Skip to content
  1. Sep 28, 2023
    • Xavier Lau's avatar
      Add `MaxTipAmount` for pallet-tips (#1709) · de71fecc
      Xavier Lau authored 
      Last week we experienced a governance attack.
Surprisingly, there was no upper limit on the tip amount.

Due to the mechanism of pallet-fragment-election, the council members
will be refreshed immediately. Attacker is easy to control the council
and give a large tip amount.
      de71fecc
    • Xiliang Chen's avatar
      add some events for pallet-bounties (#1706) · b50d8e6f
      Xiliang Chen authored 
      Add missing events for pallet-bounties
      b50d8e6f
    • Javyer's avatar
      Added `review-bot` to fine tune review requirements (#1673) · 4384c613
      Javyer authored 
      Created a Github Action that uses the [Review-Bot
app](https://github.com/paritytech/review-bot) to require more fine
tuned requirements to review pull requests before allowing the PR to be
merged.

This uses
[`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target)
for the event, not `pull_request`. This is a security measure so that an
attacker doesn’t have access to the secrets.

All the rules have been copied from the original
`.github/pr-custom-review.yml` file.

I want to clarify, this particular commit is **not intended to replace
PRCR yet**.

# Advantages it brings over `PRCR`

Most of the features available in `PRCR` have been duplicated and
enhanced. For a complete detailed write up, please see:
- paritytech/pr-custom-review#114 -> Proposal for the rewrite
- [Review Bot
Documentation](https://github.com/paritytech/review-bot/blob/main/README.md)

The most important features are:
- `include` and `exclude` fields now accept an array, making it easier
to read the regular expressions.
- Ability to skip a rule
- We can set that PRs coming from a particular user or team will cause
the rule to be skipped.
- This is used in the `Audit rule`, which was requested by
@the-right-joyce.
  - This resolves paritytech/pr-custom-review#136
- Ability to request fellows instead of teams
- As requested in polkadot-fellows/runtimes#7, this bot has the ability
to request fellows by rank instead of users.
- We currently have polkadot-fellows/runtimes#31 which is using that
feature.

Aside from all the rules available in `PRCR` I have added a particular
rule to lock the review-bot files and require a review from the
`locks-review` team, the @paritytech/ci team and the
@paritytech/opstooling team to ensure that the file has been written
correctly.

## Next steps

The next steps will consist on paritytech/review-bot#53, once this issue
has been resolved, and `review-bot` has worked without any issues on
this repository for a while, we will upgrade it to be able to fully
replace `PRCR`.
      4384c613
    • Dónal Murray's avatar
      Add event field names to HRMP Event variants (#1695) · 4bc97e48
      Dónal Murray authored 
      Update the HRMP pallet to use field names for Event variants to improve
metadata for a better client experience.
Event variants are now structs instead of unnamed tuples.

Partially implements Substrate issue
[9903](https://github.com/paritytech/substrate/issues/9903) which
doesn't appear to have been moved to the monorepo.
      4bc97e48
  3. Sep 27, 2023
  5. Sep 26, 2023
    • dependabot[bot]'s avatar
      Bump directories from 4.0.1 to 5.0.1 (#1656) · a846b746
      dependabot[bot] authored 
      Bumps [directories](https://github.com/soc/directories-rs) from 4.0.1 to
5.0.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/soc/directories-rs/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=directories&package-manager=cargo&previous-version=4.0.1&new-version=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores

)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: default avatardependabot[bot] <[email protected]>
Co-authored-by: default avatardependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
      a846b746
    • Dónal Murray's avatar
      Allow debug_assertions in short-benchmarks CI job (#1711) · 7d3ce4df
      Dónal Murray authored 
      Add debug_assertions to WASM builds in the short-benchmarks CI job.

Disallow warnings, show a full backtrace and remove the WASM output
colour to improve information from this CI step in the event of a failure.

This is motivated by a
[case](https://github.com/paritytech/polkadot-sdk/pull/1676/commits/23d64918be3ca68413050383c5d8a73f63d451dd)
where a benchmark was misconfigured in master and failing to send
notifications, but passing CI. We don't want this to fail if the problem
happens in production, but ideally we'd know from the CI if it was
misconfigured and the messages weren't getting sent, as that could
(would?) affect the weights that the benchmark generates.

Enabling debug-assertions in WASM builds for the short-benchmarks would
catch "soft" failures like this in future.
      7d3ce4df
    • Alexandru Vasile's avatar
      chainHead/storage: Fix storage iteration using the query key (#1665) · cc50eda0
      Alexandru Vasile authored 
      

This PR ensures that all storage keys under a prefix are returned by the
`chainHead_storage` method.

Before this PR, the `storage_keys` was used with just the `start_key`.
Before the pagination event was generated, the last reported key
`last_key` was saved internally.
When the pagination is resumed, the `last_key` will serve as the next
`start_key` to the `storage_keys` API.

However, this behavior does not function properly for non-prefixed
storage keys.

Entry keys `a`, `ab`, `abc` share a common prefix and therefore the `ab`
key leads to `abc`.
However, for `a`, `ab`, `aB` and `abc`, the `aB` key does not
immediately lead to `abc`.

To mitigate this, the PR saves the start key of the query, together with
the next pagination key.
Improve testing to ensure we have a key entry that doesn't share the
prefix with the descendant key.

@paritytech/subxt-team

---------

Signed-off-by: default avatarAlexandru Vasile <[email protected]>
      cc50eda0
  7. Sep 25, 2023
  9. Sep 24, 2023
  11. Sep 22, 2023
  13. Sep 21, 2023
  15. Sep 20, 2023