash changes and Go pinning via override.
  • CI workflows — ensure consistent Go/Nix pins and actions across workflow files.

Possibly related PRs

Suggested reviewers

  • calvinaco
  • thomas-nguy
  • mmsqe

Poem

🐰 I hopped through flakes and nudged the Go,

Channels rose and overlays now flow,
TypeScript seeds for contracts sown,
macOS SDK snug in apple tone,
Tests will sprint with carrot-powered glow.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'feat: use golang 1.25.0' accurately describes the primary change in the changeset, which is a comprehensive upgrade to Go 1.25.5 across workflow configurations, build system files, and dependency specifications.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch song/go_1.25.0
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa2cd6f and e9407d8.

📒 Files selected for processing (1)
  • nix/build_overlay.nix (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • nix/build_overlay.nix
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: gomod2nix
  • GitHub Check: build (macos-14)
  • GitHub Check: unittest
  • GitHub Check: build (macos-latest)
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: Run golangci-lint
  • GitHub Check: semgrep-cloud-platform/scan

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot added the ci label Dec 3, 2025
@github-actions github-actions bot removed the ci label Dec 4, 2025
@github-actions github-actions bot added the ci label Dec 5, 2025
@github-actions github-actions bot added the build label Dec 6, 2025
@songgaoye songgaoye force-pushed the song/go_1.25.0 branch 2 times, most recently from d78ab09 to 94eb5dc Compare December 15, 2025 10:55
@github-actions github-actions bot removed the build label Dec 15, 2025
@github-actions github-actions bot added the build label Dec 15, 2025
@socket-security
Copy link

socket-security bot commented Dec 15, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgolang/​github.com/​crypto-org-chain/​ethermint@​v0.22.1-0.20251208051817-9f5d1db3246d ⏵ v0.22.1-0.20251210080935-9a1a449c16db7510010010070
Updatednpm/​ts-node@​10.9.1 ⏵ 10.9.297 +110010082100
Updatednpm/​hardhat@​2.26.3 ⏵ 2.27.19410092 +297 +180
Updatednpm/​typescript@​4.7.4 ⏵ 5.9.3100 +110090 -1010090 +10

View full report

@songgaoye songgaoye marked this pull request as ready for review December 15, 2025 11:14
@songgaoye songgaoye requested a review from a team as a code owner December 15, 2025 11:14
@songgaoye songgaoye requested review from calvinaco and thomas-nguy and removed request for a team December 15, 2025 11:14
coderabbitai[bot]
coderabbitai bot reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

♻️ Duplicate comments (1)
nix/default.nix (1)

33-45: Duplicate gomodOverlay pattern.

This is the same pattern as in flake.nix. As noted there, consider extracting to a shared module.

🧹 Nitpick comments (5)
integration_tests/contracts/tsconfig.json (1)

1-11: TS compiler options are sensible for Hardhat; consider stricter settings later

This tsconfig is reasonable for a Hardhat/Node test harness (ES2020 + CommonJS, esModuleInterop, skipLibCheck). Once things stabilize, you might optionally:

  • Flip "strict" to true to catch more type issues.
  • Add explicit "exclude" for node_modules, artifacts, cache to keep the TS project surface small.

These are nice-to-have and not blockers for this PR.

.github/workflows/lint.yml (1)

26-26: Update actions/checkout to v4.

The linting workflow uses actions/checkout@v3, which the static analysis tool flags as too old for modern GitHub Actions. Consider updating to v4 for consistency with other workflows in this PR (e.g., dependabot-update-all.yml already uses v4).

      - uses: actions/checkout@v3
+     - uses: actions/checkout@v4
        with:
          fetch-depth: 0
go.mod (1)

3-3: Verify codebase compatibility with Go 1.25 behavioral changes.

Go 1.25 introduces a fix for a compiler bug (present since 1.21) that could cause programs using a result before checking the error to now correctly panic. Review the codebase for patterns like:

f, err := os.Open("file")
name := f.Name()  // This will now panic if err != nil
if err != nil { ... }

Additionally, go1.25.5 (released 2025-12-02) includes two security fixes to the crypto/x509 package. Consider updating the toolchain directive to go 1.25.5 to include the latest security patches.

flake.nix (1)

95-99: Consider extracting the duplicated gomodOverlay pattern.

The gomodOverlay logic defined here (lines 32-43) is duplicated in nix/default.nix (lines 33-45). If both files need this pattern, consider extracting it to a shared module (e.g., nix/gomod-overlay.nix) to reduce maintenance burden and ensure consistency.

nix/default.nix (1)

13-14: Inconsistent overlay parameter naming: final vs pkgs.

The overlay uses final for the first parameter but the body references pkgs (the second parameter, which is prev/super). This is semantically confusing since final typically refers to the final fixed-point and pkgs/prev refers to the previous overlay result.

For clarity, consider using consistent naming:

-    (final: pkgs: {
-      go = final.go_1_25;
+    (final: prev: {
+      go = final.go_1_25;
       go-ethereum = pkgs.callPackage ./go-ethereum.nix {
-        buildGoModule = pkgs.buildGoModule;
+        buildGoModule = final.buildGoModule;
       };

Alternatively, keep the _: pkgs: pattern used elsewhere in this file if prev isn't needed.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 63b6a38 and d78ab09.

⛔ Files ignored due to path filters (3)
  • flake.lock is excluded by !**/*.lock
  • go.sum is excluded by !**/*.sum
  • integration_tests/contracts/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (27)
  • .github/workflows/build.yml (4 hunks)
  • .github/workflows/codeql-analysis.yml (1 hunks)
  • .github/workflows/dependabot-update-all.yml (1 hunks)
  • .github/workflows/dependencies-review.yml (1 hunks)
  • .github/workflows/lint.yml (3 hunks)
  • .github/workflows/release.yml (2 hunks)
  • .github/workflows/sims.yml (6 hunks)
  • .github/workflows/test.yml (4 hunks)
  • .gitignore (1 hunks)
  • Makefile (1 hunks)
  • default.nix (3 hunks)
  • flake.nix (3 hunks)
  • go.mod (2 hunks)
  • gomod2nix.toml (1 hunks)
  • integration_tests/contracts/package.json (1 hunks)
  • integration_tests/contracts/tsconfig.json (1 hunks)
  • integration_tests/pytest.ini (1 hunks)
  • integration_tests/test_basic.py (1 hunks)
  • nix/build_overlay.nix (1 hunks)
  • nix/default.nix (3 hunks)
  • nix/go-ethereum.nix (2 hunks)
  • nix/golangci-lint.nix (1 hunks)
  • nix/hermes.nix (2 hunks)
  • nix/rocksdb.nix (3 hunks)
  • nix/sources.json (2 hunks)
  • nix/testenv.nix (2 hunks)
  • scripts/run-integration-tests (1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.9)
.github/workflows/lint.yml

26-26: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (200)
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: Lint python
  • GitHub Check: Run golangci-lint
🔇 Additional comments (34)
integration_tests/test_basic.py (1)

114-121: Verify that the new gas expectation reflects actual execution with Go 1.25.0.

The expected gas usage was updated to 564724. While this change is plausible given the Go version upgrade mentioned in the PR, there is no evidence that these tests were executed with Go 1.25.0 to validate the new value.

Please confirm:

  1. Was this test executed with Go 1.25.0, and does it consistently produce a gasUsed of 564724?
  2. What caused the gas increase? (e.g., compiled bytecode differences, runtime changes, ethermint version updates)
  3. Only one other hard-coded exp_gas_used was found in the test suite (test_pruned_node.py:49); are there any other integration tests that may need similar updates?
integration_tests/pytest.ini (1)

4-17: Pytest marker definitions are clear and consistent with integration test usage

Registering these markers avoids PytestUnknownMarkWarning and gives a good taxonomy for selecting subsets (ibc, gov, upgrade, gas, etc.). This looks correct and well-scoped.

scripts/run-integration-tests (1)

10-10: Switch to npm ci improves determinism; ensure lockfile is present and maintained

Using npm ci here is good for reproducible, clean installs, especially under CI. Just make sure integration_tests/contracts has a committed, up‑to‑date lockfile (e.g., package-lock.json), otherwise this step will now fail where npm install previously succeeded.

integration_tests/contracts/package.json (1)

12-20: Hardhat + TypeScript tooling additions align with the existing typechain workflow

Adding hardhat plus ts-node/typescript is consistent with the npx hardhat typechain script and the new TS config. From a config perspective this looks correct; just ensure:

  • The Node version used in integration_tests/shell.nix matches the supported range for this Hardhat + TypeScript combo.
  • The lockfile in this directory is regenerated so CI’s npm ci picks up these exact versions.
.github/workflows/dependencies-review.yml (2)

18-18: Version bump looks good.

The go-version upgrade from 1.24 to 1.25 is straightforward and properly configured.

39-45: Hardcoded vulnerability exception GO-2025-3443 is justified and properly tracked.

This exception references a real CometBFT vulnerability (network stalling via malicious peers) that was fixed in v0.38.17 and v1.0.1. The fix was applied in PR #1736 (Dec 19, 2024), and the codebase currently uses v0.38.19, which contains the patch. The exception is documented in both the CHANGELOG and the workflow comment. No action required.

.github/workflows/codeql-analysis.yml (1)

47-47: Go version upgrade looks good.

The version constraint from ^1.24.0 to ^1.25.0 is appropriately updated and allows patch releases.

.gitignore (1)

28-28: Git ignore pattern added.

The chain-main-* pattern correctly excludes chain-main build artifacts from version control, aligning with Nix build tooling changes elsewhere in the PR.

.github/workflows/build.yml (1)

25-25: Nixpkgs channel upgrade applied consistently.

All four jobs (build, unittest, gomod2nix, contracts) are updated from nixos-22.11 to nixos-25.11 consistently.

Also applies to: 58-58, 108-108, 142-142

.github/workflows/release.yml (1)

19-19: Nixpkgs channel upgrade applied to release workflows.

Both release jobs (Linux and macOS) properly updated from nixos-22.11 to nixos-25.11.

Also applies to: 60-60

.github/workflows/lint.yml (1)

25-25: Go and Nixpkgs versions properly updated.

Go version upgraded to 1.25.0, and nixpkgs channel updated to nixos-25.11 across all three linting jobs (golangci, lint-python, lint-nix).

Also applies to: 29-29, 77-77, 103-103

.github/workflows/dependabot-update-all.yml (1)

29-29: Go version upgrade looks good.

The go-version is properly updated from 1.24 to 1.25 for dependency updates.

nix/sources.json (2)

101-110: Nixpkgs source pinning updated to release-25.11.

The nixpkgs entry is properly updated with:

  • Branch: release-25.11
  • New revision: f27d6578053dfba71ffe5156a8274a552340b730
  • Updated SHA256 hash and tarball URL

Ensure these values match the official release-25.11 branch upstream before merging.

118-122: Poetry2nix entry updated.

Poetry2nix is updated to revision ce2369db77f45688172384bbeb962bc6c2ea6f94 with matching SHA256 hash. This appears consistent with the broader tooling updates.

nix/rocksdb.nix (2)

14-14: Formatting looks good.

The inline comment referencing the nixpkgs issue for the jemalloc condition is helpful for maintainability.

103-123: Clean reformatting of shell script blocks.

The preInstall and postFixup blocks are now properly formatted with cleaner multi-line string handling. The logic remains unchanged.

.github/workflows/test.yml (2)

40-40: Nix channel update aligns with the Go toolchain upgrade.

The nixos-25.11 channel is consistent with the PR's goal of modernizing the build environment.

67-67: Go 1.25 for coverage tooling.

The coverage tool update to go_1_25 aligns with the rest of the toolchain upgrade. Ensure integration tests pass to validate compatibility.

go.mod (1)

306-306: Ethermint dependency update looks consistent.

The ethermint fork version is updated to a newer pseudo-version and is synchronized with the gomod2nix.toml entry.

gomod2nix.toml (1)

327-329: Ethermint mapping correctly synchronized with go.mod.

The version and hash updates are consistent with the replace directive in go.mod, ensuring the Nix build will use the correct ethermint fork version.

.github/workflows/sims.yml (2)

111-113: Consistent Go 1.25 upgrade across simulation tests.

The ^1.25.0 semver constraint allows automatic patch updates, which is good for picking up security fixes while maintaining compatibility.

132-134: Runsim installation job updated.

The Go version is consistently updated to 1.25.0.

nix/hermes.nix (1)

10-10: LGTM! Darwin SDK migration looks correct.

The switch to apple-sdk_15 consolidates the individual framework dependencies (Security, SystemConfiguration) into the unified SDK approach used in nixpkgs 25.11. Retaining darwin.libiconv separately is appropriate since it's not part of the SDK.

Also applies to: 48-51

nix/go-ethereum.nix (1)

6-6: LGTM! Consistent Darwin SDK update.

The migration to apple-sdk_15 aligns with the nixpkgs 25.11 changes and follows the same pattern as other Nix files in this PR. The comment documenting the rationale is appreciated.

Also applies to: 59-63

nix/testenv.nix (2)

7-30: LGTM! Proper rpds-py Rust build override.

The custom override scope correctly handles rpds-py source builds by adding Cargo dependencies and Rust tooling. The conditional check !(old.src.isWheel or false) ensures this only applies to non-wheel sources.

Verify the cargo vendor hash is still valid if rpds-py version changes in the future. A version bump would require updating the hash on line 18.

61-74: LGTM! License format normalization for pyproject.toml.

The postPatch scripts handle the PEP 639 license format migration by removing license-files and converting the license string to the object format.

default.nix (2)

5-5: LGTM! Explicit Go toolchain wiring.

Adding go to inputs and inheriting it in the derivation ensures the build uses the explicitly configured go_1_25 from the overlay rather than relying on implicit resolution.

Also applies to: 43-43

60-60: LGTM! Required for gomod2nix configuration.

The modRoot = "." setting aligns with the updated gomod overlay configuration per the AI summary.

nix/build_overlay.nix (1)

41-76: LGTM! Reasonable workaround for Darwin solc builds.

The Darwin-specific workaround using pre-built macOS binaries is a pragmatic solution for the nixpkgs 25.11 SDK compatibility issues. The fallback to super.solc-static-versions on Linux maintains expected behavior. The two versions defined (solc_0_6_8 and solc_0_8_21) are exactly those referenced in the project's nix files (contracts/shell.nix and nix/gen-binding-shell.nix), so the workaround is complete and sufficient.

flake.nix (2)

32-43: LGTM on the gomodOverlay pattern with modRoot workaround.

The modRoot = "." override addresses the gomod2nix builder issue where a null modRoot causes build failures. This approach correctly exposes buildGoApplication, mkGoEnv, and mkVendorEnv while applying the necessary fix.

3-3: Be aware of known Go 1.25 compatibility issues on macOS.

The release-25.11 branch and go_1_25 package are both available in nixpkgs. However, Go 1.25 has known linking failures on macOS (macOS 15.6+) and CGO behavior changes (CGO_ENABLED=1). Test thoroughly on macOS if that's a supported platform.

Likely an incorrect or invalid review comment.

nix/default.nix (3)

19-30: Good approach for chain-maind Go version compatibility.

The mapping of go_1_23 to go_1_25 via buildPackages override maintains compatibility with chain-main's expected interface while upgrading the actual toolchain. The modRoot = "." fix with the linked PR reference provides good traceability.

85-85: Correct update from buildGo123Module to buildGoModule.

Using the generic buildGoModule is appropriate here since the Go version is now set at the overlay level via go = final.go_1_25. This avoids hardcoding Go version in individual package builds.

67-69: apple-sdk_15 is available in nixpkgs 25.11.

Verified that apple-sdk_15 is defined in all-packages.nix as callPackage ../by-name/ap/apple-sdk/package.nix { darwinSdkMajorVersion = "15"; }. This consolidation of Darwin framework dependencies to apple-sdk_15 follows the correct pattern for nixpkgs 25.11.

Makefile

lint-nix:
find . -name "*.nix" ! -path './integration_tests/contracts/*' ! -path "./contracts/*" | xargs nixfmt -c
find . \( -path './integration_tests/contracts' -o -path './contracts' -o -path './chain-main-*' \) -prune -o -name "*.nix" -print | xargs nixfmt -c
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Excellent refactor—use of -prune is more efficient and idiomatic.

The changes to lint-nix and lint-nix-fix improve the find command by using the -prune predicate to exclude directories before traversing them, rather than filtering results downstream. This reduces filesystem I/O and is the idiomatic approach in find(1).

The syntax is correct: grouping multiple -path patterns with -o, followed by -prune, then -o -name "*.nix" -print to match .nix files in non-pruned directories. The paths being excluded (integration_tests/contracts, contracts, chain-main-*) are sensible for the project.

Also applies to: 143-143

🤖 Prompt for AI Agents 
Makefile around lines 140 and 143: apply the same -prune-based find invocation
to both lint-nix and lint-nix-fix targets so they consistently exclude
./integration_tests/contracts, ./contracts and ./chain-main-* before traversal;
replace the previous post-filtering find pipeline with a single find that groups
the three -path patterns joined by -o, then -prune, then -o -name "*.nix"
-print, and pass those results to nixfmt -c (and to nixfmt for the fix target)
to reduce filesystem I/O and match the approved refactor.

coderabbitai[bot]
coderabbitai bot reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
nix/build_overlay.nix (1)

31-36: Use --replace-fail for safer builds.

The previous review suggested using --replace-fail to ensure the build fails if the patterns aren't found, rather than silently succeeding. This hasn't been addressed yet.

     postPatch = (old.postPatch or "") + ''
       substituteInPlace src/net/lookup_unix.go \
-        --replace 'open("/etc/protocols")' 'open("${final.iana-etc}/etc/protocols")'
+        --replace-fail 'open("/etc/protocols")' 'open("${final.iana-etc}/etc/protocols")'
       substituteInPlace src/net/port_unix.go \
-        --replace 'open("/etc/services")' 'open("${final.iana-etc}/etc/services")'
+        --replace-fail 'open("/etc/services")' 'open("${final.iana-etc}/etc/services")'
     '';
🧹 Nitpick comments (1)
nix/build_overlay.nix (1)

46-59: Consider extracting common derivation logic to reduce duplication.

Both solc_0_6_8 and solc_0_8_21 share nearly identical structure. A helper function would improve maintainability if more versions are needed.

# Example refactor using a helper function:
solc-static-versions =
  if final.stdenv.isDarwin then
    let
      mkSolc = version: sha256: final.stdenv.mkDerivation {
        pname = "solc";
        inherit version;
        src = final.fetchurl {
          url = "https://github.com/ethereum/solidity/releases/download/v${version}/solc-macos";
          inherit sha256;
        };
        dontUnpack = true;
        installPhase = ''
          mkdir -p $out/bin
          cp $src $out/bin/solc-${version}
          chmod +x $out/bin/solc-${version}
        '';
      };
    in {
      solc_0_6_8 = mkSolc "0.6.8" "sha256-W0qCSwXC9nb1a6pRKPeczT9RZ+1RpVMVCD/vl8xEaEc=";
      solc_0_8_21 = mkSolc "0.8.21" "sha256-mzXHa30o2kCPW9XhBfr0XsCXS0+7VdPN3bZ4pJG3PU0=";
    }
  else
    super.solc-static-versions;

Also applies to: 60-73

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d78ab09 and 676b250.

📒 Files selected for processing (9)
  • .github/workflows/codeql-analysis.yml (1 hunks)
  • .github/workflows/dependabot-update-all.yml (1 hunks)
  • .github/workflows/dependencies-review.yml (1 hunks)
  • .github/workflows/lint.yml (3 hunks)
  • .github/workflows/sims.yml (6 hunks)
  • Makefile (2 hunks)
  • go.mod (2 hunks)
  • nix/build_overlay.nix (1 hunks)
  • nix/golangci-lint.nix (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (7)
  • go.mod
  • .github/workflows/codeql-analysis.yml
  • .github/workflows/dependabot-update-all.yml
  • .github/workflows/dependencies-review.yml
  • Makefile
  • .github/workflows/sims.yml
  • nix/golangci-lint.nix
🧰 Additional context used
🪛 actionlint (1.7.9)
.github/workflows/lint.yml

26-26: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
  • GitHub Check: Run golangci-lint
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: unittest
  • GitHub Check: Lint python
  • GitHub Check: build (macos-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: gomod2nix
  • GitHub Check: semgrep-cloud-platform/scan
🔇 Additional comments (2)
.github/workflows/lint.yml (1)

25-25: Go version is only updated in the golangci job; nixos-25.11 is consistent across all three lint jobs.

The go-version setup (1.25.5) appears only in the golangci job (line 25) via actions/setup-go, which is correct since only that job compiles and lints Go code. The lint-python and lint-nix jobs use nix-shell environments instead and do not require explicit Go setup in the workflow.

The nixos-25.11 channel is consistently applied across all three jobs (lines 29, 77, 103). The nix overlay in nix/default.nix already specifies go = final.go_1_25, and nix/build_overlay.nix defines the Go 1.25.5 build itself, ensuring consistency via the nix package definitions rather than workflow duplication.

Likely an incorrect or invalid review comment.

nix/build_overlay.nix (1)

12-21: Go 1.25.5 update looks good.

The version has been updated to 1.25.5 with the corresponding hash, and the comments clearly explain why go_1_24 is used as the base (Windows platform support). The patch filtering for iana-etc-1.17.patch is a reasonable approach.

.github/workflows/lint.yml
with:
go-version: '1.22.7'
go-version: '1.25.5'
- uses: actions/checkout@v3
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Update actions/checkout to v4.

The actions/checkout@v3 action has been flagged as outdated by actionlint and is no longer actively maintained. Migrate to actions/checkout@v4 to ensure security patches and GitHub Actions compatibility.

Apply this diff to update the action:

-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- uses: actions/checkout@v3
- uses: actions/checkout@v4
🧰 Tools
🪛 actionlint (1.7.9)

26-26: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
.github/workflows/lint.yml around line 26: the workflow uses actions/checkout@v3
which is outdated; update the checkout action to actions/checkout@v4 by
replacing the version reference on that line, then commit the change and run
your CI/linter to verify there are no remaining actionlint warnings.

nix/build_overlay.nix
Comment on lines +43 to +76
solc-static-versions =
if final.stdenv.isDarwin then
{
solc_0_6_8 = final.stdenv.mkDerivation rec {
pname = "solc";
version = "0.6.8";
src = final.fetchurl {
url = "https://github.com/ethereum/solidity/releases/download/v${version}/solc-macos";
sha256 = "sha256-W0qCSwXC9nb1a6pRKPeczT9RZ+1RpVMVCD/vl8xEaEc=";
};
dontUnpack = true;
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/solc-0.6.8
chmod +x $out/bin/solc-0.6.8
'';
};
solc_0_8_21 = final.stdenv.mkDerivation rec {
pname = "solc";
version = "0.8.21";
src = final.fetchurl {
url = "https://github.com/ethereum/solidity/releases/download/v${version}/solc-macos";
sha256 = "sha256-mzXHa30o2kCPW9XhBfr0XsCXS0+7VdPN3bZ4pJG3PU0=";
};
dontUnpack = true;
installPhase = ''
mkdir -p $out/bin
cp $src $out/bin/solc-0.8.21
chmod +x $out/bin/solc-0.8.21
'';
};
}
else
super.solc-static-versions;
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check available solc-macos binaries for the specified versions
# by examining GitHub release assets

# Function to safely fetch GitHub API info
check_release_assets() {
  local version=$1
  echo "=== Checking solc v${version} release assets ==="
  
  # Using curl instead of gh CLI for better compatibility
  curl -s "https://api.github.com/repos/ethereum/solidity/releases/tags/v${version}" \
    | jq -r '.assets[] | select(.name | contains("macos")) | .name' 2>/dev/null || echo "Failed to fetch or no macos assets"
  
  echo ""
}

check_release_assets "0.6.8"
check_release_assets "0.8.21"

Repository: crypto-org-chain/cronos

Length of output: 227

🏁 Script executed:

#!/bin/bash
# Try fetching raw JSON output from GitHub API with better error handling
echo "=== Fetching solc 0.6.8 release info ==="
curl -s "https://api.github.com/repos/ethereum/solidity/releases/tags/v0.6.8" | jq '.assets | length' 2>/dev/null && \
curl -s "https://api.github.com/repos/ethereum/solidity/releases/tags/v0.6.8" | jq -r '.assets[].name' 2>/dev/null | head -20

echo ""
echo "=== Fetching solc 0.8.21 release info ==="
curl -s "https://api.github.com/repos/ethereum/solidity/releases/tags/v0.8.21" | jq '.assets | length' 2>/dev/null && \
curl -s "https://api.github.com/repos/ethereum/solidity/releases/tags/v0.8.21" | jq -r '.assets[].name' 2>/dev/null | head -20

Repository: crypto-org-chain/cronos

Length of output: 154

🌐 Web query:

solc 0.6.8 0.8.21 macos binary architecture arm64 aarch64 apple silicon

💡 Result:

Short answer: Official macOS Apple‑Silicon (arm64 / aarch64) solc binaries do NOT exist for v0.6.8 or v0.8.21. Official macOS releases only added Apple‑Silicon support in v0.8.24, so older macOS solc builds are x86_64 (Intel) and must be run under Rosetta or recompiled for arm64. [1][2]

Options

  • Run the shipped macOS x86_64 solc under Rosetta (install Rosetta, then use the Intel binary). (solc-select FAQ / docs). [1]
  • Use Docker (run an official solc image) — isolates architecture differences. [2]
  • Use solc-js / the WASM builds from solc-bin (works on Apple Silicon in JS environments). [3]
  • Build solc from source on your Apple Silicon machine to produce an arm64 binary (or use a community arm64 Linux build if you target Linux). [2][4]

References

  • solc-select (notes about macOS Intel-only for <0.8.24 / Rosetta). [1]
  • Official Solidity releases (Apple Silicon support introduced in v0.8.24). [2]
  • solc-bin / solc-js distribution (WASM/js builds). [3]
  • community arm64 builds (example: 0xidm arm64 builds for Linux — not macOS official). [4]

If you want, I can:

  • give exact commands to run an x86_64 solc under Rosetta on macOS, or
  • show how to build v0.6.8 or v0.8.21 from source for arm64, or
  • fetch a specific download URL for the Intel macOS binary for those versions. Which do you want?

🌐 Web query:

solidity solc-macos x86_64 arm64 release downloads GitHub

💡 Result:

You can download macOS solc binaries (x86_64 and Apple Silicon/arm64) from the Solidity GitHub Releases page — recent releases include a macOS asset (a universal/fat binary named solc-macos or solc-macos-{version}) that runs on both Intel and ARM Macs. See the official releases list and the macOS/Apple‑Silicon note in the Solidity release announcement. [1][2]

Quick links:

  • Solidity GitHub Releases (download assets per tag). [1]
  • Solidity release announcement noting macOS universal binary (Apple Silicon support). [2]

If you want, tell me which Solidity version (or architecture) you need and I’ll fetch the direct asset download link for that release.

Add a comment documenting Rosetta 2 requirement for Apple Silicon.

The solc-macos binaries for v0.6.8 and v0.8.21 are x86_64-only; official Apple Silicon (arm64) binaries were not released until v0.8.24. On Apple Silicon Macs, these binaries will run under Rosetta 2 translation. Add a comment clarifying this requirement, or consider using alternative solutions (Docker, WASM builds) for platforms that cannot use Rosetta 2.

coderabbitai[bot]
coderabbitai bot reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
nix/build_overlay.nix (2)

32-35: Apply --replace-fail as suggested in the previous review.

The past review comment suggested using --replace-fail in the substituteInPlace calls to ensure build failure if the expected patterns are not found. This recommendation has not been implemented.

Apply this diff to add --replace-fail:

     postPatch = (old.postPatch or "") + ''
       substituteInPlace src/net/lookup_unix.go \
-        --replace 'open("/etc/protocols")' 'open("${final.iana-etc}/etc/protocols")'
+        --replace-fail 'open("/etc/protocols")' 'open("${final.iana-etc}/etc/protocols")'
       substituteInPlace src/net/port_unix.go \
-        --replace 'open("/etc/services")' 'open("${final.iana-etc}/etc/services")'
+        --replace-fail 'open("/etc/services")' 'open("${final.iana-etc}/etc/services")'
     '';

46-81: Document the Rosetta 2 requirement for Apple Silicon as suggested in the previous review.

The solc binaries for versions 0.6.8 and 0.8.21 are x86_64-only (Apple Silicon support was added in v0.8.24). On Apple Silicon Macs, these binaries will run under Rosetta 2 translation. As noted in the previous review, this requirement should be documented.

Apply this diff to add clarifying documentation:

   # solc-static-versions is broken on Darwin in nixpkgs 25.11 due to legacy SDK usage
-  # On Darwin: use pre-built macOS binaries. On Linux: use the original nixpkgs derivations.
+  # On Darwin: use pre-built macOS binaries (x86_64; requires Rosetta 2 on Apple Silicon for v0.6.8 and v0.8.21).
+  # On Linux: use the original nixpkgs derivations.
   solc-static-versions =
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 676b250 and ad72041.

📒 Files selected for processing (1)
  • nix/build_overlay.nix (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)
  • GitHub Check: gomod2nix
  • GitHub Check: build (macos-latest)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-14)
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: Run golangci-lint
  • GitHub Check: semgrep-cloud-platform/scan

coderabbitai[bot]
coderabbitai bot reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
nix/build_overlay.nix (1)

50-68: Add comment documenting Rosetta 2 requirement for Apple Silicon.

The solc-macos binaries for v0.6.8 and v0.8.21 are x86_64-only; official Apple Silicon (arm64) binaries were not released until v0.8.24. On Apple Silicon Macs, these binaries run under Rosetta 2 translation. A brief comment would help future maintainers understand this platform constraint.

   # solc-static-versions is broken on Darwin in nixpkgs 25.11 due to legacy SDK usage
   # On Darwin: use pre-built macOS binaries. On Linux: use the original nixpkgs derivations.
+  # Note: These macOS binaries are x86_64-only. On Apple Silicon, Rosetta 2 is required.
   solc-static-versions =
🧹 Nitpick comments (1)
nix/build_overlay.nix (1)

35-40: Consider using --replace-fail for safer substitutions.

Using --replace silently succeeds even if the pattern isn't found. If Go source files change in future patch releases, the build would succeed but produce incorrect binaries that still reference /etc/protocols and /etc/services.

     postPatch = (old.postPatch or "") + ''
       substituteInPlace src/net/lookup_unix.go \
-        --replace 'open("/etc/protocols")' 'open("${final.iana-etc}/etc/protocols")'
+        --replace-fail 'open("/etc/protocols")' 'open("${final.iana-etc}/etc/protocols")'
       substituteInPlace src/net/port_unix.go \
-        --replace 'open("/etc/services")' 'open("${final.iana-etc}/etc/services")'
+        --replace-fail 'open("/etc/services")' 'open("${final.iana-etc}/etc/services")'
     '';
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad72041 and fa2cd6f.

📒 Files selected for processing (1)
  • nix/build_overlay.nix (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)
  • GitHub Check: unittest
  • GitHub Check: build (ubuntu-latest)
  • GitHub Check: build (macos-latest)
  • GitHub Check: gomod2nix
  • GitHub Check: build (macos-14)
  • GitHub Check: integration_tests (gas)
  • GitHub Check: integration_tests (gov)
  • GitHub Check: integration_tests (ica)
  • GitHub Check: integration_tests (evm)
  • GitHub Check: integration_tests (mint)
  • GitHub Check: integration_tests (upgrade)
  • GitHub Check: Run golangci-lint
  • GitHub Check: integration_tests (ibc_rly_gas)
  • GitHub Check: integration_tests (ibc)
  • GitHub Check: integration_tests (ibc_timeout)
  • GitHub Check: integration_tests (ibc_update_client)
  • GitHub Check: integration_tests (unmarked)
  • GitHub Check: integration_tests (slow)
  • GitHub Check: integration_tests (ibc_rly_evm)
  • GitHub Check: semgrep-cloud-platform/scan
🔇 Additional comments (1)
nix/build_overlay.nix (1)

12-15: LGTM!

The backwards compatibility alias for windows.threadspthreads is correctly implemented and well-documented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@calvinaco calvinaco Awaiting requested review from calvinaco calvinaco is a code owner automatically assigned from crypto-org-chain/cronos-dev

@thomas-nguy thomas-nguy Awaiting requested review from thomas-nguy thomas-nguy is a code owner automatically assigned from crypto-org-chain/cronos-dev

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

build ci nix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@songgaoye