Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CLI commands on binary #616

Merged
merged 17 commits into from
Oct 21, 2024
Merged

Add CLI commands on binary #616

merged 17 commits into from
Oct 21, 2024

Conversation

m-Peter
Copy link
Collaborator

@m-Peter m-Peter commented Oct 17, 2024

Closes: #488
Closes: #563
Closes: #604

Description

  • Introduces a new Make recipe: make build, to build the binary with the proper version tag
  • Introduces a new CLI command: ./flow-evm-gateway version, which returns the build version: e.g. v0.36.4
  • Introduces a new CLI command for running the EVM Gateway from a binary: ./flow-evm-gateway version {list of flags}

For contributor use:

  • Targeted PR against master branch
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the standards mentioned here.
  • Updated relevant documentation
  • Re-reviewed Files changed in the Github PR explorer
  • Added appropriate labels

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Introduced a command-line interface (CLI) for the EVM Gateway Node.
    • Added a new command to print the current version of the EVM Gateway Node.
  • Improvements

    • Updated the build process and entry point for the application.
    • Enhanced the start-local command for easier local execution.
    • Improved the documentation for clarity and usability, including updated instructions for building and running the application locally and on testnet.
  • Bug Fixes

    • Removed outdated configuration handling logic to streamline operations.
  • Chores

    • Updated dependencies to the latest version for improved functionality.

Copy link
Contributor

coderabbitai bot commented Oct 17, 2024

Walkthrough

The pull request introduces significant changes to the Go application, including modifications to the Dockerfile and Makefile for building and running the application. A new command-line interface (CLI) is implemented using the Cobra library, consolidating commands into cmd/main.go and adding new command files. Configuration handling has been altered, with the removal of certain functions. Dependency versions for Cobra have been updated in both the main and test modules.

Changes

File(s) Change Summary
Dockerfile, Makefile Updated build command path and ENTRYPOINT in Dockerfile; added new build target and modified start-local in Makefile.
cmd/main.go, cmd/main/main.go Introduced CLI functionality; deleted cmd/main/main.go as its functionality is now in cmd/main.go.
cmd/run/cmd.go, cmd/version/cmd.go Added CLI commands for running the EVM Gateway Node and printing the version.
config/config.go Removed FromFlags function and associated flag parsing logic.
go.mod, tests/go.mod Updated github.com/spf13/cobra dependency version from v1.8.0 to v1.8.1.
README.md Enhanced documentation with new sections on configuration flags, endpoints, JSON-RPC APIs, and debugging.

Assessment against linked issues

Objective Addressed Explanation
Support version check via --version command (#563)
Ensure --help output is written to stdout (#604) No changes made to address help output behavior.

Possibly related PRs

  • Revamp Dockerfile #248: The changes in the Dockerfile are related as both PRs modify the Dockerfile for building the Go application, including updates to build commands and ENTRYPOINT instructions.
  • Add traces backfill option #615: Enhancements to the README.md in this PR, particularly the new configuration flags, are directly related to the documentation updates made in the main PR.
  • Add the EVM GW version to log lines #596: The enhancement of logging functionality in this PR complements the changes in the main PR that also focus on improving the application's operational aspects, including how it is built and run.
  • Update to Cadence v1.0.0 #609: The updates to dependencies in this PR ensure that the application is using the latest versions, which may impact the build process described in the main PR.
  • Update flow-go #612: Similar to the previous PR, this one updates the flow-go dependency, ensuring that the application is built with the latest components.

Suggested labels

Feature, Documentation

Suggested reviewers

  • peterargue
  • zhangchiqing
  • ramtinms
  • janezpodhostnik

🐇 In the code we hop and play,
New commands are here today!
With version checks and help so bright,
Our EVM Gateway shines with light.
Build it up, run it fast,
In this rabbit's world, we code at last! 🌟


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🧹 Outside diff range and nitpick comments (7)
cmd/version/cmd.go (1)

10-16: LGTM: Command implementation is well-structured.

The version command is implemented correctly using the Cobra library. The command's purpose is clear, and the implementation is straightforward.

Consider adding error handling for the fmt.Printf call, although it's unlikely to fail in this case:

 Run: func(*cobra.Command, []string) {
-		fmt.Printf("%s\n", api.Version)
+		_, err := fmt.Printf("%s\n", api.Version)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error printing version: %v\n", err)
+			os.Exit(1)
+		}
 },
Dockerfile (1)

18-18: LGTM! Consider using './' for consistency.

The change in the build command from ./cmd/main/main.go to cmd/main.go aligns with the PR objectives of adding CLI commands. It suggests a consolidation of the CLI logic into a single main.go file, which is a common and good practice for CLI applications.

For consistency with other Go commands and to make it explicit that it's a local path, consider using ./cmd/main.go instead of cmd/main.go. This is a minor style suggestion and doesn't affect functionality.

-RUN CGO_ENABLED=1 go build -o bin -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=${GATEWAY_VERSION}" cmd/main.go
+RUN CGO_ENABLED=1 go build -o bin -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=${GATEWAY_VERSION}" ./cmd/main.go
Makefile (2)

21-25: LGTM! Consider minor improvements for maintainability.

The new build target successfully implements the ability to build the binary with the appropriate version tag, aligning with the PR objectives. Great job on including version information and ensuring the binary is executable.

A couple of suggestions for improvement:

  1. Consider using a variable for the binary name (e.g., BINARY_NAME := flow-evm-gateway) to improve maintainability.
  2. The error output redirection (2>/dev/null) in the version retrieval might hide important error messages. Consider handling this case more explicitly, perhaps by logging a warning if no tags are found.

Here's a potential refactor incorporating these suggestions:

BINARY_NAME := flow-evm-gateway
VERSION := $(shell git describe --tags --abbrev=0 2>/dev/null || echo 'unknown')

.PHONY: build
build:
	git fetch origin --tags
	@if [ "$(VERSION)" = "unknown" ]; then \
		echo "Warning: No git tags found. Using 'unknown' as version."; \
	fi
	CGO_ENABLED=1 go build -o $(BINARY_NAME) -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=$(VERSION)" cmd/main.go
	chmod a+x $(BINARY_NAME)

Line range hint 54-64: LGTM! Consider security and maintainability improvements.

The updated start-local target successfully implements the ability to run the EVM Gateway with a list of flags, aligning with the PR objectives. The change from go run cmd/main/main.go to go run cmd/main.go run reflects the new CLI structure using Cobra.

Suggestions for improvement:

  1. Use variables for repeated or configurable values to improve maintainability.
  2. The wallet API key is hardcoded, which is a security risk. Consider using an environment variable or a secure secret management solution.

Here's a potential refactor addressing these points:

FLOW_NETWORK_ID := flow-emulator
COINBASE := FACF71692421039876a5BB4F10EF7A439D8ef61E
COA_ADDRESS := f8d6e0586b0a20c7
COA_KEY := 2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21

.PHONY: start-local
start-local:
	rm -rf db/
	rm -rf metrics/data/
	go run cmd/main.go run \
		--flow-network-id=$(FLOW_NETWORK_ID) \
		--coinbase=$(COINBASE) \
		--coa-address=$(COA_ADDRESS) \
		--coa-key=$(COA_KEY) \
		--wallet-api-key=$${WALLET_API_KEY} \
		--coa-resource-create=true \
		--gas-price=0 \
		--log-writer=console \
		--profiler-enabled=true \
		--profiler-port=6060

Note: This assumes you'll set the WALLET_API_KEY environment variable before running the command. You might want to add a check to ensure it's set:

ifndef WALLET_API_KEY
	$(error WALLET_API_KEY is not set)
endif
cmd/run/cmd.go (3)

245-283: Ensure flag defaults and descriptions are accurate

Review the default values and descriptions of the command-line flags to ensure they align with the expected behavior. For example:

  • The default value for --access-node-grpc-host is set to "localhost:3569". Verify if this is appropriate for the target environment.
  • The flag --wallet-api-key includes a warning about not using it in production. Consider enforcing this through code or configuration profiles.

190-193: Improve error message for invalid filter expiry duration

The error message for an invalid filterExpiry duration could be more user-friendly by indicating the expected format.

Apply this diff to enhance the error message:

 return fmt.Errorf("invalid unit %s for filter expiry: %w", filterExpiry, err)

Modify to:

 return fmt.Errorf("invalid filter expiry duration '%s': %w. Expected format like '5m', '1h'", filterExpiry, err)

257-260: Clarify mutual exclusivity of coa-key and coa-key-file flags

The descriptions for coa-key and coa-key-file flags should explicitly mention that they are mutually exclusive to prevent user confusion.

Apply this diff to update the flag descriptions:

 Cmd.Flags().StringVar(&key, "coa-key", "", "Private key value for the COA address used for submitting transactions. Mutually exclusive with coa-key-file.")
 Cmd.Flags().StringVar(&keysPath, "coa-key-file", "", "File path that contains JSON array of COA keys used in key-rotation mechanism. Mutually exclusive with coa-key.")
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between ed2e887 and cf86eba.

⛔ Files ignored due to path filters (2)
  • go.sum is excluded by !**/*.sum
  • tests/go.sum is excluded by !**/*.sum
📒 Files selected for processing (9)
  • Dockerfile (2 hunks)
  • Makefile (2 hunks)
  • cmd/main.go (1 hunks)
  • cmd/main/main.go (0 hunks)
  • cmd/run/cmd.go (1 hunks)
  • cmd/version/cmd.go (1 hunks)
  • config/config.go (0 hunks)
  • go.mod (1 hunks)
  • tests/go.mod (1 hunks)
💤 Files with no reviewable changes (2)
  • cmd/main/main.go
  • config/config.go
🧰 Additional context used
🔇 Additional comments (8)
cmd/version/cmd.go (1)

1-8: LGTM: Package declaration and imports are appropriate.

The package name "version" is suitable for this command. The imports are relevant and necessary for the functionality implemented in this file.

cmd/main.go (2)

1-10: LGTM: Package and imports are well-organized.

The package declaration and imports are correct and appropriate for the file's purpose. The imports are organized logically, with standard library imports first, followed by local packages, and then third-party packages.


24-29: LGTM: Main function structure is correct and aligns with PR objectives.

The main function correctly adds the version and run subcommands before calling Execute, which aligns with the PR objectives of adding CLI commands for the binary.

To ensure the version command is implemented as described in the PR objectives, let's verify its implementation:

This script checks for the existence of a version command that outputs "v0.36.4" as mentioned in the PR objectives.

Dockerfile (2)

Line range hint 1-33: Overall, the Dockerfile changes look good and align with the PR objectives.

The modifications to the build command and ENTRYPOINT are consistent with the introduction of new CLI commands for the binary. These changes support the new features mentioned in the PR objectives, such as the version command and running the EVM Gateway from a binary.

To ensure full compliance with the PR objectives:

  1. Verify that the make build command works as expected (this should be checked in the Makefile, which isn't part of this review).
  2. Confirm that all new CLI commands, including version and run, function correctly when the binary is executed both directly and through Docker.
  3. If not already done, update the documentation to reflect these new CLI commands and their usage.

33-33: LGTM! Verify "version" command functionality.

The addition of the "run" argument to the ENTRYPOINT is consistent with the introduction of new CLI commands. This change suggests that the application now uses a subcommand structure, which is a good practice for CLIs with multiple commands.

Please ensure that the "version" command mentioned in the PR objectives (./flow-evm-gateway version) is properly implemented and can be executed without changing this ENTRYPOINT. You might want to verify this by running:

This should output the version (v0.36.4) as mentioned in the PR objectives.

Makefile (1)

Line range hint 21-64: Summary: Changes align well with PR objectives

The modifications to the Makefile successfully implement the key objectives of this PR:

  1. The new build target allows building the binary with the appropriate version tag, addressing the version checking functionality requested in issue Binary version #563.
  2. The updated start-local target implements the ability to run the EVM Gateway from a binary with a list of flags, enhancing the CLI functionality.

These changes provide a solid foundation for the new CLI commands and version checking capabilities. The suggestions provided in the previous comments will further improve the security and maintainability of the Makefile.

To fully address issue #604 regarding the --help command output, ensure that the Cobra library is configured to output help information to stdout instead of stderr in the Go code implementing the CLI commands.

go.mod (1)

22-22: LGTM: Cobra library update looks good.

The update of github.com/spf13/cobra from v1.8.0 to v1.8.1 is a minor version bump, which is generally safe. This change aligns with the PR objectives of implementing new CLI commands.

To ensure we're leveraging any new features or improvements:

Please review the changelog output to identify any relevant updates that could benefit our new CLI implementation.

tests/go.mod (1)

184-184: Approved: Cobra dependency update

The update of the github.com/spf13/cobra dependency from v1.8.0 to v1.8.1 is a minor version change, which typically indicates backward-compatible improvements or bug fixes. This update is generally a good practice to keep dependencies current.

To ensure this update doesn't introduce any unexpected issues:

  1. Verify that this version aligns with the main project's Cobra dependency.
  2. Run the integration tests to confirm there are no regressions.
  3. Check the Cobra v1.8.1 release notes for any relevant changes or improvements.

cmd/version/cmd.go Outdated Show resolved Hide resolved
cmd/main.go Show resolved Hide resolved
cmd/main.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (7)
Makefile (2)

21-25: LGTM! Consider adding a comment about CGO_ENABLED.

The new build target successfully implements the PR objective of building the binary with the appropriate version tag. The use of git describe for versioning and chmod for executable permissions are good practices.

Consider adding a comment explaining why CGO_ENABLED=1 is set, as it may affect cross-compilation:

 .PHONY: build
 build:
 	git fetch origin --tags
+	# CGO_ENABLED=1 is required for [reason, e.g., "using certain C libraries"]
 	CGO_ENABLED=1 go build -o flow-evm-gateway -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=$(shell git describe --tags --abbrev=0 2>/dev/null || echo 'unknown')" cmd/main.go
 	chmod a+x flow-evm-gateway

Line range hint 66-80: LGTM! Consider refactoring to reduce duplication.

The new start-local-bin target successfully implements the PR objective of running the EVM Gateway from a binary. It maintains consistency with the start-local target by using the same configuration.

To reduce duplication and improve maintainability, consider refactoring the common parts of start-local and start-local-bin:

define EVM_GATEWAY_FLAGS
	--flow-network-id=flow-emulator \
	--coinbase=FACF71692421039876a5BB4F10EF7A439D8ef61E \
	--coa-address=f8d6e0586b0a20c7 \
	--coa-key=$(COA_KEY) \
	--wallet-api-key=$(WALLET_API_KEY) \
	--coa-resource-create=true \
	--gas-price=0 \
	--log-writer=console \
	--profiler-enabled=true \
	--profiler-port=6060
endef

.PHONY: start-local
start-local:
	rm -rf db/
	rm -rf metrics/data/
	go run cmd/main.go run $(EVM_GATEWAY_FLAGS)

.PHONY: start-local-bin
start-local-bin:
	rm -rf db/
	rm -rf metrics/data/
	./flow-evm-gateway run $(EVM_GATEWAY_FLAGS)

This approach centralizes the configuration, making it easier to maintain and update.

As mentioned in the previous comment, please address the security concerns regarding hardcoded keys by using environment variables or a secure method to inject these sensitive values.

🧰 Tools
🪛 Gitleaks

58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


59-59: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

README.md (5)

29-57: LGTM! Clear instructions for building and running the EVM Gateway.

The new "Building" section provides comprehensive instructions for manually building the EVM Gateway, viewing the binary version, and running the gateway. This aligns well with the PR objectives and addresses the requirements mentioned in the linked issues.

Consider adding a note about the prerequisites for building the project (e.g., required Go version, any necessary dependencies) to ensure users have the correct environment set up before attempting to build.


Line range hint 58-131: LGTM! Comprehensive instructions for running the EVM Gateway.

The "Running" section provides detailed instructions for running the EVM Gateway locally, including steps for starting the Flow Emulator and the gateway itself. The addition of Docker instructions and a verification step enhances the user experience and ensures proper setup.

Consider adding a brief explanation of the purpose of each configuration flag used in the example command for starting the gateway. This would help users understand the significance of each setting and make informed decisions when customizing their setup.


Line range hint 134-176: Excellent addition of Configuration Flags section!

The new "Configuration Flags" section provides a comprehensive and well-formatted table of all available configuration options. This greatly enhances the documentation and makes it easier for users to understand and configure the EVM Gateway.

Consider grouping related flags (e.g., all COA-related flags, all profiler-related flags) together in the table for better organization and readability. Additionally, you might want to add a brief introduction paragraph explaining how to use these flags when running the EVM Gateway.


Line range hint 205-218: Improved clarity in JSON-RPC API documentation!

The updates to the "JSON-RPC API" section provide a clearer overview of the implemented and unsupported APIs. The addition of tracing APIs and the explicit listing of unsupported APIs with explanations are particularly helpful for users.

Consider adding links to the Ethereum specification for each group of APIs (e.g., standard APIs, tracing APIs) to provide users with easy access to more detailed information if needed.


Line range hint 220-235: Excellent addition of Debugging section with profiler support!

The new "Debugging" section provides valuable information on how to enable and use the profiler for the EVM Gateway. This addition is particularly useful for developers who need to debug or optimize the gateway's performance.

Consider adding a brief explanation of when and why a developer might need to use the profiler. This context could help users understand the importance of this feature and when to apply it in their development or deployment process.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between cf86eba and cd0b1a7.

📒 Files selected for processing (2)
  • Makefile (2 hunks)
  • README.md (1 hunks)
🧰 Additional context used
🪛 Gitleaks
Makefile

58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


59-59: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (3)
README.md (3)

Line range hint 182-202: Great addition of EVM Gateway Endpoints information!

The new "EVM Gateway Endpoints" section provides valuable information about public RPC endpoints for both testnet and mainnet environments. This addition enhances the documentation significantly, making it easier for users to interact with the EVM Gateway on different networks.

The clear presentation of network details, including RPC endpoints, chain IDs, and block explorers, is particularly helpful for users setting up their environments or integrating with the EVM Gateway.


Line range hint 237-241: Good addition of Contributing and License sections.

The inclusion of "Contributing" and "License" sections is a standard and important practice for open-source projects. These additions provide necessary information for potential contributors and users of the EVM Gateway.

The link to the Contributing Guide and the clear statement of the license type enhance the project's transparency and encourage community involvement.


Line range hint 1-241: Excellent enhancements to the README documentation!

The changes to the README.md file significantly improve the documentation for the EVM Gateway project. The additions and updates align well with the PR objectives and address the requirements mentioned in the linked issues. Key improvements include:

  1. Detailed instructions for building and running the EVM Gateway
  2. Comprehensive list of configuration flags
  3. Information on public RPC endpoints for testnet and mainnet
  4. Clarification on supported and unsupported JSON-RPC APIs
  5. New debugging section with profiler support
  6. Standard sections for contributing and license information

These enhancements will greatly assist users in understanding, setting up, and using the EVM Gateway. The documentation now provides a more complete and user-friendly guide to the project.

While the changes are excellent overall, consider implementing the minor suggestions provided in the individual section reviews to further refine the documentation.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (8)
Makefile (3)

21-25: LGTM! Consider cross-compilation support.

The new build target successfully implements the make build command as per the PR objectives. It correctly sets the version using git tags and makes the binary executable.

Consider adding a conditional for CGO_ENABLED to support cross-compilation:

 .PHONY: build
 build:
 	git fetch origin --tags
-	CGO_ENABLED=1 go build -o flow-evm-gateway -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=$(shell git describe --tags --abbrev=0 2>/dev/null || echo 'unknown')" cmd/main.go
+	CGO_ENABLED=$(CGO_ENABLED) go build -o flow-evm-gateway -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=$(shell git describe --tags --abbrev=0 2>/dev/null || echo 'unknown')" cmd/main.go
 	chmod a+x flow-evm-gateway

This allows users to set CGO_ENABLED=0 for static linking if needed.


Line range hint 66-80: LGTM, but address security concerns

The new start-local-bin target successfully implements the command to run the EVM Gateway from a binary, which aligns with the PR objectives. However, it shares the same security concerns as the start-local target.

Please apply the same security improvements suggested for the start-local target to this target as well:

 ./flow-evm-gateway run \
 	--flow-network-id=flow-emulator \
 	--coinbase=FACF71692421039876a5BB4F10EF7A439D8ef61E \
 	--coa-address=f8d6e0586b0a20c7 \
-	--coa-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
-	--wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
+	--coa-key=$(COA_KEY) \
+	--wallet-api-key=$(WALLET_API_KEY) \
 	--coa-resource-create=true \
 	--gas-price=0 \
 	--log-writer=console \
 	--profiler-enabled=true \
 	--profiler-port=6060

This will ensure consistent and secure handling of sensitive information across both targets.

🧰 Tools
🪛 Gitleaks

58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


59-59: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


Sensitive API Keys Exposed in Makefile

The Makefile contains hardcoded wallet API keys, which pose significant security risks:

  • Line 59: --wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
  • Line 75: --wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
🔗 Analysis chain

Line range hint 21-80: Overall changes look good, but security improvements are necessary

The changes to the Makefile successfully implement the new build target and the commands for running the EVM Gateway both from source and from a binary. These additions align well with the PR objectives.

However, the main concern that needs to be addressed is the handling of sensitive information:

  1. Both start-local and start-local-bin targets contain hardcoded keys, which pose significant security risks.
  2. The static analysis tool has flagged potential API key exposures.

To ensure that no sensitive information is exposed, please run the following command and verify that no API keys or sensitive data are output:

Once the security concerns are addressed, this PR will be ready for approval.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential API keys or sensitive data in the Makefile

# Test: Search for potential API keys or sensitive data
grep -nE '(api[-_]?key|secret|password|token).*=' Makefile

Length of output: 238

🧰 Tools
🪛 Gitleaks

58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


59-59: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

README.md (5)

29-57: LGTM! Clear instructions for building and running.

The new instructions for manual building, including the git pull command and the make build command, align well with the PR objectives. The added information about viewing the binary version and available flags is helpful for users.

Consider adding a note about the prerequisites for building (e.g., Go version, any required dependencies) to ensure users have the necessary environment set up.


Line range hint 59-131: Excellent addition of detailed running instructions!

The comprehensive instructions for running the EVM Gateway locally, including steps for starting the Flow Emulator and the gateway, are very helpful. The inclusion of Docker instructions provides flexibility for users.

Consider adding a brief explanation of the differences between running locally and using Docker, to help users choose the most appropriate method for their needs.


Line range hint 133-180: Great addition of configuration flags documentation!

The new table of configuration flags provides valuable information for users, including flag names, default values, and descriptions. This comprehensive overview enhances the usability of the EVM Gateway.

Consider grouping related flags (e.g., all COA-related flags) together in the table for easier reference. Additionally, you might want to add a brief explanation of what COA stands for, as it's not immediately clear to new users.


Line range hint 207-221: Clear updates on supported and unsupported APIs!

The clarifications on implemented APIs, including the addition of tracing APIs, and the explicit mention of unsupported APIs (wallet APIs and access lists) provide valuable guidance for users.

Consider adding links to relevant documentation or examples for the supported APIs, especially the tracing APIs, to help users understand how to use them effectively.


Line range hint 223-241: Valuable addition of debugging information!

The new debugging section, including instructions for enabling profiling with pprof and example commands for generating profiles and traces, is a great resource for developers.

Consider adding a brief explanation of when and why a developer might need to use these profiling tools, to provide context for less experienced users.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between cd0b1a7 and d373fc2.

⛔ Files ignored due to path filters (2)
  • go.sum is excluded by !**/*.sum
  • tests/go.sum is excluded by !**/*.sum
📒 Files selected for processing (10)
  • Dockerfile (2 hunks)
  • Makefile (2 hunks)
  • README.md (1 hunks)
  • cmd/main.go (1 hunks)
  • cmd/main/main.go (0 hunks)
  • cmd/run/cmd.go (1 hunks)
  • cmd/version/cmd.go (1 hunks)
  • config/config.go (1 hunks)
  • go.mod (1 hunks)
  • tests/go.mod (1 hunks)
💤 Files with no reviewable changes (1)
  • cmd/main/main.go
🚧 Files skipped from review as they are similar to previous changes (5)
  • Dockerfile
  • cmd/main.go
  • cmd/version/cmd.go
  • go.mod
  • tests/go.mod
🧰 Additional context used
🪛 Gitleaks
Makefile

58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


59-59: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (4)
Makefile (1)

54-64: ⚠️ Potential issue

Security concern: Hardcoded sensitive information

The modified start-local target successfully implements the new command for running the EVM Gateway with additional configuration options, which aligns with the PR objectives. However, there are significant security concerns:

  1. The --coa-key and --wallet-api-key flags contain hardcoded private keys or API keys. This could lead to accidental exposure of sensitive information if the Makefile is shared or version controlled.
  2. The static analysis tool has flagged potential API key exposures on lines 58 and 59.

To address these security concerns, consider using environment variables or a secure method to inject these sensitive values:

 go run cmd/main.go run \
 	--flow-network-id=flow-emulator \
 	--coinbase=FACF71692421039876a5BB4F10EF7A439D8ef61E \
 	--coa-address=f8d6e0586b0a20c7 \
-	--coa-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
-	--wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
+	--coa-key=$(COA_KEY) \
+	--wallet-api-key=$(WALLET_API_KEY) \
 	--coa-resource-create=true \
 	--gas-price=0 \
 	--log-writer=console \
 	--profiler-enabled=true \
 	--profiler-port=6060

Then, set these environment variables securely before running the make command.

🧰 Tools
🪛 Gitleaks

58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


59-59: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

config/config.go (1)

24-24: Approve the constant name correction.

The constant name has been corrected from LiveNetworkInitCadenceHeght to LiveNetworkInitCadenceHeight. This change improves code readability and correctness.

README.md (2)

Line range hint 182-204: Excellent addition of EVM Gateway Endpoints information!

The new section providing details about public RPC endpoints for testnet and mainnet is very useful. Including network names, RPC endpoints, chain IDs, and block explorer URLs gives users all the necessary information to interact with the EVM Gateway on different networks.


Line range hint 1-245: Excellent comprehensive update to the README!

The changes to the README significantly enhance the documentation of the EVM Gateway project. The additions and updates provide clear instructions for building, running, configuring, and debugging the gateway. The new sections on configuration flags, EVM Gateway endpoints, and debugging are particularly valuable.

The structure is logical and easy to follow, making it a great resource for both new and experienced users of the EVM Gateway.

These updates align well with the PR objectives of introducing new CLI commands and enhancing documentation. Great job on improving the overall user and developer experience!

cmd/run/cmd.go Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
cmd/run/cmd.go Outdated Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (5)
README.md (5)

27-57: LGTM! Clear instructions for building and running.

The new instructions for building, viewing the binary version, and running the EVM Gateway are clear and align well with the PR objectives. They provide users with a straightforward guide to get started.

Consider adding a note about the significance of the v0.36.4 version mentioned in the PR description. This could help users understand the current version context.


Line range hint 132-177: Excellent addition of Configuration Flags section!

The comprehensive table of configuration flags with their default values and descriptions greatly enhances the documentation. This addition will significantly improve user understanding and ease of configuration.

Consider grouping related flags (e.g., all COA-related flags) together in the table for easier reference. Also, you might want to add a brief explanation of what COA stands for, as it's not immediately clear to new users.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 204-217: Improved clarity on API support status!

The updated JSON-RPC API section provides a clear overview of implemented, additional, and unsupported APIs. This information is crucial for developers to understand the capabilities and limitations of the EVM Gateway.

Consider adding links to the Ethereum specification and to more detailed documentation for the tracing APIs, if available. This would help developers who want to dive deeper into the API details.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 219-236: Valuable addition of Debugging section!

The new Debugging section with instructions for using the pprof profiler is a great addition for developers. It provides clear steps for enabling and using the profiler, which will be invaluable for performance analysis and troubleshooting.

Consider adding a brief explanation of when a developer might need to use the profiler and what kind of performance issues it can help identify. This context could help developers understand when to leverage this tool.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 1-238: Excellent improvements to the README!

The updates to the README significantly enhance the documentation for the EVM Gateway project. The new sections on Configuration Flags, EVM Gateway Endpoints, and Debugging, along with the improvements to the Building and JSON-RPC API sections, provide comprehensive and clear information for users and developers.

These changes align well with the PR objectives of introducing new CLI commands and improving documentation. They will greatly improve the user experience and make it easier for developers to work with the EVM Gateway.

Consider adding a "Quick Start" section near the beginning of the README that provides a condensed set of steps for users to quickly get the EVM Gateway up and running. This could include the essential build and run commands, along with links to the more detailed sections for further configuration and usage information.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between d373fc2 and a4a1d79.

📒 Files selected for processing (1)
  • README.md (1 hunks)
🧰 Additional context used
🔇 Additional comments (1)
README.md (1)

Line range hint 182-201: Great addition of EVM Gateway Endpoints!

The new section providing public RPC endpoints for testnet and mainnet environments is a valuable addition. It offers users essential information to connect to different networks, including RPC endpoints, chain IDs, and block explorers.

This information will be particularly useful for developers looking to interact with the EVM Gateway on different networks.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (6)
Makefile (2)

21-24: LGTM! Consider improving error handling in version retrieval.

The new build target is well-implemented, compiling the Go application with the correct settings and dynamically setting the version. However, the use of 2>/dev/null in the version retrieval command might hide important error messages.

Consider modifying the version retrieval to handle errors more explicitly:

-CGO_ENABLED=1 go build -o flow-evm-gateway -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=$(shell git describe --tags --abbrev=0 2>/dev/null || echo 'unknown')" cmd/main.go
+CGO_ENABLED=1 go build -o flow-evm-gateway -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=$(shell git describe --tags --abbrev=0 || echo 'unknown')" cmd/main.go

This change will allow any error messages to be visible, which could be helpful for debugging.


Line range hint 65-80: New target aligns with objectives, but contains security risks

The new start-local-bin target successfully implements the ability to run the EVM Gateway from a binary, which aligns with the PR objectives. However, it contains the same security concerns as the start-local target:

  1. Hardcoded private keys or API keys in the --coa-key and --wallet-api-key flags.
  2. Potential exposure of sensitive information if the Makefile is shared or version controlled.

To address these security concerns while maintaining the new functionality, consider the following changes:

 .PHONY: start-local-bin
 start-local-bin:
 	rm -rf db/
 	rm -rf metrics/data/
 	./flow-evm-gateway run \
 		--flow-network-id=flow-emulator \
 		--coinbase=FACF71692421039876a5BB4F10EF7A439D8ef61E \
 		--coa-address=f8d6e0586b0a20c7 \
-		--coa-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
-		--wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
+		--coa-key=$(COA_KEY) \
+		--wallet-api-key=$(WALLET_API_KEY) \
 		--coa-resource-create=true \
 		--gas-price=0 \
 		--log-writer=console \
 		--profiler-enabled=true \
 		--profiler-port=6060

This change uses environment variables for sensitive data, keeping it out of the codebase while still allowing the Makefile to function as intended. Remember to set these environment variables securely before running the make command.

Would you like assistance in creating a separate, gitignored configuration file for storing these sensitive values, which can be sourced by the Makefile?

🧰 Tools
🪛 Gitleaks

57-57: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

README.md (4)

Line range hint 149-189: Excellent addition of Configuration Flags section!

The new "Configuration Flags" section greatly enhances the documentation by providing a comprehensive overview of all available runtime flags. This addition:

  1. Improves user guidance for configuring and running the EVM Gateway.
  2. Aligns with the PR objectives by making it easier for users to understand and use the new CLI commands.

Consider adding a brief introductory paragraph before the table to explain how these flags can be used (e.g., with the run command mentioned earlier in the README).

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 191-210: Great addition of EVM Gateway Endpoints information!

The new "EVM Gateway Endpoints" section provides crucial information for users interacting with the EVM Gateway on different networks. This addition:

  1. Clearly lists the public RPC endpoints for both testnet and mainnet.
  2. Includes important details such as Chain ID, Currency Symbol, and Block Explorer URLs.

Consider adding a brief note explaining the significance of the Chain ID and how users might use this information when configuring their development environments or wallets.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 213-225: Improved JSON-RPC API documentation!

The updates to the "JSON-RPC API" section enhance the documentation by:

  1. Mentioning additional tracing APIs, which is valuable for developers needing detailed execution information.
  2. Clearly stating unsupported APIs, including wallet APIs and access lists, with explanations for their current status.

This clarity helps set correct expectations for developers using the EVM Gateway.

Consider adding links to the Ethereum JSON-RPC specification for each group of APIs (e.g., standard, tracing, wallet) to provide easy access to detailed method descriptions.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 227-242: Excellent addition of Debugging section with profiler instructions!

The new "Debugging" section is a valuable addition to the documentation, providing:

  1. Clear instructions on how to enable the profiler using command-line flags.
  2. Examples of how to generate and view profiles using go tool pprof and go tool trace.

This information will be extremely useful for developers working on optimizing the EVM Gateway or investigating performance issues.

Consider adding a brief explanation of when and why a developer might need to use the profiler, to provide context for this feature.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between a4a1d79 and 5d4ab23.

📒 Files selected for processing (5)
  • Makefile (2 hunks)
  • README.md (1 hunks)
  • cmd/main.go (1 hunks)
  • cmd/run/cmd.go (1 hunks)
  • cmd/version/cmd.go (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
  • cmd/main.go
  • cmd/run/cmd.go
  • cmd/version/cmd.go
🧰 Additional context used
🪛 Gitleaks
Makefile

57-57: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (4)
README.md (4)

27-58: LGTM! Improved build instructions and added version checking.

The updates to the "Building" section enhance user guidance by:

  1. Adding a step to pull the latest changes before building.
  2. Providing commands to view the binary version and available flags.
  3. Explaining how to run the binary with appropriate flags.

These changes directly address Issue #563, which requested the ability to check the binary version.


Line range hint 244-245: LGTM! Clear pointer to contribution guidelines.

The "Contributing" section, although brief, effectively directs potential contributors to the detailed CONTRIBUTING.md file. This approach is in line with best practices for open-source projects.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 247-248: LGTM! Clear license information provided.

The "License" section concisely states the project's licensing terms, mentioning both the license type (Apache License 2.0) and the presence of a LICENSE file for more details. This clarity is crucial for an open-source project.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 1-248: Excellent improvements to the README documentation!

The updates to the README.md file significantly enhance the documentation for the EVM Gateway project. Key improvements include:

  1. Clearer build instructions with version checking capabilities (addressing Issue Binary version #563).
  2. Comprehensive configuration flag documentation.
  3. Addition of public RPC endpoint information for different environments.
  4. Clarification on supported and unsupported JSON-RPC APIs.
  5. New debugging section with profiler instructions.

These changes align well with the PR objectives, providing better guidance for users and addressing the linked issues. The documentation now offers a more complete and user-friendly resource for developers working with the EVM Gateway.

🧰 Tools
🪛 Markdownlint

25-25: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

Makefile Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (6)
README.md (5)

26-57: LGTM: Improved building instructions with helpful commands

The updates to the "Building" section are excellent. They provide clear instructions for ensuring the latest code is used, viewing the binary version, and running the gateway with flags. This enhances user experience and reduces potential issues.

Consider adding a note about the importance of pulling the latest changes before building, to emphasize this step to users.

You could add a brief explanation like:

# Ensure you have the latest code before building
git pull origin main
git fetch origin --tags

68-89: LGTM: Enhanced "Running" instructions with crucial details

The updates to the "Running" section significantly improve the clarity of instructions for both local and testnet environments. The addition of the note about Access Node indexing for testnet is particularly valuable.

Consider adding a brief explanation of why the specific block height (211176670) is important for testnet, to provide more context to users.

You could add a brief explanation like:

*Note:* You need to make sure that your Access Node has indexed up to Flow block height `211176670`. This is the height where the `EVM` contract was first deployed on testnet, making it crucial for proper functionality.

Also applies to: 121-144

🧰 Tools
🪛 LanguageTool

[style] ~82-~82: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...r is run before any transactions happen in the meantime, the gateway will not fetch those histo...

(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)


[uncategorized] ~85-~85: Possible missing comma found.
Context: ...will be improved soon. _In the example above we set coa-address value to the servi...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~86-~86: Possible missing comma found.
Context: ... account will by default be funded with Flow which is a requirement. For coinbase ...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~87-~87: Possible missing comma found.
Context: ...ss. It's not really useful when running locally besides collecting fees. We also allow ...

(AI_HYDRA_LEO_MISSING_COMMA)


[style] ~88-~88: Consider a shorter alternative to avoid wordiness.
Context: ...needed on start-up on the coa account in order to operate the gateway. gas-price is set...

(IN_ORDER_TO_PREMIUM)


Line range hint 188-234: LGTM: Comprehensive configuration flag documentation

The expanded "Configuration Flags" section is excellent. The detailed table with descriptions and default values for each flag greatly enhances user understanding and ability to configure the gateway effectively.

Consider grouping related flags (e.g., all COA-related flags, all profiler-related flags) together in the table for easier reference.

You could reorganize the table to group related flags together, for example:

| Flag                           | Default Value                 | Description                                                                              |
|--------------------------------|-------------------------------|------------------------------------------------------------------------------------------|
| `database-dir`                 | `./db`                        | Path to the directory for the database                                                   |
| `rpc-host`                     | `""`                          | Host for the RPC API server                                                              |
| `rpc-port`                     | `8545`                        | Port for the RPC API server                                                              |
| `ws-enabled`                   | `false`                       | Enable websocket connections                                                             |
...
| `coa-address`                  | `""`                          | Flow address holding COA account for submitting transactions                             |
| `coa-key`                      | `""`                          | Private key for the COA address used for transactions                                    |
| `coa-key-file`                 | `""`                          | Path to a JSON file of COA keys for key-rotation (exclusive with `coa-key` flag)         |
| `coa-resource-create`          | `false`                       | Auto-create the COA resource if it doesn't exist in the Flow COA account                 |
| `coa-cloud-kms-project-id`     | `""`                          | Project ID for KMS keys (e.g. `flow-evm-gateway`)                                        |
| `coa-cloud-kms-location-id`    | `""`                          | Location ID for KMS key ring (e.g. 'global')                                             |
| `coa-cloud-kms-key-ring-id`    | `""`                          | Key ring ID for KMS keys (e.g. 'tx-signing')                                             |
| `coa-cloud-kms-keys`           | `""`                          | KMS keys and versions, comma-separated (e.g. `"gw-key-6@1,gw-key-7@1"`)                  |
...
| `profiler-enabled`             | `false`                       | Enable the pprof profiler server                                                         |
| `profiler-host`                | `localhost`                   | Host for the pprof profiler                                                              |
| `profiler-port`                | `6060`                        | Port for the pprof profiler                                                              |

270-278: LGTM: Improved API documentation with clear explanations

The updates to the "JSON-RPC API" section significantly improve the documentation by clearly stating which additional APIs are supported (tracing APIs) and which are not supported. The explanations for why certain APIs are not supported (e.g., wallet APIs due to security concerns) provide valuable context for users.

Consider adding links to the Ethereum documentation for the supported tracing APIs to provide users with more detailed information.

You could add links like this:

- Tracing APIs allows you to fetch execution traces
    * [debug_traceTransaction](https://geth.ethereum.org/docs/rpc/ns-debug#debug_tracetransaction)
    * [debug_traceBlockByNumber](https://geth.ethereum.org/docs/rpc/ns-debug#debug_traceblockbynumber)
    * [debug_traceBlockByHash](https://geth.ethereum.org/docs/rpc/ns-debug#debug_traceblockbyhash)
🧰 Tools
🪛 LanguageTool

[typographical] ~273-~273: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~275-~275: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)


[uncategorized] ~277-~277: Possible missing comma found.
Context: ...s: we don't yet support creating access lists as they don't affect the fees we charge...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint

271-271: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


Line range hint 1-296: LGTM: Comprehensive and well-structured README with minor improvement opportunities

The README now provides a comprehensive guide for users of the EVM Gateway, covering everything from building and running to configuration and debugging. The structure is logical and easy to follow.

Consider addressing the following minor issues to further improve the document:

  1. Line 82: Replace "in the meantime" with a more concise alternative, e.g., "meanwhile".
  2. Lines 85-88: Add commas to improve readability, e.g., "In the example above, we set..." and "It's not really useful when running locally, besides collecting fees."
  3. Line 88: Replace "in order to" with "to" for conciseness.
  4. Line 273: Restructure the sentence starting with "however" to ensure proper punctuation, e.g., "... on production environments. However, it is possible..."
  5. Line 275: Change "piggy-backs" to "piggybacks" for correct spelling.

These minor adjustments will enhance the overall quality and professionalism of the document.

🧰 Tools
🪛 Markdownlint

24-24: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

cmd/run/cmd.go (1)

225-247: Use more descriptive variable names for clarity

The variables declared in lines 225-247, such as coa, key, keyAlg, and keysPath, could be renamed to be more descriptive for better readability and maintainability. For instance, coa could be renamed to coaAddress, key to coaPrivateKey, and keyAlg to coaKeyAlgorithm to clearly indicate their purpose.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 5d4ab23 and 6c2e536.

📒 Files selected for processing (2)
  • README.md (7 hunks)
  • cmd/run/cmd.go (1 hunks)
🧰 Additional context used
🪛 LanguageTool
README.md

[style] ~82-~82: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...r is run before any transactions happen in the meantime, the gateway will not fetch those histo...

(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)


[uncategorized] ~85-~85: Possible missing comma found.
Context: ...will be improved soon. _In the example above we set coa-address value to the servi...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~86-~86: Possible missing comma found.
Context: ... account will by default be funded with Flow which is a requirement. For coinbase ...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~87-~87: Possible missing comma found.
Context: ...ss. It's not really useful when running locally besides collecting fees. We also allow ...

(AI_HYDRA_LEO_MISSING_COMMA)


[style] ~88-~88: Consider a shorter alternative to avoid wordiness.
Context: ...needed on start-up on the coa account in order to operate the gateway. gas-price is set...

(IN_ORDER_TO_PREMIUM)


[typographical] ~273-~273: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~275-~275: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)


[uncategorized] ~277-~277: Possible missing comma found.
Context: ...s: we don't yet support creating access lists as they don't affect the fees we charge...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint
README.md

143-143: Expected: underscore; Actual: asterisk
Emphasis style

(MD049, emphasis-style)


143-143: Expected: underscore; Actual: asterisk
Emphasis style

(MD049, emphasis-style)


271-271: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

🪛 Gitleaks
README.md

138-138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (2)
README.md (2)

Line range hint 1-1: LGTM: Image addition enhances README appearance

The addition of the Flow-related image at the top of the README improves the visual appeal and immediately identifies the project's association with Flow. The width setting ensures it doesn't overwhelm the content.

🧰 Tools
🪛 LanguageTool

[style] ~6-~6: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...aging with any other EVM blockchain.** EVM Gateway implements the Ethereum JSON-RP...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)


[uncategorized] ~9-~9: Possible missing comma found.
Context: ... majority of standard Ethereum JSON-RPC APIs allowing seamless integration with exis...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint

11-11: Expected: h2; Actual: h3
Heading levels should only increment by one level at a time

(MD001, heading-increment)


Line range hint 280-296: LGTM: Valuable addition of debugging information

The new "Debugging" section is an excellent addition to the README. It provides clear instructions for enabling and using the profiler, which will be invaluable for developers working on or with the EVM Gateway. The inclusion of specific commands for generating profiles and traces gives users a concrete starting point for debugging.

🧰 Tools
🪛 LanguageTool

[typographical] ~273-~273: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~275-~275: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)


[uncategorized] ~277-~277: Possible missing comma found.
Context: ...s: we don't yet support creating access lists as they don't affect the fees we charge...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint

267-267: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


268-268: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


269-269: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


267-267: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


268-268: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


269-269: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


271-271: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

cmd/run/cmd.go Show resolved Hide resolved
cmd/run/cmd.go Show resolved Hide resolved
cmd/run/cmd.go Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)
README.md (2)

76-89: LGTM: Comprehensive running instructions for different environments.

The "Running" section has been significantly improved with detailed instructions for local, testnet, and mainnet environments. This enhancement aligns well with the PR objectives and provides clear guidance for users.

However, for improved clarity:

Consider adding a brief explanation of what the --init-cadence-height flag does in the testnet section, similar to how it's explained in the mainnet section. This will help users understand its importance across different environments.

Also applies to: 121-146, 190-195

🧰 Tools
🪛 LanguageTool

[style] ~82-~82: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...r is run before any transactions happen in the meantime, the gateway will not fetch those histo...

(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)


[uncategorized] ~85-~85: Possible missing comma found.
Context: ...will be improved soon. _In the example above we set coa-address value to the servi...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~86-~86: Possible missing comma found.
Context: ... account will by default be funded with Flow which is a requirement. For coinbase ...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~87-~87: Possible missing comma found.
Context: ...ss. It's not really useful when running locally besides collecting fees. We also allow ...

(AI_HYDRA_LEO_MISSING_COMMA)


[style] ~88-~88: Consider a shorter alternative to avoid wordiness.
Context: ...needed on start-up on the coa account in order to operate the gateway. gas-price is set...

(IN_ORDER_TO_PREMIUM)


271-281: LGTM: Enhanced API documentation with additional and unsupported APIs.

The "JSON-RPC API" section has been improved with the addition of tracing APIs and a clearer explanation of unsupported APIs. This enhancement provides better guidance for developers and aligns with the PR objectives.

For consistency:

Consider using consistent formatting for the unsupported APIs list. Currently, some items use a hyphen (-) while others use a bullet point (•). Standardizing the list format would improve readability.

🧰 Tools
🪛 LanguageTool

[typographical] ~276-~276: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~278-~278: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)


[uncategorized] ~280-~280: Possible missing comma found.
Context: ...s: we don't yet support creating access lists as they don't affect the fees we charge...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint

271-271: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


272-272: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


271-271: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


272-272: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


274-274: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6c2e536 and 0729b85.

📒 Files selected for processing (1)
  • README.md (7 hunks)
🧰 Additional context used
🪛 LanguageTool
README.md

[style] ~82-~82: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...r is run before any transactions happen in the meantime, the gateway will not fetch those histo...

(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)


[uncategorized] ~85-~85: Possible missing comma found.
Context: ...will be improved soon. _In the example above we set coa-address value to the servi...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~86-~86: Possible missing comma found.
Context: ... account will by default be funded with Flow which is a requirement. For coinbase ...

(AI_HYDRA_LEO_MISSING_COMMA)


[uncategorized] ~87-~87: Possible missing comma found.
Context: ...ss. It's not really useful when running locally besides collecting fees. We also allow ...

(AI_HYDRA_LEO_MISSING_COMMA)


[style] ~88-~88: Consider a shorter alternative to avoid wordiness.
Context: ...needed on start-up on the coa account in order to operate the gateway. gas-price is set...

(IN_ORDER_TO_PREMIUM)


[typographical] ~276-~276: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~278-~278: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)


[uncategorized] ~280-~280: Possible missing comma found.
Context: ...s: we don't yet support creating access lists as they don't affect the fees we charge...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Gitleaks
README.md

138-138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 Markdownlint
README.md

192-192: null
Bare URL used

(MD034, no-bare-urls)


274-274: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

🔇 Additional comments (5)
README.md (5)

Line range hint 1-1: LGTM: Added relevant image to README.

The addition of the EVM-related image enhances the visual appeal of the README and provides immediate context for the project. The image is appropriately sized and includes alt text for accessibility.

🧰 Tools
🪛 LanguageTool

[style] ~6-~6: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...aging with any other EVM blockchain.** EVM Gateway implements the Ethereum JSON-RP...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)


[uncategorized] ~9-~9: Possible missing comma found.
Context: ... majority of standard Ethereum JSON-RPC APIs allowing seamless integration with exis...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint

11-11: Expected: h2; Actual: h3
Heading levels should only increment by one level at a time

(MD001, heading-increment)


7-7: LGTM: Improved introduction clarity.

The updated introduction provides a clearer explanation of EVM Gateway's purpose and implementation details. This enhancement aligns well with the PR objective of improving documentation.


26-57: LGTM: Comprehensive building instructions added.

The new "Building" section provides clear and detailed instructions for manually building and running the EVM Gateway. This addition addresses the PR objectives and resolves issue #563 by including commands to view the binary version and available flags. The step-by-step guide will be helpful for users and developers.


Line range hint 198-234: LGTM: Comprehensive configuration flags table added.

The new "Configuration Flags" section provides a detailed table of all available flags, including descriptions and default values. This addition greatly enhances the documentation and will be very helpful for users configuring the EVM Gateway. The inclusion of profiling flags aligns with the new debugging features mentioned in the PR objectives.


Line range hint 285-300: LGTM: Added profiling instructions to enhance debugging capabilities.

The new "Profiler" subsection in the "Debugging" section provides clear instructions for enabling and using the pprof profiler. This addition aligns with the PR objectives of enhancing debugging features and will be valuable for developers working on performance optimization.

🧰 Tools
🪛 LanguageTool

[style] ~6-~6: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...aging with any other EVM blockchain.** EVM Gateway implements the Ethereum JSON-RP...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)


[uncategorized] ~9-~9: Possible missing comma found.
Context: ... majority of standard Ethereum JSON-RPC APIs allowing seamless integration with exis...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 Markdownlint

11-11: Expected: h2; Actual: h3
Heading levels should only increment by one level at a time

(MD001, heading-increment)

README.md Show resolved Hide resolved
@m-Peter m-Peter changed the title Add CLI commands for binary Add CLI commands on binary Oct 18, 2024
Copy link
Contributor

@janezpodhostnik janezpodhostnik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

--profiler-port=6060

.PHONY: start-local-bin
start-local-bin:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a comment for when you would use what would be nice.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point 👍
Added comment in f2c6fcc

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (6)
cmd/version/cmd.go (1)

9-15: LGTM: Well-implemented version command with room for minor enhancement.

The Cobra command is correctly structured and implements the version checking functionality as requested in issue #563. Great job on using structured logging with zerolog.

Consider adding a long description and example usage to enhance user experience:

 var Cmd = &cobra.Command{
 	Use:   "version",
 	Short: "Prints the current version of the EVM Gateway Node",
+	Long: `The version command displays the current build version of the EVM Gateway Node.
+This is useful for identifying which version of the software you are running.`,
+	Example: "  flow-evm-gateway version",
 	Run: func(*cobra.Command, []string) {
 		log.Info().Str("version", api.Version).Msg("build details")
 	},
 }
Makefile (1)

Line range hint 65-80: Security concern: Remove hardcoded API keys and improve usage comment

The new start-local-bin target successfully implements the command for running the EVM Gateway from a binary, as specified in the PR objectives. However, it contains the same security issue with hardcoded API keys as the start-local target.

  1. Replace the hardcoded keys with environment variables:
 ./flow-evm-gateway run \
   --flow-network-id=flow-emulator \
   --coinbase=FACF71692421039876a5BB4F10EF7A439D8ef61E \
   --coa-address=f8d6e0586b0a20c7 \
-  --coa-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
-  --wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
+  --coa-key=$(COA_KEY) \
+  --wallet-api-key=$(WALLET_API_KEY) \
   --coa-resource-create=true \
   --gas-price=0 \
   --log-writer=console \
   --profiler-enabled=true \
   --profiler-port=6060
  1. Improve the usage comment to provide more context:
-# Use this after running `make build`, to test out the binary
+# Use this target to run the built binary directly. Execute `make build` first to create the binary.
+# This is useful for testing the binary in a local environment that closely resembles the production setup.

These changes will address the security concern and provide clearer guidance on when and how to use this target.

🧰 Tools
🪛 Gitleaks

57-57: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

README.md (4)

26-57: Improved build and run instructions

The new instructions for building and running the EVM Gateway are clear and align well with the PR objectives. They provide users with step-by-step guidance on how to build, check the version, view available flags, and run the gateway.

Consider adding a brief explanation of what make start-local-bin does, similar to how you've explained other commands. This would provide consistency in the documentation style.


76-89: Enhanced local running instructions and configuration explanation

The updated instructions for running the EVM Gateway locally and the additional context for configuration parameters are helpful improvements. They provide users with a better understanding of how to set up and run the gateway in a local environment.

Consider the following minor language improvements:

  1. Line 82: Replace "in the meantime" with "in between" for conciseness.
  2. Line 85: Add a comma after "In the example above".
  3. Line 86: Add a comma after "This account will by default be funded with Flow".
  4. Line 88: Consider rephrasing "in order to" to "to" for brevity.
🧰 Tools
🪛 LanguageTool

[style] ~82-~82: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...r is run before any transactions happen in the meantime, the gateway will not fetch those histo...

(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)


[uncategorized] ~86-~86: A comma might be missing here.
Context: ... account will by default be funded with Flow which is a requirement. For coinbase ...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)


[style] ~88-~88: Consider a shorter alternative to avoid wordiness.
Context: ...needed on start-up on the coa account in order to operate the gateway. gas-price is set...

(IN_ORDER_TO_PREMIUM)


190-194: Added mainnet deployment information

The addition of the link to the deployment document and the information about the mainnet init height are valuable improvements. This provides users with essential information for running the EVM Gateway on mainnet.

Consider using a proper markdown link format for the deployment document URL on line 192. For example:

[EVM Gateway Deployment](https://flowfoundation.notion.site/EVM-Gateway-Deployment-3c41da6710af40acbaf971e22ce0a9fd)

This would improve the readability and usability of the README.

🧰 Tools
🪛 Markdownlint

192-192: null
Bare URL used

(MD034, no-bare-urls)


273-281: Updated API support information

The additions and clarifications regarding supported and unsupported APIs are valuable. They provide users with a clear understanding of the EVM Gateway's capabilities and limitations.

On line 278, "piggy-backs" should be one word: "piggybacks". This minor correction would improve the document's consistency with standard English usage.

🧰 Tools
🪛 LanguageTool

[typographical] ~276-~276: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~278-~278: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)

🪛 Markdownlint

274-274: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 0729b85 and 122367b.

⛔ Files ignored due to path filters (2)
  • go.sum is excluded by !**/*.sum
  • tests/go.sum is excluded by !**/*.sum
📒 Files selected for processing (10)
  • Dockerfile (2 hunks)
  • Makefile (2 hunks)
  • README.md (7 hunks)
  • cmd/main.go (1 hunks)
  • cmd/main/main.go (0 hunks)
  • cmd/run/cmd.go (1 hunks)
  • cmd/version/cmd.go (1 hunks)
  • config/config.go (1 hunks)
  • go.mod (1 hunks)
  • tests/go.mod (1 hunks)
💤 Files with no reviewable changes (1)
  • cmd/main/main.go
✅ Files skipped from review due to trivial changes (1)
  • tests/go.mod
🧰 Additional context used
🪛 Gitleaks
Makefile

57-57: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

README.md

138-138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 LanguageTool
README.md

[uncategorized] ~72-~72: You might be missing the article “the” here.
Context: ... has the emulator account configured to address and private key we will use for startin...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)


[style] ~82-~82: ‘in the meantime’ might be wordy. Consider a shorter alternative.
Context: ...r is run before any transactions happen in the meantime, the gateway will not fetch those histo...

(EN_WORDINESS_PREMIUM_IN_THE_MEANTIME)


[uncategorized] ~86-~86: A comma might be missing here.
Context: ... account will by default be funded with Flow which is a requirement. For coinbase ...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)


[style] ~88-~88: Consider a shorter alternative to avoid wordiness.
Context: ...needed on start-up on the coa account in order to operate the gateway. gas-price is set...

(IN_ORDER_TO_PREMIUM)


[typographical] ~276-~276: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~278-~278: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)

🪛 Markdownlint
README.md

192-192: null
Bare URL used

(MD034, no-bare-urls)


274-274: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

🔇 Additional comments (18)
cmd/version/cmd.go (1)

1-7: LGTM: Package and imports are well-structured.

The package name and imports are appropriate for implementing a version command using Cobra and logging with zerolog.

cmd/main.go (3)

3-10: LGTM: Imports are appropriate and concise.

The imports cover all necessary packages for CLI implementation, logging, and local command packages. No unnecessary imports are present.


12-15: Add a value for the Use field in the root command.

The Use field in the root command is currently empty. This field typically defines how the command should be called and is important for generating help text and usage instructions.

Consider adding a value that represents the binary name, for example:

var rootCmd = &cobra.Command{
-	Use:   "",
+	Use:   "flow-evm-gateway",
	Short: "Utility commands for the EVM Gateway Node",
}

This change will improve the clarity of the command's usage in help text and error messages.


1-29: Summary: CLI implementation aligns with PR objectives, with room for minor improvements.

The implementation of the CLI structure using Cobra in cmd/main.go aligns well with the PR objectives of adding CLI commands for the flow-evm-gateway. The file successfully sets up the root command and adds subcommands for version and run, which correspond to the new features mentioned in the PR summary.

Key points:

  1. The CLI structure is in place, allowing for the version and run commands as specified in the PR objectives.
  2. Error handling and logging are implemented, though there's room for improvement as suggested in the previous comments.
  3. The Use field in the root command should be filled to improve usage instructions.

These changes contribute to addressing issues #488, #563, and #604 by providing a framework for implementing the required CLI commands. To fully meet the objectives:

  1. Ensure the version command outputs the current build version (v0.36.4) as mentioned in the PR summary.
  2. Implement the run command to handle the list of flags mentioned in the PR summary.
  3. Consider implementing a retry mechanism in the run command to address the bootstrapping issue mentioned in Gateway crashes while bootstrapping from out of sync AN #488.

Overall, this file provides a solid foundation for the CLI implementation, aligning with the PR objectives while leaving room for further enhancements in the subcommand implementations.

Dockerfile (1)

33-33: ENTRYPOINT updated to support new CLI structure

The ENTRYPOINT has been modified to include a "run" argument, which aligns with the PR objective of adding new CLI commands. This change suggests that the application now uses a command-line interface, likely implemented with Cobra as mentioned in the AI summary.

This modification supports the new feature allowing users to run the EVM Gateway from a binary using ./flow-evm-gateway version {list of flags} as mentioned in the PR objectives.

Let's verify if the new CLI structure is properly implemented:

#!/bin/bash
# Check for Cobra implementation in main.go
if grep -q "github.com/spf13/cobra" cmd/main.go; then
  echo "Cobra is imported in cmd/main.go"
else
  echo "Warning: Cobra import not found in cmd/main.go"
fi

# Check for the 'run' command implementation
if grep -q "RunE:" cmd/main.go; then
  echo "'run' command implementation found in cmd/main.go"
else
  echo "Warning: 'run' command implementation not found in cmd/main.go"
fi

# Check for the 'version' command implementation
if grep -q "Version:" cmd/main.go; then
  echo "'version' command implementation found in cmd/main.go"
else
  echo "Warning: 'version' command implementation not found in cmd/main.go"
fi
Makefile (2)

21-24: LGTM: New build target implemented correctly.

The new build target successfully implements the Make recipe for building the binary with the appropriate version tag, as specified in the PR objectives. It correctly sets CGO_ENABLED=1, specifies the output binary name, and dynamically injects the version from the latest Git tag.


53-63: ⚠️ Potential issue

Security concern: Remove hardcoded API keys

While the changes to the start-local target successfully implement the new command for running the EVM Gateway with additional configuration options, the security issue with hardcoded API keys still persists. This issue was previously raised in a past review comment and needs to be addressed.

To resolve this, please replace the hardcoded keys with environment variables:

 go run cmd/main.go run \
   --flow-network-id=flow-emulator \
   --coinbase=FACF71692421039876a5BB4F10EF7A439D8ef61E \
   --coa-address=f8d6e0586b0a20c7 \
-  --coa-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
-  --wallet-api-key=2619878f0e2ff438d17835c2a4561cb87b4d24d72d12ec34569acd0dd4af7c21 \
+  --coa-key=$(COA_KEY) \
+  --wallet-api-key=$(WALLET_API_KEY) \
   --coa-resource-create=true \
   --gas-price=0 \
   --log-writer=console \
   --profiler-enabled=true \
   --profiler-port=6060

Ensure that these environment variables are securely set in your development and production environments.

🧰 Tools
🪛 Gitleaks

57-57: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


58-58: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

go.mod (1)

22-22: LGTM: Cobra library update

The update of github.com/spf13/cobra from v1.8.0 to v1.8.1 is a minor version change, which is generally good for keeping dependencies up-to-date. This update aligns well with the PR objectives of introducing new CLI commands.

To ensure a smooth transition, please verify the Cobra v1.8.1 changelog for any breaking changes or new features that might be relevant to this PR. You can find the changelog at: https://github.com/spf13/cobra/releases/tag/v1.8.1

README.md (4)

128-146: Updated testnet configuration and improved explanation

The revised command for running the EVM Gateway on testnet and the additional explanation for the --init-cadence-height flag are valuable improvements. These changes provide users with more accurate and detailed information for setting up the gateway on the testnet environment.

The explanation of the --init-cadence-height flag is particularly helpful, as it clarifies the starting point for indexing the full EVM state on testnet.

🧰 Tools
🪛 Gitleaks

138-138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


234-234: Clarified profiler-enabled flag description

The updated description for the profiler-enabled flag is clearer and more concise. This change improves the overall quality of the configuration documentation.


Line range hint 283-300: Added debugging section with profiler instructions

The new debugging section with profiler instructions is a valuable addition to the README. It provides clear guidance on how to enable and use the profiler, which will be helpful for developers working on or troubleshooting the EVM Gateway.

This addition aligns well with the overall goal of improving the documentation and providing more tools for developers working with the EVM Gateway.

🧰 Tools
🪛 LanguageTool

[typographical] ~276-~276: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...ging the keys on production environments, however, it is possible to configure the gateway...

(HOWEVER_SENTENCE)


[misspelling] ~278-~278: This word is normally spelled as one.
Context: ...on't support obtaining proofs yet, Flow piggy-backs on the Flow consensus, and hence the Fl...

(EN_COMPOUNDS_PIGGY_BACKS)

🪛 Markdownlint

270-270: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


271-271: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


272-272: Expected: dash; Actual: asterisk
Unordered list style

(MD004, ul-style)


270-270: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


271-271: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


272-272: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)


274-274: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)


138-138: False positive: No sensitive information exposed

Regarding the previous comment about a potential Generic API Key on this line, I've reviewed the content and can confirm that this is a false positive. The line is part of an example command and does not contain any actual sensitive information.

No action is required, as this is not a real security issue.

🧰 Tools
🪛 Gitleaks

138-138: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

config/config.go (1)

24-24: Good job correcting the typo in the constant name

Well done fixing the typographical error in LiveNetworkInitCadenceHeight. This improves code clarity and prevents potential confusion.

cmd/run/cmd.go (5)

73-77: Ensure gas price is a positive integer

While parsing the gas price, ensure that the value provided is a positive integer. Currently, if a negative number is provided, it will be accepted, which could lead to unexpected behavior.


187-188: Ensure stream timeout is a positive integer

The streamTimeout variable is used to set cfg.StreamTimeout, and negative values would result in a negative duration, which is likely unintended. Add validation to ensure streamTimeout is positive.


189-193: Validate that filter expiry duration is positive

Currently, if a negative filter-expiry value is provided, it will be accepted, which may lead to unexpected behavior. Ensure that the parsed duration is positive.


64-222: Refactor parseConfigFromFlags function for better maintainability

The parseConfigFromFlags function is quite lengthy and handles multiple responsibilities, which can make it harder to read and maintain. Consider breaking it down into smaller helper functions, each responsible for parsing a specific group of flags or configurations. This will improve readability and make future modifications easier.


249-289: Group related command-line flags for better organization and readability

The flags in the init function are numerous and cover various configurations. Grouping related flags together and adding comments can improve readability and maintenance.

Use: "version",
Short: "Prints the current version of the EVM Gateway Node",
Run: func(*cobra.Command, []string) {
log.Info().Str("version", api.Version).Msg("build details")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Issue Confirmed: api.Version is still hardcoded to "development".

The variable api.Version in api/web3.go remains hardcoded, which prevents accurate version reporting. Please update it to dynamically reflect the current version.

🔗 Analysis chain

Reminder: Update api.Version to reflect the current version.

While this implementation correctly uses api.Version, the underlying variable in api/web3.go is still hardcoded to "development". This needs to be updated to ensure accurate version reporting.

To confirm the current state of api.Version, run the following script:

Would you like assistance in implementing a dynamic version update mechanism for api.Version?

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the api.Version variable definition

# Test: Search for the Version variable definition in the api package
rg --type go -g 'api/*.go' 'var Version ='

Length of output: 84

Comment on lines +17 to +22
func Execute() {
if err := rootCmd.Execute(); err != nil {
log.Err(err).Msg("failed to run command")
os.Exit(1)
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider enhancing error handling in the Execute function.

While the current implementation is functional, consider the following improvements:

  1. Add more context to the error log:
-		log.Err(err).Msg("failed to run command")
+		log.Err(err).Str("command", os.Args[0]).Msg("failed to execute command")
  1. Consider returning the error instead of calling os.Exit(1) directly. This allows for better testability and gives the caller more control over how to handle the error.
-func Execute() {
+func Execute() error {
 	if err := rootCmd.Execute(); err != nil {
 		log.Err(err).Str("command", os.Args[0]).Msg("failed to execute command")
-		os.Exit(1)
+		return err
 	}
+	return nil
}

These changes will provide more informative logs and improve the function's flexibility and testability.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func Execute() {
if err := rootCmd.Execute(); err != nil {
log.Err(err).Msg("failed to run command")
os.Exit(1)
}
}
func Execute() error {
if err := rootCmd.Execute(); err != nil {
log.Err(err).Str("command", os.Args[0]).Msg("failed to execute command")
return err
}
return nil
}

Comment on lines +24 to +29
func main() {
rootCmd.AddCommand(version.Cmd)
rootCmd.AddCommand(run.Cmd)

Execute()
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve error handling in the main function.

The main function currently doesn't handle potential errors from the Execute function. Consider the following improvement:

func main() {
	rootCmd.AddCommand(version.Cmd)
	rootCmd.AddCommand(run.Cmd)

-	Execute()
+	if err := Execute(); err != nil {
+		os.Exit(1)
+	}
}

This change ensures that if Execute returns an error, the program will exit with a non-zero status code, which is a common practice for indicating failure in CLI applications.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func main() {
rootCmd.AddCommand(version.Cmd)
rootCmd.AddCommand(run.Cmd)
Execute()
}
func main() {
rootCmd.AddCommand(version.Cmd)
rootCmd.AddCommand(run.Cmd)
if err := Execute(); err != nil {
os.Exit(1)
}
}

@@ -15,7 +15,7 @@ RUN go mod download
RUN go mod verify

# Build binary
RUN CGO_ENABLED=1 go build -o bin -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=${GATEWAY_VERSION}" ./cmd/main/main.go
RUN CGO_ENABLED=1 go build -o bin -ldflags="-X github.com/onflow/flow-evm-gateway/api.Version=${GATEWAY_VERSION}" cmd/main.go
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Missing 'run' and 'version' command implementations

The build command includes version and run commands, but their implementations are not found in cmd/main.go. Please ensure these commands are properly implemented to align with the PR objectives.

🔗 Analysis chain

Build command updated to support versioning and CGO

The build command has been modified to include version information and enable CGO. This change aligns with the PR objective of adding a version command to the binary.

A few points to note:

  1. CGO_ENABLED=1 allows the use of cgo, which might be necessary for certain dependencies.
  2. The ldflags inject the version information, enabling the new version command.
  3. The build target has changed from ./cmd/main/main.go to cmd/main.go, suggesting a restructure of the project layout.

Let's verify if the new project structure is consistent:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the existence of cmd/main.go and check its content
if [ -f cmd/main.go ]; then
  echo "cmd/main.go exists. Content:"
  cat cmd/main.go
else
  echo "Error: cmd/main.go does not exist"
  exit 1
fi

Length of output: 468

@m-Peter m-Peter merged commit c457666 into main Oct 21, 2024
2 checks passed
@m-Peter m-Peter deleted the add-commands-for-cli branch October 21, 2024 16:56
@coderabbitai coderabbitai bot mentioned this pull request Oct 30, 2024
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: ✅ Done
2 participants