cometbft-db/v0.11.0..

.changelog/config.toml

@@ -0,0 +1,17 @@
+project_url = 'https://github.com/cometbft/cometbft-db'
+
+sort_releases_by = [
+    "date",
+    "version"
+]
+release_date_formats = [
+    # "*December 1, 2023*
+    "*%B %d, %Y*",
+    # "*Dec 1, 2023*
+    "*%b %d, %Y*",
+    # "2023-12-01" (ISO format)
+    "%F",
+]
+
+[change_set_sections]
+sort_entries_by = "entry-text"

.changelog/epilogue.md

@@ -0,0 +1,8 @@
+---
+
+CometBFT DB is a fork of [tm-db](https://github.com/tendermint/tm-db)
+effectively as of v0.6.6.
+
+For changes prior to the creation of this fork, please refer to the upstream
+[CHANGELOG.md](https://github.com/tendermint/tm-db/blob/774cdfe7e6b0a249b1144998d81a4de7b8037941/CHANGELOG.md)
+for v0.6.6 and earlier.

.changelog/v0.10.0/breaking-changes/118-remove-remotedb.md

@@ -0,0 +1 @@
+- Remove remotedb ([\#121](https://github.com/cometbft/cometbft-db/pull/121))

.changelog/v0.10.0/features/112-pebbledb.md

@@ -0,0 +1 @@
+- Add [pebbledb](https://github.com/cockroachdb/pebble) ([\#112](https://github.com/cometbft/cometbft-db/pull/112))

.changelog/v0.10.0/summary.md

@@ -0,0 +1,8 @@
+*Jan 26, 2024*
+
+This release adds experimental support for
+[pebble](https://github.com/cockroachdb/pebble) and drops `remotedb`. If you
+experience any issues with pebble, please open an issue on Github.
+
+Special thanks to @faddat and @baabeetaa for their contributions to this
+release!

.changelog/v0.11.0/breaking-changes/111-compaction-support.md

@@ -0,0 +1 @@
+- Expanded db interface to support compaction ([\#111](https://github.com/cometbft/cometbft-db/pull/111))

.changelog/v0.11.0/features/111-compaction-support.md

@@ -0,0 +1 @@
+- Add compaction support to the databases ([\#111](https://github.com/cometbft/cometbft-db/pull/111))

.changelog/v0.11.0/summary.md

@@ -0,0 +1,4 @@
+*Feb 7, 2024*
+
+This release adds support for explicit compaction. Please note that badger and
+bolt do not support this.

.changelog/v0.7.0/breaking-changes/7-rename-to-cometbft-db.md

@@ -0,0 +1,2 @@
+- Fork tm-db and rename fork to cometbft-db
+  ([\#7](https://github.com/cometbft/cometbft-db/issues/7))

.changelog/v0.7.0/summary.md

@@ -0,0 +1,10 @@
+*Jan 17, 2023*
+
+This is the first official release of CometBFT DB, which is a fork of
+[tm-db](https://github.com/tendermint/tm-db).
+
+This fork is intended to be used by
+[CometBFT](https://github.com/cometbft/cometbft) until such time that
+[cometbft/cometbft\#48](https://github.com/cometbft/cometbft/issues/48) is
+resolved, after which time this fork will be retired and archived. Do not use
+this as a dependency in any new projects.

.changelog/v0.8.0/compiler/40-update-to-go1.19.md

@@ -0,0 +1,2 @@
+- Bump minimum Go version to 1.19
+  ([\#40](https://github.com/cometbft/cometbft-db/pull/40))

.changelog/v0.8.0/dependencies/40-bump-golang-x-net.md

@@ -0,0 +1,2 @@
+- Update to the latest version of golang.org/x/net
+  ([\#40](https://github.com/cometbft/cometbft-db/pull/40))

.changelog/v0.8.0/dependencies/42-use-grocksdb.md

@@ -0,0 +1,2 @@
+- Switch rocksdb binding from gorocksdb to grocksdb, bump librocksdb dependency
+  to `v7.10.2` ([\#42](https://github.com/cometbft/cometbft-db/pull/42))

.changelog/v0.8.0/summary.md

@@ -0,0 +1,11 @@
+*Apr 26, 2023*
+
+This release bumps the supported version of RocksDB, which requires cometbft-db
+RocksDB users to update their builds (and hence requires a "major" release, but
+does not introduce any other breaking changes). Special thanks to @yihuang for
+this update!
+
+While the minimum supported version of the Go compiler was bumped to 1.19, no
+1.19-specific code changes were introduced and this should, therefore, still be
+able to be compiled with earlier versions of Go. It is, however, recommended to
+upgrade to the latest version(s) of Go ASAP.

.changelog/v0.9.0/dependencies/97-update-rocksdb.md

@@ -0,0 +1,2 @@
+- Use RocksDB v8, testing with v8.8.1
+  ([\#97](https://github.com/cometbft/cometbft-db/pull/97))

.changelog/v0.9.0/go-version/98-bump-go-v1.21.md

@@ -0,0 +1,2 @@
+- Bump minimum Go version to v1.21
+  ([\#98](https://github.com/cometbft/cometbft-db/pull/98))

.changelog/v0.9.0/summary.md

@@ -0,0 +1,6 @@
+*December 1, 2023*
+
+This release primarily updates some key dependencies, including adding support
+for RocksDB v8. It also bumps the minimum Go version to v1.21 in order for
+CometBFT to be able to use it in the E2E testing framework for the latest major
+releases.

.changelog/v0.9.1/summary.md

@@ -0,0 +1,5 @@
+*December 4, 2023*
+
+This release is precisely the same code-wise as v0.9.0, except that it builds
+the `cometbft/cometbft-db-testing` Docker image for both `linux/amd64` and
+`linux/arm64` platforms.

.github/workflows/codeql.yml

@@ -0,0 +1,76 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  merge_group:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/govulncheck.yml

@@ -0,0 +1,33 @@
+name: Check for Go vulnerabilities
+# Runs https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck to proactively
+# check for vulnerabilities in code packages if there were any changes made to
+# any Go code or dependencies.
+#
+# Run `make vulncheck` from the root of the repo to run this workflow locally.
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - release/**
+  merge_group:
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - uses: actions/checkout@v4
+      - uses: technote-space/get-diff-action@v6
+        with:
+          PATTERNS: |
+            **/*.go
+            go.mod
+            go.sum
+            Makefile
+      - name: govulncheck
+        run: make vulncheck
+        if: "env.GIT_DIFF != ''"

RELEASES.md

@@ -0,0 +1,15 @@
+# Releases
+
+This document provides a step-by-step guide for creating a release of CometBFT
+DB.
+
+1. Create a local branch `release/vX.X.X`, where `vX.X.X` corresponds to the
+   version of the release you want to cut.
+2. Update and build the changelog on your local release branch.
+3. Submit a pull request from your release branch, targeting the `main` branch.
+4. Once approved and merged, tag the commit associated with the merged release
+   branch.
+5. Create a [GitHub release] from the new tag, and include a link from the
+   description to the heading associated with the new version in the changelog.
+
+[GitHub release]: https://docs.github.com/en/github/administering-a-repository/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release

SECURITY.md

@@ -0,0 +1,33 @@
+# How to Report a Security Bug
+
+If you believe you have found a security vulnerability in the Interchain Stack,
+you can report it to our primary vulnerability disclosure channel, the [Cosmos
+HackerOne Bug Bounty program][h1].
+
+If you prefer to report an issue via email, you may send a bug report to
+<security@interchain.io> with the issue details, reproduction, impact, and other
+information. Please submit only one unique email thread per vulnerability. Any
+issues reported via email are ineligible for bounty rewards.
+
+Artifacts from an email report are saved at the time the email is triaged.
+Please note: our team is not able to monitor dynamic content (e.g. a Google Docs
+link that is edited after receipt) throughout the lifecycle of a report. If you
+would like to share additional information or modify previous information,
+please include it in an additional reply as an additional attachment.
+
+Please **DO NOT** file a public issue in this repository to report a security
+vulnerability.
+
+## Coordinated Vulnerability Disclosure Policy and Safe Harbor
+
+For the most up-to-date version of the policies that govern vulnerability
+disclosure, please consult the [HackerOne program page][h1-policy].
+
+The policy hosted on HackerOne is the official Coordinated Vulnerability
+Disclosure policy and Safe Harbor for the Interchain Stack, and the teams and
+infrastructure it supports, and it supersedes previous security policies that
+have been used in the past by individual teams and projects with targets in
+scope of the program.
+
+[h1]: https://hackerone.com/cosmos?type=team
+[h1-policy]: https://hackerone.com/cosmos?type=team&view_policy=true