[WIP] Backport upstream changes

.github/CODEOWNERS

@@ -1,5 +1 @@
-# CODEOWNERS: https://help.github.com/articles/about-codeowners/
-
-# Primary (global) repo maintainers
-
-    * @evmos/core-engineering
+*       @crypto-org-chain/cronos-dev

.github/dependabot.yml

@@ -6,9 +6,6 @@ updates:
     interval: daily
     time: "10:00"
   open-pull-requests-limit: 10
-  reviewers:
-  - fedekunze
-  - khoslaventures
   labels:
   - dependencies
 - package-ecosystem: docker
@@ -17,9 +14,6 @@ updates:
     interval: daily
     time: "10:00"
   open-pull-requests-limit: 10
-  reviewers:
-  - fedekunze
-  - khoslaventures
 - package-ecosystem: gomod
   directory: "/"
   schedule:

.github/issue_labeler.yml

@@ -0,0 +1,56 @@
+bug:
+  - 'bug'
+  - 'error'
+  - 'issue'
+  - 'crash'
+  - 'panic'
+  - 'fail'
+  - 'broken'
+  - 'not work'
+  - 'exception'
+
+enhancement:
+  - 'feature'
+  - 'enhancement'
+  - 'improve'
+  - 'add'
+  - 'support'
+  - 'request'
+  - 'proposal'
+  - 'rfc'
+
+documentation:
+  - 'docs'
+  - 'documentation'
+  - 'readme'
+  - 'guide'
+  - 'tutorial'
+  - 'example'
+  - 'spec'
+  - 'specification'
+
+cli:
+  - 'cli'
+  - 'command'
+  - 'flag'
+  - 'argument'
+  - 'terminal'
+
+dependencies:
+  - 'dependency'
+  - 'dependencies'
+  - 'go.mod'
+  - 'cosmos-sdk'
+  - 'tendermint'
+  - 'cometbft'
+
+build:
+  - 'build'
+  - 'compile'
+  - 'makefile'
+  - 'docker'
+
+ci:
+  - 'ci'
+  - 'github actions'
+  - 'workflow'

.github/pr_labeler.yml

@@ -0,0 +1,28 @@
+cli:
+  - x/*/client/**/*
+nix:
+  - nix/**
+  - default.nix
+  - docker.nix
+  - flake.nix
+  - sources.nix
+  - testenv.nix
+  - goethereum.nix
+  - golangci-lint.nix
+adr:
+  - docs/architecture/**/*
+build:
+  - Makefile
+  - Dockerfile
+  - docker-compose.yml
+  - scripts/*
+ci:
+  - .github/**
+  - buf.work.yaml
+  - .golangci.yml
+
+# modules  
+evm:
+  - x/evm/**/*
+feemarket:
+  - x/feemarket/**/*

.github/workflows/build.yml

@@ -20,10 +20,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
         with:
-          go-version: 1.21
+          go-version: "1.25.0"
           check-latest: true
       - uses: technote-space/get-diff-action@v6.1.2
         id: git_diff

.github/workflows/changelog-reminder.yml

@@ -0,0 +1,25 @@
+# Checks if a changelog is missing in the PR diff
+name: Changelog Reminder
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+      - ready_for_review
+    paths: [ "**/*.go" ]
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  remind:
+    name: Changelog Reminder
+    runs-on: ubuntu-latest
+    # Skip draft PRs and PRs starting with: revert, test, chore, ci, docs, style, build, refactor
+    if: "!github.event.pull_request.draft && !contains(github.event.pull_request.title, 'revert') && !contains(github.event.pull_request.title, 'test') && !contains(github.event.pull_request.title, 'chore') && !contains(github.event.pull_request.title, 'ci') && !contains(github.event.pull_request.title, 'docs') && !contains(github.event.pull_request.title, 'style') && !contains(github.event.pull_request.title, 'build') && !contains(github.event.pull_request.title, 'refactor')"
+    steps:
+      - uses: actions/checkout@v6
+      - uses: mskelton/changelog-reminder-action@v3
+        with:
+          message: "@${{ github.actor }} your pull request is missing a changelog!"

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
       - uses: technote-space/get-diff-action@v6.1.2
         with:
           PATTERNS: |
@@ -56,7 +56,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -69,7 +69,7 @@ jobs:
       # If this step fails, then you should remove it and run the build manually (see below)
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v4
         if: env.GIT_DIFF
 
       # ℹ️ Command-line programs to run using the OS shell.
@@ -84,5 +84,5 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v4
         if: env.GIT_DIFF

.github/workflows/dependabot-update-all.yml

@@ -0,0 +1,47 @@
+name: Dependabot Update All Go Modules
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+env:
+  PR_TITLE: ${{ github.event.pull_request.title }}
+
+jobs:
+  update-all:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Generate Token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        id: app-token
+        with:
+          app-id: "${{ secrets.APP_ID }}"
+          private-key: "${{ secrets.APP_PRIVATE_KEY }}"
+      - uses: actions/checkout@v6
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: "${{ steps.app-token.outputs.token }}"
+      - uses: actions/setup-go@v6
+        with:
+          go-version: "1.25.0"
+          check-latest: true
+      - name: Extract updated dependency
+        id: deps
+        run: |
+          # Extract the dependency name from the PR title
+          # Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0"
+          # Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0"
+          echo "name=$(echo "$PR_TITLE" | cut -d ' ' -f 3)" >> $GITHUB_OUTPUT
+          echo "version=$(echo "$PR_TITLE" | cut -d ' ' -f 7)" >> $GITHUB_OUTPUT
+      - name: Update all Go modules
+        run: |
+          ./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }}
+          ./scripts/go-mod-tidy-all.sh
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          default_author: user_info
+          message: "${{ github.event.pull_request.title }} for all modules"

.github/workflows/dependencies-review.yml

@@ -0,0 +1,44 @@
+name: "Dependency Review"
+on:
+  pull_request:
+  merge_group:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v6
+      - name: "Setup Go"
+        uses: actions/setup-go@v6
+        with:
+          go-version: "1.25.0"
+          check-latest: true
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v4
+        with:
+          base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
+          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
+          fail-on-severity: high
+      - name: "Go vulnerability check"
+        id: govuln
+        run: |
+          # Run the vulnerability check and capture its output (ignoring non-zero exit codes)
+          make vulncheck 2>&1 | tee govulncheck-output.txt || true
+
+          # Extract vulnerability identifiers from the output (e.g., GO-2025-3443)
+          vulnerabilities=$(grep -o 'GO-[0-9]\{4\}-[0-9]\+' govulncheck-output.txt | sort | uniq)
+          echo "Detected vulnerabilities: $vulnerabilities"
+
+          # Check if any vulnerability other than GO-2025-3443 exists
+          for vuln in $vulnerabilities; do
+            if [ "$vuln" != "GO-2025-3443" ]; then
+              echo "Found vulnerability $vuln, failing..."
+              exit 1
+            fi
+          done
+
+          echo "Only known vulnerability (GO-2025-3443) present. Continuing."

.github/workflows/dependencies.yml

@@ -8,20 +8,20 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v6
         with:
-          go-version: 1.21
+          go-version: "1.25.0"
           check-latest: true
       - name: "Checkout Repository"
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
       - uses: technote-space/get-diff-action@v6.1.2
         with:
           PATTERNS: |
             **/**.go
             go.mod
             go.sum
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4
         if: env.GIT_DIFF
       - name: "Go vulnerability check"
         run: make vulncheck

.github/workflows/deploy-contract.yml

@@ -20,9 +20,9 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
       - name: Use Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v6
         with:
           node-version: '12.x'
       - name: Install dependencies

.github/workflows/goreleaser.yml

@@ -9,13 +9,13 @@ jobs:
     runs-on: ubuntu-latest
     environment: release
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v6
         with:
           submodules: true
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v6
         with:
-          go-version: 1.21
+          go-version: "1.25.0"
           check-latest: true
       - name: release dry run
         run: make release-dry-run
@@ -25,4 +25,4 @@ jobs:
         run: |-
           echo 'GITHUB_TOKEN=${{secrets.GITHUB_TOKEN}}' > .release-env
       - name: release publish
-        run: make release
+        run: make release

.github/workflows/issue_labeler.yml

@@ -0,0 +1,15 @@
+name: "Issue Labeler"
+on:
+  issues:
+    types: [opened]
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: github/issue-labeler@v3.4
+        if: join(github.event.issue.labels) == ''
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0