Resuscitated Arbitrum Sepolia to Sepolia devnet deployment

[mani99brar]

• Updated AMB addresses for deployments.
• Redeployment of Arbitrum Sepolia to Sepolia route contracts (devnet).
• New deployments of subgraphs for inbox and outbox of arbSep->Sep devnet (Veascan).
• New deployment of subgraph for "relayer-cli" (devnet).
• Updated lightbulb switch address for devnet relay example.

---

PR-Codex overview

This PR focuses on updating various configurations, addresses, and dependencies across multiple files, enhancing the functionality and compatibility of the project. It also introduces new environment variables for subgraph endpoints and makes changes to the contract deployments.

Detailed summary

• Added a new JSON file 11155111.json with ts and nonce.
• Updated dotenv version in package.json files.
• Changed amb addresses in multiple contract deployment files.
• Updated start and build scripts in veascan-web/package.json.
• Introduced new environment variables for subgraph endpoints.
• Modified getInboxSubgraph function to use environment variables.
• Updated CODEOWNERS with new contributors.
• Changed deployment addresses in VeaInboxArbToEthDevnet.json.

The following files were skipped due to too many changes: contracts/deployments/arbitrumSepolia/VeaInboxArbToEthDevnet.json, yarn.lock, contracts/deployments/sepolia/VeaOutboxArbToEthDevnet.json

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

Summary by CodeRabbit

• New Features
  • Enhanced management of different environments (devnet, testnet, mainnet) with specific scripts for starting, building, and generating code tailored to each environment.
  • Added support for custom arguments in ShellCheck configuration.
• Bug Fixes
  • Upgraded various dependencies, which may include bug fixes and performance improvements.
• Documentation
  • Updated .gitignore to prevent tracking of new environment configuration files.
• Chores
  • Cleaned up and organized scripts for better usability across different deployment environments.
  • Updated ownership assignments in GitHub configuration files.

[netlify]

✅ Deploy Preview for veascan ready!

Name	Link
🔨 Latest commit	7cb9d80
🔍 Latest deploy log	https://app.netlify.com/sites/veascan/deploys/66f18eff0d5aee0008fee796
😎 Deploy Preview	https://deploy-preview-305--veascan.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[coderabbitai]

Walkthrough

The recent updates involve adjustments to various configuration files, including GitHub workflows, package management, and environment settings. Key changes include upgrading action versions in the GitHub workflow, expanding the .gitignore file to include more environment files, and enhancing the package.json files across multiple projects with new scripts for environment-specific operations. Additionally, a new Bash script was introduced to streamline command execution in different deployment environments.

Changes

Files	Change Summary
.github/CODEOWNERS, .github/workflows/sonarcloud.yml	Updated ownership assignments and action versions for harden-runner, checkout, and sonarcloud-github-action.
.gitignore	Added entries for various environment files under a new section.
.vscode/settings.json	Added configuration for ShellCheck custom arguments.
contracts/package.json, relayer-cli/package.json, validator-cli/package.json	Updated dotenv dependency version across multiple projects.
veascan-web/package.json	Introduced environment-specific scripts for starting, building, and generating code.
veascan-web/scripts/runEnv.sh	Added a new script for executing commands in different deployment environments.

🐰 Hopping through the code, what a fine sight,
New addresses gleam, shining so bright!
Contracts updated, paths are clear,
A jump to the future, hopping with cheer!
In the blockchain garden, we play all day,
With every change, we hop and say, “Hooray!” 🌟

---

Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 57a7cf1 and 7cb9d80.

Files selected for processing (1)

• .github/CODEOWNERS (1 hunks)

Additional comments not posted (4)

.github/CODEOWNERS (4)

2-2: Default ownership updated.

The default ownership has been changed from @jaybuidl @shotaronowhere to @jaybuidl @mani99brar. This change affects the entire repository by default.

Please ensure that @mani99brar has the necessary permissions and knowledge to review all parts of the codebase. You can verify this by running:

#!/bin/bash
# Description: Verify @mani99brar's repository permissions

# Test: Check @mani99brar's permissions. Expect: Collaborator or Admin role.
gh api repos/:owner/:repo/collaborators/mani99brar --jq '.permissions'

---

11-11: .gitignore ownership updated.

The ownership for .gitignore has been changed from @jaybuidl @shotaronowhere @alcercu to @jaybuidl @mani99brar @alcercu.

Please ensure that @mani99brar is familiar with the project's file exclusion policies. You can verify this by checking their recent contributions:

#!/bin/bash
# Description: Check @mani99brar's recent contributions to .gitignore

# Test: Search for recent commits by @mani99brar affecting .gitignore. Expect: Recent commits modifying .gitignore.
git log --author="mani99brar" --since="3 months ago" -- .gitignore

---

10-10: yarn.lock ownership updated.

The ownership for yarn.lock has been changed from @jaybuidl @shotaronowhere @alcercu to @jaybuidl @mani99brar @alcercu.

Please ensure that @mani99brar is familiar with the project's dependency management practices. You can verify this by checking their recent contributions:

---

2-11: Summary: Ownership transfer from @shotaronowhere to @mani99brar

The changes in this file consistently replace @shotaronowhere with @mani99brar for default ownership and specific file ownerships (yarn.lock and .gitignore). This appears to be a systematic update of code ownership.

Please ensure that this ownership transfer was an intentional and approved decision. You can verify this by checking for any relevant team discussions or decisions:

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 992dc11 and 258cb11.

Files selected for processing (13)

• contracts/README.md (1 hunks)
• contracts/deploy/01-outbox/01-arb-sepolia-to-chiado-outbox.ts (1 hunks)
• contracts/deploy/01-outbox/01-arb-to-gnosis-outbox.ts (1 hunks)
• contracts/deploy/02-inbox/02-chiado-to-arb-sepolia-inbox.ts (1 hunks)
• contracts/deploy/02-inbox/02-gnosis-to-arb-inbox.ts (1 hunks)
• contracts/deploy/03-routers/03-arb-to-gnosis-router.ts (1 hunks)
• contracts/deploy/03-routers/03-chiado-to-arb-sepolia-router.ts (1 hunks)
• contracts/deploy/03-routers/03-gnosis-to-arb-router.ts (1 hunks)
• contracts/deployments/arbitrumSepolia/VeaInboxArbToEthDevnet.json (3 hunks)
• veascan-subgraph-inbox/src/VeaInbox.ts (1 hunks)
• veascan-subgraph-inbox/subgraph.yaml (1 hunks)
• veascan-subgraph-outbox/subgraph.yaml (1 hunks)
• veascan-web/src/consts/bridges.ts (2 hunks)

Files skipped from review due to trivial changes (3)

• contracts/README.md
• veascan-subgraph-inbox/src/VeaInbox.ts
• veascan-web/src/consts/bridges.ts

Additional comments not posted (20)

veascan-subgraph-inbox/subgraph.yaml (2)

13-13: Confirm the start block for indexing.

The start block 69673433 should be verified to ensure it aligns with the deployment and event history of the contract.

---

11-11: Verify the updated contract address.

Ensure that the new address 0x0B5851fE2a931F619F73E739E5435C43976f1D68 is correct and corresponds to the intended deployment on the Sepolia network.

Verification successful

---

Contract Address Verified

The contract address 0x0B5851fE2a931F619F73E739E5435C43976f1D68 is correctly associated with the intended deployment on the Sepolia network, as confirmed by references in the README and JSON configuration files.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the new contract address for VeaInbox on Sepolia.

# Test: Check if the address is correctly deployed and matches the expected contract.
rg --type yaml $'0x0B5851fE2a931F619F73E739E5435C43976f1D68'

Length of output: 156

---

Script:

#!/bin/bash
# Description: Check for any deployment metadata or documentation that might confirm the contract address on Sepolia.

# Search for any README or documentation files that might mention the Sepolia deployment.
fd --type f --name 'README*' --exec rg -i 'Sepolia' {}

# Additionally, check for any JSON or config files that might list contract addresses for Sepolia.
fd --type f --name '*.json' --exec rg -i '0x0B5851fE2a931F619F73E739E5435C43976f1D68' {}

Length of output: 649

---

Script:

#!/bin/bash
# Description: Corrected script to check for any deployment metadata or documentation that might confirm the contract address on Sepolia.

# Search for any README or documentation files that might mention the Sepolia deployment.
fd 'README*' -t f -x rg -i 'Sepolia' {}

# Additionally, check for any JSON or config files that might list contract addresses for Sepolia.
fd '.json' -t f -x rg -i '0x0B5851fE2a931F619F73E739E5435C43976f1D68' {}

Length of output: 1150

veascan-subgraph-outbox/subgraph.yaml (2)

9-9: Verify the updated contract address.

Ensure that the new address 0xb8BF3B6bd3E1a0Cc9E2dB77dd492503310514674 is correct and corresponds to the intended deployment on the Sepolia network.

---

11-11: Confirm the start block for indexing.

The start block 6458841 should be verified to ensure it aligns with the deployment and event history of the contract.

contracts/deploy/02-inbox/02-chiado-to-arb-sepolia-inbox.ts (1)

13-13: Verify the updated AMB address.

Ensure that the new address 0x8448E15d0e706C0298dECA99F0b4744030e59d7d is correct and corresponds to the intended deployment on the Gnosis Chain.

contracts/deploy/02-inbox/02-gnosis-to-arb-inbox.ts (1)

18-18: Verify the updated amb address for GNOSIS_CHIADO.

Ensure that the new address 0x8448E15d0e706C0298dECA99F0b4744030e59d7d is correct and has been deployed correctly in the intended environment.

contracts/deploy/03-routers/03-chiado-to-arb-sepolia-router.ts (1)

13-13: Verify the updated amb address for ETHEREUM_SEPOLIA.

Ensure that the new address 0xf2546D6648BD2af6a008A7e7C1542BB240329E11 is correct and has been deployed correctly in the intended environment.

contracts/deploy/03-routers/03-arb-to-gnosis-router.ts (1)

18-18: Verify the updated amb address for ETHEREUM_SEPOLIA.

Ensure that the new address 0xf2546D6648BD2af6a008A7e7C1542BB240329E11 is correct and has been deployed correctly in the intended environment.

contracts/deploy/03-routers/03-gnosis-to-arb-router.ts (1)

18-18: Verify the correctness of the updated amb address.

The amb address for ETHEREUM_SEPOLIA has been updated. Ensure that this new address is accurate and corresponds to the intended contract on the Sepolia network.

contracts/deploy/01-outbox/01-arb-sepolia-to-chiado-outbox.ts (1)

18-18: Verify the correctness of the updated amb address.

The amb address for GNOSIS_CHIADO has been updated. Ensure that this new address is accurate and corresponds to the intended contract on the Chiado network.

contracts/deploy/01-outbox/01-arb-to-gnosis-outbox.ts (1)

34-34: Verify the correctness of the updated amb address.

The amb address for GNOSIS_CHIADO has been updated. Ensure that this new address is accurate and corresponds to the intended contract on the Chiado network.

contracts/deployments/arbitrumSepolia/VeaInboxArbToEthDevnet.json (9)

276-276: Ensure consistency of the contractAddress.

The contractAddress has been updated to 0x0B5851fE2a931F619F73E739E5435C43976f1D68, matching the address field. Verify consistency across the file.

---

294-294: Confirm the updated metadata.

The metadata now reflects Solidity compiler version 0.8.24+commit.e11b9ed9. Ensure compatibility with the contract's functionality and intended deployment.

---

283-283: Verify the updated blockNumber.

The blockNumber has been updated to 69673433. Ensure this is correct and aligns with the network context.

---

272-272: Confirm the updated transaction hash.

The transaction hash has been updated to 0x7674d99ee55a96489ff207c6218b54bdff86c7e8cedd9090dbcd5a2299946b3d. Ensure this is correct and corresponds to the intended transaction.

---

275-275: Confirm the updated from address.

The from address has been updated to 0xFa00D29d378EDC57AA1006946F0fc6230a5E3288. Ensure this address is correct and intended for the transaction.

---

2-2: Confirm the updated contract address.

The contract address has been updated to 0x0B5851fE2a931F619F73E739E5435C43976f1D68. Ensure this matches the intended deployment on the Arbitrum network.

Verification successful

---

Contract address update verified.

The contract address 0x0B5851fE2a931F619F73E739E5435C43976f1D68 is consistently used across the relevant JSON files. Ensure this matches the intended deployment strategy for both the inbox and outbox configurations. If this is intentional, no further action is needed.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the updated contract address in the codebase.

# Test: Search for the contract address usage. Expect: Only occurrences of the new address.
rg --type json '0x0B5851fE2a931F619F73E739E5435C43976f1D68'

Length of output: 428

---

290-290: Confirm the updated args.

The args field has been updated to include 0xb8BF3B6bd3E1a0Cc9E2dB77dd492503310514674. Ensure this change is intended and correct for the contract invocation.

Verification successful

---

Consistent Use of Updated args Address

The address 0xb8BF3B6bd3E1a0Cc9E2dB77dd492503310514674 is consistently used across multiple deployment JSON files, indicating that its inclusion is likely intentional and correct for the contract invocation. Ensure this address is indeed the intended one for all related contract configurations.

• Found in contracts/deployments/arbitrumSepolia/VeaInboxArbToEthDevnet.json
• Also found in contracts/deployments/sepolia/VeaOutboxArbToEthDevnet.json

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the updated `args` in the codebase.

# Test: Search for the `args` usage. Expect: Only occurrences of the new argument.
rg --type json '0xb8BF3B6bd3E1a0Cc9E2dB77dd492503310514674'

Length of output: 544

---

278-278: Review the increased gasUsed.

The gasUsed has increased to 1398728. Ensure this increase is expected and justified by the deployment changes.

---

293-293: Verify the updated solcInputHash.

The solcInputHash has been updated to 0d66bd5cfdf493ed8e081e9f7e1bf4fa. Ensure this corresponds to the updated Solidity compiler version.

Verification successful

---

Verification successful for solcInputHash update.

The updated solcInputHash in VeaInboxArbToEthDevnet.json and VeaOutboxArbToEthDevnet.json corresponds to recent changes in the Solidity files and configurations. This update is consistent with the expected behavior when multiple deployments use the same compiler and configuration. No issues found.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the updated `solcInputHash` in the codebase.

# Test: Search for the `solcInputHash` usage. Expect: Only occurrences of the new hash.
rg --type json '0d66bd5cfdf493ed8e081e9f7e1bf4fa'

Length of output: 284

---

Script:

#!/bin/bash
# Description: Check for recent changes in Solidity files and configurations.

# Find all Solidity files that might be related.
fd --extension sol

# Check recent changes in Solidity files.
git log -p -- contracts/**/*.sol

# Check for changes in configuration files that might affect the Solidity input.
git log -p -- '*.json' ':!contracts/deployments/**/*'

Length of output: 269812

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 258cb11 and 83b892c.

Files selected for processing (4)

• relayer-cli/src/devnetRelayExample.ts (1 hunks)
• relayer-cli/src/utils/proof.ts (2 hunks)
• relayer-cli/src/utils/relay.ts (2 hunks)
• relayer-subgraph-inbox/subgraph.yaml (1 hunks)

Files skipped from review due to trivial changes (1)

• relayer-cli/src/utils/relay.ts

Additional comments not posted (5)

relayer-subgraph-inbox/subgraph.yaml (2)

9-9: Verify the new contract address.

Ensure that the new address 0x0B5851fE2a931F619F73E739E5435C43976f1D68 is correct and corresponds to the intended contract on the Arbitrum Sepolia network.

---

11-11: Verify the new start block.

Ensure that the new start block 69673433 is correct and aligns with the block number where the new contract deployment occurred.

relayer-cli/src/utils/proof.ts (2)

8-8: Verify the new subgraph endpoint identifier.

Ensure that the new identifier 85918 is correct and corresponds to the intended subgraph.

---

42-42: Verify the new subgraph endpoint identifier.

Ensure that the new identifier 85918 is correct and corresponds to the intended subgraph.

relayer-cli/src/devnetRelayExample.ts (1)

26-26: Verify the new sender address.

Ensure that the new address 0x28d6D503F4c5734cD926E96b63C61527d975B382 is correct and intended for use in the relay operations.

[fcanela]

I did an initial review without running code (I don't have the repo configured locally yet) but it looks great. I've pointed minor maintenance improvements that can be made. Good job!

[fcanela]

ignoreable Nice comment, it made it very easy to figure out where the value came from

[fcanela]

Consider extracting this into an environment variable, if not the whole prefix at least the magic number

[mani99brar]

Done in commit.

[fcanela]

Same suggestion about extracting to env vars

[fcanela]

Same suggestion about extracting to env vars

[fcanela]

Same suggestion about extracting to env vars

[fcanela]

Same suggestion about extracting to env vars

[mani99brar]

Yep, will do.

[fcanela]

Same comment regarding commented code

[fcanela]

I'm going to download the repo locally now and check everything in context. If I find anything, I'll update you.

[coderabbitai]

Actionable comments posted: 1

Outside diff range, codebase verification and nitpick comments (1)

relayer-cli/.env.dist (1)

12-13: Approve the addition of new environment variables.

The new environment variables VEAINBOX_ARBSEPOLIA_TO_SEPOLIA_SUBGRAPH and VEAINBOX_ARBSEPOLIA_TO_CHIADO_SUBGRAPH have been correctly added to specify subgraph endpoint configurations. However, ensure that these variables are documented properly and that their usage is clear in the context of the application.

Consider adding comments in the .env.dist file to explain the purpose of these new variables and provide examples of valid values.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 83b892c and f01e4f9.

Files selected for processing (6)

• relayer-cli/.env.dist (1 hunks)
• relayer-cli/src/consts/bridgeRoutes.ts (1 hunks)
• relayer-cli/src/devnetRelayExample.ts (2 hunks)
• relayer-cli/src/state/11155111.json (1 hunks)
• relayer-cli/src/utils/proof.ts (3 hunks)
• relayer-cli/src/utils/relay.ts (6 hunks)

Files skipped from review due to trivial changes (1)

• relayer-cli/src/state/11155111.json

Additional comments not posted (3)

relayer-cli/src/utils/proof.ts (1)

Line range hint 2-79: Approve the changes and suggest verification.

The replacement of the getSubgraph function with getInboxSubgraph and the simplification of the URL format used in requests are positive changes aimed at standardizing and simplifying the retrieval of subgraph data. However, verify the impact of removing the version segment from the URL on API responses.

Consider testing the new URL format in different environments to ensure that the API responds as expected without the version segment.

relayer-cli/src/devnetRelayExample.ts (1)

25-25: Verify new sender address and chain ID.

The sender address has been updated to 0x28d6D503F4c5734cD926E96b63C61527d975B382, and the chain ID array now contains only 11155111. Please verify the correctness of these values and ensure they are intended for the Sepolia devnet environment. Additionally, consider adding comments to explain the choice of the specific chain ID, as this helps maintain clarity for future modifications.

Also applies to: 3-3

Verification successful

---

Changes verified for Sepolia devnet environment.

The sender address 0x28d6D503F4c5734cD926E96b63C61527d975B382 and chain ID 11155111 are correctly implemented across the codebase, aligning with the Sepolia devnet environment. Consider adding comments to explain the choice of the specific chain ID to enhance clarity for future modifications.

• relayer-cli/src/devnetRelayExample.ts: Sender address and chain ID usage.
• contracts/hardhat.config.ts: Chain ID configuration for Sepolia.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the correctness of the new sender address and chain ID in the configuration files.

# Test: Search for the sender address and chain ID in the configuration files. Expect: Only occurrences of the new values.
rg --type json -A 5 $'0x28d6D503F4c5734cD926E96b63C61527d975B382|11155111'

Length of output: 75

---

Script:

#!/bin/bash
# Description: Search for the sender address and chain ID across all file types, focusing on TypeScript files.

# Search for the sender address in TypeScript files.
rg --type ts -A 5 '0x28d6D503F4c5734cD926E96b63C61527d975B382'

# Search for the chain ID in TypeScript files.
rg --type ts -A 5 '11155111'

Length of output: 7526

relayer-cli/src/utils/relay.ts (1)

5-5: Approve the introduction of getBridgeConfig.

The introduction of getBridgeConfig and the removal of getParams are approved as they enhance code clarity and maintainability by centralizing configuration retrieval. Please ensure that getBridgeConfig is correctly integrated across all relevant parts of the codebase where configuration data is required.

Also applies to: 33-33, 46-46, 71-71

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f01e4f9 and 69285d8.

Files selected for processing (1)

• relayer-cli/src/consts/bridgeRoutes.ts (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• relayer-cli/src/consts/bridgeRoutes.ts

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 69285d8 and d302601.

Files selected for processing (2)

• .env.dist (1 hunks)
• veascan-web/src/consts/bridges.ts (2 hunks)

Files skipped from review due to trivial changes (1)

• .env.dist

Additional comments not posted (2)

veascan-web/src/consts/bridges.ts (2)

44-44: LGTM!

The code changes are approved.

---

46-46: LGTM!

The code changes are approved.

[fcanela]

I reviewed it without performing any execution. Code wise it looks good.

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between d302601 and a941696.

Files selected for processing (4)

• veascan-web/.env.devnet.example (1 hunks)
• veascan-web/codegen.ts (1 hunks)
• veascan-web/package.json (1 hunks)
• veascan-web/scripts/runEnv.sh (1 hunks)

Additional context used

Shellcheck

veascan-web/scripts/runEnv.sh

[warning] 10-10: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.

(SC2124)

---

[error] 18-18: Arrays implicitly concatenate in [[ ]]. Use a loop (or explicit * instead of @).

(SC2199)

---

[warning] 18-18: Remove quotes from right-hand side of =~ to match as a regex rather than literally.

(SC2076)

---

[error] 19-19: Argument mixes string and array. Use * or separate argument.

(SC2145)

---

[warning] 27-27: ShellCheck can't follow non-constant source. Use a directive to specify location.

(SC1090)

Additional comments not posted (7)

veascan-web/.env.devnet.example (2)

1-3: LGTM!

The environment variable declarations for the Arbitrum Sepolia to Sepolia subgraph endpoints are clear and follow a consistent naming convention.

Please ensure to replace the placeholders 11111/your-subgraph/version/your-version with the actual subgraph IDs and versions before using this configuration file.

---

5-6: LGTM!

The environment variable declarations for the Arbitrum Sepolia to Chiado subgraph endpoints are clear and follow a consistent naming convention.

Please ensure to replace the placeholders 11111/your-subgraph/version/your-version with the actual subgraph IDs and versions before using this configuration file.

veascan-web/codegen.ts (1)

6-7: Excellent use of environment variables for configuration!

Replacing the hardcoded subgraph URLs with environment variables is a great improvement. It enhances the flexibility and maintainability of the codebase by allowing the subgraph endpoints to be easily configured without modifying the code.

This change aligns well with the PR objective of updating the deployment configurations for the Arbitrum network.

veascan-web/package.json (4)

34-34: LGTM!

The simplification of the clean script to remove both directories in a single command is a good improvement. It makes the script more concise and efficient.

---

35-38: Great improvement in managing environment-specific start scripts!

Replacing the single start script with environment-specific scripts (start-devnet, start-testnet, start-mainnet) and utilizing a common runEnv.sh script for environment setup is a great approach. It enhances clarity, flexibility, and consistency in managing different environments for starting the application.

---

39-42: Excellent consistency in managing environment-specific build scripts!

Replacing the single build script with environment-specific scripts (build-devnet, build-testnet, build-mainnet) and utilizing the runEnv.sh script for environment setup is a great approach. It maintains consistency with the start scripts and enhances clarity, flexibility, and consistency in managing different environments for building the application.

---

45-48: Excellent addition of environment-specific code generation scripts!

Expanding the generate script to include environment-specific scripts (generate-devnet, generate-testnet, generate-mainnet) and utilizing the runEnv.sh script for environment setup is a great approach. It maintains consistency with the start and build scripts and enhances clarity, flexibility, and consistency in managing code generation for different environments.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (3)

.vscode/settings.json (1)

13-16: LGTM! Consider grouping related settings for better organization.

The addition of the ShellCheck configuration and the specification of yarn as the ESLint package manager are good improvements to the development environment. These changes will enhance code quality checks for both JavaScript and shell scripts.

For better organization and readability, consider grouping related settings together. For example:

{
  "eslint.alwaysShowStatus": true,
  "eslint.packageManager": "yarn",
  
  "shellcheck.customArgs": [
    "--external-sources"
  ],
  
  // ... other settings
}

This grouping makes it easier to locate and manage related configurations.

.gitignore (2)

1-10: Approved: Good additions to .gitignore

The new entries under the "misc" section are valuable additions to the .gitignore file. They help prevent the accidental commit of sensitive environment variables and system-specific files.

Consider consolidating the .env entries for improved readability:

 # misc
 .DS_Store
-.env
-.env.test
-.env.testnet
-.env.devnet
-.env.local
-.env.development.local
-.env.test.local
-.env.production.local
+.env*
+!.env.example

This change will ignore all .env files except for a potential .env.example file, which is often used as a template for environment variables.

---

Missing .gitignore Patterns for Subgraph Directories

• The following subgraph directories are present but missing their corresponding generated/* and build/* ignore patterns in .gitignore:

  • ./relayer-subgraph-inbox/generated/* and ./relayer-subgraph-inbox/build/*
  • ./veascan-subgraph-inbox/generated/* and ./veascan-subgraph-inbox/build/*
  • ./veascan-subgraph-outbox/generated/* and ./veascan-subgraph-outbox/build/*

• Consider adding these patterns to .gitignore to ensure that generated and build files are not tracked by Git.

Analysis chain

Line range hint 268-273: Verify custom ignore patterns

The custom ignore patterns at the end of the file appear to be specific to your project:

# subgraph
veascan-subgraph-outbox/generated/*
veascan-subgraph-outbox/build/*
veascan-subgraph-inbox/generated/*
veascan-subgraph-inbox/build/*
validator-subgraph-inbox/generated/*
validator-subgraph-inbox/build/*

cache

These patterns seem appropriate for ignoring generated and build files for subgraphs. However, it's good to verify if these patterns are still relevant and complete. You can run the following script to check for the existence of these directories and any potential missing patterns:

This script will help you verify the existence of the ignored directories and suggest any potential missing patterns based on your project structure.

---

Action Required: Re-run Verification Script for .gitignore Patterns

Please execute the corrected script below to verify the existence of the specified subgraph directories and identify any potential missing ignore patterns in your .gitignore file.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify subgraph directories and suggest potential missing patterns

check_dir() {
  if [ -d "$1" ]; then
    echo "Directory exists: $1"
    # Check for any subdirectories that might need to be ignored
    subdirs=$(find "$1" -maxdepth 1 -type d | sed '1d')
    if [ -n "$subdirs" ]; then
      echo "  Subdirectories found:"
      echo "$subdirs" | sed 's/^/    /'
    fi
  else
    echo "Directory does not exist: $1"
  fi
}

echo "Checking subgraph directories:"
check_dir "veascan-subgraph-outbox"
check_dir "veascan-subgraph-inbox"
check_dir "validator-subgraph-inbox"

echo ""
echo "Checking for potential missing patterns:"
find . -maxdepth 1 -type d -name "*subgraph*" | while read -r dir; do
  if ! grep -q "$dir/generated/\*" .gitignore && ! grep -q "$dir/build/\*" .gitignore; then
    echo "Potential missing pattern: $dir/generated/* and $dir/build/*"
  fi
done

echo ""
echo "Checking 'cache' directory:"
if [ -d "cache" ]; then
  echo "The 'cache' directory exists."
  echo "Contents of 'cache' directory:"
  ls -la cache
else
  echo "The 'cache' directory does not exist."
fi

Length of output: 639

---

Script:

#!/bin/bash
# Description: Verify subgraph directories and suggest potential missing patterns

check_dir() {
  if [ -d "$1" ]; then
    echo "Directory exists: $1"
    # Check for any subdirectories that might need to be ignored
    subdirs=$(find "$1" -maxdepth 1 -type d | sed '1d')
    if [ -n "$subdirs" ]; then
      echo "  Subdirectories found:"
      echo "$subdirs" | sed 's/^/    /'
    fi
  else
    echo "Directory does not exist: $1"
  fi
}

echo "Checking subgraph directories:"
check_dir "veascan-subgraph-outbox"
check_dir "veascan-subgraph-inbox"
check_dir "validator-subgraph-inbox"

echo ""
echo "Checking for potential missing patterns:"
find . -maxdepth 1 -type d -name "*subgraph*" | while read -r dir; do
  if ! grep -q "$dir/generated/*" .gitignore && ! grep -q "$dir/build/*" .gitignore; then
    echo "Potential missing pattern: $dir/generated/* and $dir/build/*"
  fi
done

echo ""
echo "Checking 'cache' directory:"
if [ -d "cache" ]; then
  echo "The 'cache' directory exists."
  echo "Contents of 'cache' directory:"
  ls -la cache
else
  echo "The 'cache' directory does not exist."
fi

Length of output: 2802

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a941696 and 57a7cf1.

Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

Files selected for processing (8)

• .github/workflows/sonarcloud.yml (1 hunks)
• .gitignore (1 hunks)
• .vscode/settings.json (1 hunks)
• contracts/package.json (3 hunks)
• relayer-cli/package.json (1 hunks)
• validator-cli/package.json (1 hunks)
• veascan-web/package.json (5 hunks)
• veascan-web/scripts/runEnv.sh (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• veascan-web/package.json
• veascan-web/scripts/runEnv.sh

Additional comments not posted (11)

relayer-cli/package.json (1)

18-18: Approve dotenv dependency update

The dotenv package has been updated from version ^16.0.3 to ^16.4.5. This update is likely to include bug fixes, performance improvements, and potentially new features.

To ensure this update doesn't introduce any breaking changes or conflicts, please run the following verification script:

This script will help verify that the update doesn't introduce any issues and allows you to review any significant changes in the package.

validator-cli/package.json (1)

22-22: Dotenv package version update looks good, but verify compatibility.

The update of dotenv from version ^16.0.3 to ^16.4.5 is a minor version bump, which typically indicates backward-compatible new features or bug fixes. This update is likely beneficial for the project.

However, to ensure smooth integration:

1. Review the changelog for dotenv between these versions to understand any new features or breaking changes.
2. Test the application thoroughly, especially parts that rely on environment variables, to ensure no unexpected behavior.
3. Consider updating other packages that might depend on dotenv to maintain consistency.

To verify the impact of this update, run the following script:

This script will help identify areas of the codebase that might be affected by the dotenv update.

Verification successful

---

Dotenv version update verified, no issues detected.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for dotenv usage and potential incompatibilities

# Search for dotenv import statements
echo "Searching for dotenv usage:"
rg --type typescript --type javascript 'require\(["\']dotenv["\']|import.*from.*["\']dotenv["\']'

# Check if there are any custom configurations or uses of dotenv that might be affected
echo "Checking for custom dotenv configurations:"
rg --type typescript --type javascript 'dotenv\.config'

# Look for any TODO or FIXME comments related to dotenv
echo "Checking for TODO/FIXME comments related to dotenv:"
rg --type typescript --type javascript 'TODO|FIXME' -C 2 | rg 'dotenv'

Length of output: 159

---

Script:

#!/bin/bash
# Description: Check for dotenv usage and potential incompatibilities

# Search for dotenv import statements
echo "Searching for dotenv usage:"
rg --type typescript --type javascript 'require\(["'\'']dotenv["'\'']\)|import.*from.*["'\'']dotenv["'\'']'

# Check for custom dotenv configurations
echo "Checking for custom dotenv configurations:"
rg --type typescript --type javascript 'dotenv\.config'

# Look for any TODO or FIXME comments related to dotenv
echo "Checking for TODO/FIXME comments related to dotenv:"
rg --type typescript --type javascript -e 'TODO' -e 'FIXME' -C 2 | rg 'dotenv'

Length of output: 620

---

Script:

#!/bin/bash
# Description: Check for dotenv usage and potential incompatibilities

# Search for dotenv import statements in .ts and .js files
echo "Searching for dotenv usage:"
rg --glob '*.ts' --glob '*.js' 'require\(["'\'']dotenv["'\'']\)|import.*from.*["'\'']dotenv["'\'']'

# Check for custom dotenv configurations in .ts and .js files
echo "Checking for custom dotenv configurations:"
rg --glob '*.ts' --glob '*.js' 'dotenv\.config'

# Look for any TODO or FIXME comments related to dotenv in .ts and .js files
echo "Checking for TODO/FIXME comments related to dotenv:"
rg --glob '*.ts' --glob '*.js' -e 'TODO' -e 'FIXME' -C 2 | rg 'dotenv'

Length of output: 1098

.github/workflows/sonarcloud.yml (3)

27-27: Approve update of actions/checkout action

The update from v3.5.2 to v4.1.7 is a good practice for staying current with the latest features and fixes. Pinning to a specific commit hash (692973e3d937129bcbf40652eb9f2f61becf3332) improves reproducibility and security.

Given the major version update (v3 to v4), please verify that there are no breaking changes and check for any new features that might be beneficial:

#!/bin/bash
# Fetch the changelog between v3.5.2 and v4.1.7
gh release view --repo actions/checkout v4.1.7 --json body --jq .body | sed -n '/## What'"'"'s Changed/,/## New Contributors/p'

---

33-33: Approve update of sonarsource/sonarcloud-github-action

The change from using the master branch to a specific version (v3.0.0) is an excellent practice for stability and reproducibility. Pinning to a specific commit hash (eb211723266fe8e83102bac7361f0a05c3ac1d1b) further improves security and reproducibility.

Please verify any new features or changes in behavior introduced in v3.0.0:

#!/bin/bash
# Fetch the changelog for v3.0.0
gh release view --repo sonarsource/sonarcloud-github-action v3.0.0 --json body --jq .body

---

23-23: Approve update of step-security/harden-runner action

The update from v2.4.0 to v2.10.1 is a good practice for security and bug fixes. Pinning to a specific commit hash (91182cccc01eb5e619899d80e4e971d6181294a7) improves reproducibility and security.

Given the significant version jump, please verify that there are no breaking changes by checking the changelog:

Verification successful

---

Verified update of step-security/harden-runner action

The changelog between v2.4.0 and v2.10.1 includes only a bug fix, with no breaking changes identified. The update is approved.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Fetch the changelog between v2.4.0 and v2.10.1
gh release view --repo step-security/harden-runner v2.10.1 --json body --jq .body | sed -n '/## What'"'"'s Changed/,/## New Contributors/p'

Length of output: 934

---

Script:

# 
#!/bin/bash
# Fetch the changelog between v2.4.0 and v2.10.1 for step-security/harden-runner
gh release view --repo step-security/harden-runner v2.10.1 --json body --jq .body | sed -n '/## What'\''s Changed/,/## New Contributors/p'

Length of output: 479

.gitignore (2)

Line range hint 1-273: Summary of .gitignore review

The changes to the .gitignore file are beneficial and align with best practices for Git usage in development projects. The additions will help prevent accidental commits of sensitive environment variables and system-specific files.

Key points:

1. New "misc" section adds important entries for various environment files.
2. Suggestion to consolidate .env entries for improved readability.
3. Recommendation to review Yarn cache configuration based on Zero-installs usage.
4. Verification of custom ignore patterns for subgraph-related directories.

Overall, these changes enhance the project's Git hygiene and reduce the risk of exposing sensitive information.

---

Line range hint 234-236: Consider reviewing Yarn cache configuration

The following lines are commented out:

# if you are NOT using Zero-installs, then:
# comment the following lines
#!.yarn/cache

Please verify if you are using Zero-installs for Yarn. If not, you may want to uncomment the !.yarn/cache line to ignore the Yarn cache. This decision depends on your project's Yarn configuration.

To help verify the current Yarn configuration, you can run the following script:

#!/bin/bash
# Description: Check for Zero-install configuration in .yarnrc.yml

if [ -f .yarnrc.yml ]; then
  echo "Contents of .yarnrc.yml:"
  cat .yarnrc.yml
  echo ""
  if grep -q "zeroInstalls: true" .yarnrc.yml; then
    echo "Zero-installs is enabled."
  else
    echo "Zero-installs is not explicitly enabled."
  fi
else
  echo ".yarnrc.yml file not found. Zero-installs might not be configured."
fi

echo ""
echo "Checking for .yarn/cache directory:"
if [ -d .yarn/cache ]; then
  echo ".yarn/cache directory exists."
else
  echo ".yarn/cache directory does not exist."
fi

This script will help determine if Zero-installs is configured and if the .yarn/cache directory exists, which can guide the decision on whether to ignore the Yarn cache or not.

contracts/package.json (4)

3-3: Verify the significant version bump

The package version has been updated from 0.1.14 to 0.4.0, which is a significant minor version increase. Please ensure that this version bump is intentional and aligns with the changes made in this release.

Can you confirm that this version change accurately reflects the scope of changes in this release, following semantic versioning principles?

---

82-82: LGTM: dotenv dependency update

The dotenv dependency has been updated from 16.0.3 to 16.4.5. This is a good practice to keep dependencies up-to-date.

To ensure compatibility, please review the changelog for dotenv between versions 16.0.3 and 16.4.5 for any notable changes or potential impacts on the project.

---

96-96: LGTM: node-fetch and ts-node dependency updates

The following dependencies have been updated:

• node-fetch: 3.3.1 to 3.3.2
• ts-node: 10.9.1 to 10.9.2

These are patch version updates, which typically include bug fixes and minor improvements.

To ensure compatibility, please review the changelogs for both node-fetch and ts-node for these version updates to check for any notable changes or potential impacts on the project.

Also applies to: 100-100

---

Line range hint 1-104: Summary of package.json changes

The changes in this file include:

1. A significant version bump for the package itself (0.1.14 to 0.4.0)
2. Minor version update for dotenv (16.0.3 to 16.4.5)
3. Patch updates for node-fetch (3.3.1 to 3.3.2) and ts-node (10.9.1 to 10.9.2)

These changes appear to be routine dependency updates along with a version bump for the package. While the updates themselves seem appropriate, it's important to:

1. Verify that the package version bump accurately reflects the scope of changes in this release.
2. Review the changelogs of the updated dependencies to ensure compatibility and be aware of any new features or bug fixes that might affect the project.

Please confirm that all necessary testing has been performed to ensure these updates don't introduce any unexpected behavior in the project.

[sonarcloud]

Quality Gate passed

Issues
8 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud