Skip to content

Update to Cadence v1.0#2

Merged
devbugging merged 5 commits into
devbugging:mainfrom
onflowser:cadence-v1
Sep 20, 2024
Merged

Update to Cadence v1.0#2
devbugging merged 5 commits into
devbugging:mainfrom
onflowser:cadence-v1

Conversation

@bartolomej

@bartolomej bartolomej commented Sep 5, 2024

Copy link
Copy Markdown
Contributor

Description

  • Update Cadence source code to v1.0 language spec (https://forum.flow.com/t/update-on-cadence-1-0/5197)
  • Remove unused utility contracts (devs should use the dependency manager tool in case they need external deps either way)
  • Update flow.json to include Person contract and work with flow dev command
  • Update readme

Summary by CodeRabbit

  • New Features

    • Enhanced accessibility of the Person contract and its functions, allowing broader interactions.
    • Introduced a streamlined deployment strategy focusing on the Person contract.
  • Documentation

    • Updated the README to clarify the use of external dependencies, directing users to relevant resources.
  • Bug Fixes

    • Improved access control in various scripts and transactions for better security and clarity in account interactions.

@coderabbitai

coderabbitai Bot commented Sep 5, 2024

Copy link
Copy Markdown

Walkthrough

The changes involve updates to access control levels in various Cadence files, enhancing the visibility of contracts, functions, and resources. The README.md file has been reorganized to better guide users on managing external dependencies. Additionally, the flow.json configuration has been simplified to focus on the Person contract, reflecting a shift in project priorities.

Changes

File(s) Change Summary
README.md Renamed "Included Imports" to "Using external dependencies" and removed specific contracts, directing users to documentation.
cadence/contracts/Person.cdc Changed access control from pub to access(all) for the contract, variables, functions, and resources.
cadence/scripts/helloWorld.cdc Changed main function access from pub to access(all).
cadence/scripts/sayHello.cdc Changed main function access from pub to access(all).
cadence/transactions/makeFriends.cdc Modified acc variable type from AuthAccount to &Account and updated prepare function signature for stricter access control.
flow.json Streamlined to include only the Person contract, introduced a new default account, and added a deployments section.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Contract
    participant Account

    User->>Contract: Call sayHello()
    Contract->>User: Return greeting

    User->>Account: Make friends
    Account->>Contract: Execute makeFriends()
    Contract->>Account: Save Friendship resource
Loading

🐰 "Oh, what a change, so bright and new,
Access for all, it's true!
Contracts now open wide,
With friends to make, come take a ride!
In the code, we hop and play,
Celebrating each new day!" 🐇✨


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5ea01c5 and c1d79d2.

Files selected for processing (6)
  • README.md (1 hunks)
  • cadence/contracts/Person.cdc (2 hunks)
  • cadence/scripts/helloWorld.cdc (1 hunks)
  • cadence/scripts/sayHello.cdc (1 hunks)
  • cadence/transactions/makeFriends.cdc (1 hunks)
  • flow.json (1 hunks)
Additional context used
Gitleaks
flow.json

13-13: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

LanguageTool
README.md

[style] ~68-~68: The word ‘wanna’ is informal.
Context: ...Using external dependencies If you wanna use external contract dependencies (lik...

(WANNA)


[typographical] ~68-~68: Two consecutive dots
Context: ...FungibleToken, FlowToken, FungibleToken,..) you can install them using Cadence dep...

(DOUBLE_PUNCTUATION)

Markdownlint
README.md

68-68: null
Bare URL used

(MD034, no-bare-urls)


66-66: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

Additional comments not posted (13)
cadence/scripts/helloWorld.cdc (1)

1-1: Verify the intent and security implications of the access level change.

The change from pub to access(all) significantly broadens the accessibility of the main function. While this enhances its usability across various contexts, it also raises concerns about potential misuse or security risks, especially if the function is part of a larger, more complex system.

Please confirm that this change aligns with the intended use cases and security guidelines of the project. Consider restricting access if the function handles sensitive operations or data.

cadence/scripts/sayHello.cdc (1)

3-3: Review the change in access control for the main function.

The change from pub to access(all) significantly broadens the accessibility of the main function. This alteration allows any entity in the Cadence environment to call this function, which could have implications for security and modularity. It's crucial to ensure that this broader access does not inadvertently expose sensitive functionality or data.

Verification successful

The change to access(all) for the main function is consistent with the codebase pattern.

The main function in cadence/scripts/sayHello.cdc and cadence/scripts/helloWorld.cdc both use access(all), suggesting a standardization effort. No other files reference these functions, indicating that the change does not introduce unintended consequences. The broader project changes do not impact this specific modification.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if the broader changes in the project are consistent with the changes in this file.

# Test: Search for mentions of `main` function in other Cadence files to see if its usage aligns with the new access level.
fd --type f --extension cdc | xargs rg 'main'

Length of output: 168

cadence/transactions/makeFriends.cdc (3)

7-8: Approve the updated prepare function signature.

The new function signature enforces stricter access control, which aligns with the security enhancements described in the PR. Consider adding a comment in the code explaining why these specific capabilities (Storage | SaveValue) are required for the signer.


15-15: Approve the updated method of saving the friendship resource.

The change to use self.acc.storage.save<@Person.Friendship> clarifies the operation and aligns with the updated account type. This explicit interaction with the account's storage capabilities is a good practice.


5-5: Verify the impact of changing acc variable type.

The change from AuthAccount to &Account enhances flexibility but may affect how the account is accessed in other transactions or scripts. It's crucial to verify that this change does not break existing functionality.

Run the following script to verify the usage of acc in other transactions and scripts:

Verification successful

Change to acc variable type is localized.

The modification of acc from AuthAccount to &Account is confined to the makeFriends.cdc file. The prepare function correctly assigns signer to self.acc, and no other parts of the codebase are affected by this change. This ensures that existing functionality remains intact.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of `acc` in other transactions and scripts.

# Test: Search for the usage of `acc`. Expect: Only occurrences of the new type.
rg --type cadence -A 5 $'let acc: &Account'

Length of output: 76


Script:

#!/bin/bash
# Description: Verify the usage of `acc` in other transactions and scripts.

# Test: Search for the usage of `acc` with the new type across all files.
rg -A 5 $'let acc: &Account'

Length of output: 368

flow.json (2)

2-4: Approved changes in the contracts section.

The simplification to include only the Person contract aligns with the PR objectives and helps focus the project's scope.


20-26: Approved changes in the deployments section.

The new deployment configuration for the Person contract under the emulator environment simplifies and focuses the deployment process, aligning with the PR objectives.

cadence/contracts/Person.cdc (6)

6-6: Approved: Contract visibility increased.

The change from pub to access(all) for the contract Person increases its visibility, allowing broader access across different modules and packages. This aligns with the PR's goal to enhance accessibility.


8-8: Approved: Increased visibility of variable name.

Changing the access level of the variable name from pub to access(all) allows it to be accessed more freely. While this enhances flexibility, it's important to ensure that this does not lead to unintended side effects or security issues.


17-17: Approved: Function sayHello visibility increased.

The access level change for the function sayHello from pub to access(all) is consistent with the PR's objective to enhance visibility and accessibility of contract components.


22-22: Approved: Function makeFriends visibility increased.

The access level change for the function makeFriends from pub to access(all) allows it to be accessed more broadly, aligning with the PR's objectives to enhance contract accessibility.


29-29: Approved: Resource Friendship visibility increased.

The access level change for the resource Friendship from pub to access(all) increases its visibility. It's important to monitor how this change affects the management and interaction with this resource.


31-31: Approved: Function yaay within Friendship visibility increased.

The access level change for the function yaay from pub to access(all) is consistent with the broader accessibility changes made to the Friendship resource. This enhances the function's usability across different modules.

Comment thread flow.json
Comment on lines +10 to +18
"accounts": {
"default": {
"address": "f669cb8d41ce0c74",
"key": "6d12eebfef9866c9b6fa92b97c6e705c26a1785b1e7944da701fc545a51d4673"
},
"emulator-account": {
"address": "f8d6e0586b0a20c7",
"key": "6d12eebfef9866c9b6fa92b97c6e705c26a1785b1e7944da701fc545a51d4673"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Issue: Exposed API Keys.

The API keys for both the default and emulator-account are exposed in the configuration file, which poses a significant security risk.

Consider using environment variables or a secure vault solution to manage these keys instead of hardcoding them in the configuration file.

Approved addition of the default account.

The new default account aligns with the PR objectives to streamline account management.

Tools
Gitleaks

13-13: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)


17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Comment thread README.md Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c1d79d2 and 3ab60fd.

Files selected for processing (2)
  • .gitignore (1 hunks)
  • README.md (1 hunks)
Files skipped from review due to trivial changes (1)
  • .gitignore
Additional context used
LanguageTool
README.md

[style] ~68-~68: The word ‘wanna’ is informal.
Context: ...Using external dependencies If you wanna use external contract dependencies (lik...

(WANNA)


[typographical] ~68-~68: Two consecutive dots
Context: ...FungibleToken, FlowToken, FungibleToken,..) you can install them using Cadence dep...

(DOUBLE_PUNCTUATION)

Markdownlint
README.md

68-68: null
Bare URL used

(MD034, no-bare-urls)


66-66: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

Additional comments not posted (1)
README.md (1)

66-70: Apply suggested improvements to the section on using external dependencies.

The previous comments on this section are still valid and applicable. Please consider applying the following changes to enhance clarity, formality, and typographical consistency:

-If you wanna use external contract dependencies (like NonFungibleToken, FlowToken, FungibleToken,..) you can install them using Cadence dependency manager: https://developers.flow.com/tools/flow-cli/dependency-manager
+If you want to use external contract dependencies (like NonFungibleToken, FlowToken, FungibleToken.) you can install them using the [Cadence dependency manager](https://developers.flow.com/tools/flow-cli/dependency-manager).
Tools
LanguageTool

[style] ~68-~68: The word ‘wanna’ is informal.
Context: ...Using external dependencies If you wanna use external contract dependencies (lik...

(WANNA)


[typographical] ~68-~68: Two consecutive dots
Context: ...FungibleToken, FlowToken, FungibleToken,..) you can install them using Cadence dep...

(DOUBLE_PUNCTUATION)

Markdownlint

68-68: null
Bare URL used

(MD034, no-bare-urls)


66-66: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 3ab60fd and b88bb7f.

Files selected for processing (1)
  • README.md (1 hunks)
Additional context used
Markdownlint
README.md

66-66: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

Additional comments not posted (1)
README.md (1)

66-70: Approved: Updated section on external dependencies.

The updates to this section have improved its clarity and professionalism. The use of markdown links and the formal language aligns well with best practices.

Tools
Markdownlint

66-66: null
Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

Comment thread README.md Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b88bb7f and effc6e1.

Files selected for processing (1)
  • README.md (2 hunks)
Additional context used
Markdownlint
README.md

42-42: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)

Additional comments not posted (5)
README.md (5)

Line range hint 1-35: Introduction and Getting Started sections are well-crafted.

These sections effectively guide new users with essential resources and a welcoming tone.

Tools
LanguageTool

[uncategorized] ~48-~48: Did you mean: “By default,”?
Context: ... #### Deploying to specific accounts By default all contracts are deployed to a default...

(BY_DEFAULT_COMMA)


[uncategorized] ~49-~49: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ...ing a folder inside the contracts folder and we will create the account for you whic...

(COMMA_COMPOUND_SENTENCE)

Markdownlint

42-42: null
Fenced code blocks should have a language specified

(MD040, fenced-code-language)


37-37: Project Structure section is clear and informative.

This section effectively outlines the organization and purpose of the project directories.


39-39: Start Developing section provides clear instructions.

The commands and their purposes are well explained, aiding developers in setting up their environment.


47-47: Importing Contracts section is straightforward and practical.

The section provides clear instructions and a useful example on how to handle contract imports.


66-70: Using External Dependencies section is well-structured and improved.

The improvements suggested in previous reviews have been implemented effectively. The section now provides clear guidance on managing external dependencies with useful tools and links.

@devbugging devbugging merged commit 8065287 into devbugging:main Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants