Zkevm integration

[mohammadranjbarz]

related to related to #1617 #1615 #1618 #1619 #1614 #1620

Summary by CodeRabbit

• New Features

  • Introduced new scan API keys for various networks to enhance service integrations.
  • Added support for BASE, BASE_SEPOLIA, ZKEVM_MAINNET, and ZKEVM_CARDONA networks.
  • Introduced a read-only replica for the local PostgreSQL database.
  • Added new database migrations to handle donation records and base chain tokens.
  • Enhanced network handling and error logging for BASE and ZKEVM networks.

• Bug Fixes

  • Adjusted donation and project filtering to support new networks in test cases.

• Refactor

  • Updated SQL query structures and field selection logic in several resolver classes.

• Documentation

  • Included new environment variables and configurations in example and test environment files.

• Tests

  • Expanded test cases to cover new networks and features.

• Chores

  • Updated package.json test scripts to include additional test files.

[coderabbitai]

Warning

Rate limit exceeded

@mohammadranjbarz has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 29 minutes and 11 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 7684421 and eb9fe87.

Walkthrough

The updates span across various parts of the project, focusing on integrating new scan API keys, database migrations for network tokens and donated funds, environment configuration adjustments, and workflow enhancements. Significant additions include a new read-only PostgreSQL setup, configuration for new blockchain networks, enhanced project statistics, and new tests for donation services and resolving projects.

Changes

Files/Path	Change Summary
.github/workflows/...	Added multiple new scan API keys and updated workflow configurations.
config/...	Introduced new API URLs and keys for various services.
docker-compose-local-postgres-db-readonly.yml	Configurations for a primary Postgres container and a read-only replica.
migration/...	Added new migrations for database schema updates and token additions.
package.json	Updated test scripts to include new test files.
src/entities/project.ts	Modified project entity to include new fields and remove old functions.
src/orm.ts	Added defaultMode for replication configuration.
src/provider.ts	Added new network IDs and updated provider functions for them.
src/repositories/...	Added new query functions and updated existing repository methods.
src/resolvers/...	Extended resolver functionalities to handle new networks and data fields.
src/server/adminJs/tabs/...	Expanded network values and labels in admin panels.
test/...	Added new test cases and pre-test scripts for seeding token data.
src/services/...	Updated service methods to include project statistics updates.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Workflow
    participant GitHubSecrets
    participant Database
    participant ProjectService
    participant DonationService
    User->>Workflow: Trigger CI/CD Pipeline
    Workflow->>GitHubSecrets: Retrieve Scan API Keys
    Workflow->>Database: Apply Migrations
    Workflow->>ProjectService: Update Project Information
    Workflow->>DonationService: Sync Donations
    Workflow->>User: Notify Success

Loading

Poem

In the code's vast meadow, secrets now reside,
New keys and tokens, flowing like the tide.
Databases mirrored, stats that gleam,
Donations sync in a blockchain dream.
🐰✨ The code, refined, a digital guide,
As rabbits rejoice in this technical stride. 🌟📜🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 20

Outside diff range and nitpick comments (10)

src/orm.ts (2)

Line range hint 8-69: Consider refactoring static-only classes to utility functions.

The class AppDataSource contains only static members, which could be refactored into a set of utility functions for better maintainability and to adhere to best practices.

---

Line range hint 71-98: Address static context confusion.

The use of this in the static context of CronDataSource can be confusing. Consider using the class name directly to access static members.

- if (!this.datasource) {
+ if (!CronDataSource.datasource) {

src/utils/validators/graphqlQueryValidators.ts (1)

Line range hint 15-18: Use regular expression literals for better performance and readability.

Consider using regular expression literals instead of the RegExp constructor to improve performance and readability. This change avoids the need for double escaping and makes the expressions easier to understand and maintain.

- const filterDateRegex = new RegExp('^[0-9]{8} [0-9]{2}:[0-9]{2}:[0-9]{2}$');
+ const filterDateRegex = /^[0-9]{8} [0-9]{2}:[0-9]{2}:[0-9]{2}$/;
- const resourcePerDateRegex = new RegExp('((?:19|20)\\d\\d)-(0?[1-9]|1[012])-([12][0-9]|3[01]|0?[1-9])');
+ const resourcePerDateRegex = /((?:19|20)\d\d)-(0?[1-9]|1[012])-([12][0-9]|3[01]|0?[1-9])/;

src/server/adminJs/tabs/qfRoundTab.ts (2)

Line range hint 293-293: Consider avoiding the use of the delete operator to improve performance.

- delete request.payload[`sponsorsImgs.${i}`];
+ request.payload[`sponsorsImgs.${i}`] = undefined;

This change avoids potential performance issues associated with the delete operator in JavaScript.

---

Line range hint 297-298: Utilize optional chaining to simplify the code and enhance readability.

- if (request.payload.bannerBgImage && request.payload.bannerBgImage.path)
+ if (request.payload.bannerBgImage?.path)

This change leverages optional chaining to make the code more concise and robust against null and undefined values.

src/services/recurringDonationService.ts (1)

Line range hint 149-162: The else clause is unnecessary and can be omitted to simplify the logic.

- else if (tokenInDb) {
+ if (tokenInDb) {

Removing the unnecessary else clause simplifies the control flow, making the code cleaner and easier to understand.

Tools

Biome

[error] 221-222: Change to an optional chain. (lint/complexity/useOptionalChain)

Unsafe fix: Change to an optional chain.

src/entities/project.ts (2)

Line range hint 431-431: Misuse of this in a static context.

Using this in a static context can lead to confusion and potential bugs. It's recommended to replace this with the class name to clearly indicate the static nature of the method.

- this.createQueryBuilder('project')
+ Project.createQueryBuilder('project')

---

Line range hint 532-538: Redundant else clause after a return statement.

The else clause following the return statement in mayUpdateStatus method is unnecessary and can be omitted to improve code readability.

-    } else {
-      throw new Error(
-        i18n.__(
-          translationErrorMessagesKeys.YOU_DONT_HAVE_ACCESS_TO_DEACTIVATE_THIS_PROJECT,
-        ),
-      );
-    }
+    throw new Error(
+      i18n.__(
+        translationErrorMessagesKeys.YOU_DONT_HAVE_ACCESS_TO_DEACTIVATE_THIS_PROJECT,
+      ),
+    );

src/services/chains/index.test.ts (1)

Line range hint 93-93: The literal value for the transaction amount will lose precision at runtime due to JavaScript's handling of floating-point numbers. Consider using a string or a library like big.js for precise decimal operations.

- const amount = 4492.059297640078891631;
+ const amount = "4492.059297640078891631"; // Use string to maintain precision

Tools

Biome

[error] 621-621: This number literal will lose precision at runtime. (lint/correctness/noPrecisionLoss)

The value at runtime will be 0.4535499088024773

test/testUtils.ts (1)

Line range hint 216-216: Consider using optional chaining for improved safety.

- const user = await User.findOne({ where: { id } });
+ const user = await User.findOne({ where: { id } })?.firstName;

This change ensures that the code does not throw an error if User.findOne returns null, enhancing the robustness of your token generation logic.

[coderabbitai]

Optimize the query construction by directly using field selections.

Consider refactoring the conditional blocks that add joins and selects based on the fields requested. This can be optimized by mapping fields to their respective query modifications in a dictionary or using a more structured approach to build the query based on requested fields.

Tools

Biome

[error] 835-835: Decorators are not valid here. (parse)

Decorators are only valid on class declarations, class expressions, and class methods.
You can enable parameter decorators by setting the unsafeParameterDecoratorsEnabled option to true in your configuration file.

[coderabbitai]

Refactor the search query to use proper SQL syntax for similarity.

- qb.where('project.title %> :searchTerm ', {
-   searchTerm,
- })
-   .orWhere('project.description %> :searchTerm ', {
-     searchTerm,
-   })
-   .orWhere('project.impactLocation %> :searchTerm', {
-     searchTerm,
-   });
+ qb.where('project.title ILIKE :searchTerm', {
+   searchTerm: `%${searchTerm}%`,
+ })
+   .orWhere('project.description ILIKE :searchTerm', {
+     searchTerm: `%${searchTerm}%`,
+   })
+   .orWhere('project.impactLocation ILIKE :searchTerm', {
+     searchTerm: `%${searchTerm}%`,
+ });

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	qb.where('project.title %> :searchTerm ', {
	searchTerm,
	})
	.orWhere('project.description % :searchTerm ', {
	.orWhere('project.description %> :searchTerm ', {
	searchTerm,
	})
	.orWhere('project.impactLocation % :searchTerm', {
	.orWhere('project.impactLocation %> :searchTerm', {
	qb.where('project.title ILIKE :searchTerm', {
	searchTerm: `%${searchTerm}%`,
	})
	.orWhere('project.description ILIKE :searchTerm', {
	searchTerm: `%${searchTerm}%`,
	})
	.orWhere('project.impactLocation ILIKE :searchTerm', {
	searchTerm: `%${searchTerm}%`,
	});

[coderabbitai]

The repeated TODO comments about uncertainty regarding GIV token support should be resolved.

Please verify and update the token support status for GIV in the respective network configurations. It's crucial to maintain accurate and clear documentation and code comments to avoid confusion and ensure the codebase is up-to-date with the actual functionalities.

[coderabbitai]

Ensure that API keys are securely managed and not hardcoded in environment files for production.

Consider using environment variables for API keys to enhance security. This is critical especially for production environments where sensitive data exposure can lead to significant vulnerabilities.

[coderabbitai]

Similar to the previous comment, the amount here will lose precision at runtime. It's advisable to handle such values as strings to maintain accuracy.

- const amount = 0.453549908802477308;
+ const amount = "0.453549908802477308"; // Use string to maintain precision

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const amount = 0.453549908802477308;
	const amount = "0.453549908802477308"; // Use string to maintain precision

Tools

Biome

[error] 621-621: This number literal will lose precision at runtime. (lint/correctness/noPrecisionLoss)

The value at runtime will be 0.4535499088024773

[coderabbitai]

Ensure exception handling is consistent and informative.

The error logging in getQfRoundHistoryMatchingValueUsd could be more informative by including the projectId in the error message. This would help in debugging issues related to specific projects.

- logger.error('Error in getQfRoundHistoryMatchingValueUsd', e);
+ logger.error(`Error in getQfRoundHistoryMatchingValueUsd for project ID ${projectId}:`, e);

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const getQfRoundHistoryMatchingValueUsd = async (
	projectId: number,
	): Promise<number> => {
	try {
	logger.debug('Executing query to fetch matching fund values');
	const result = await QfRoundHistory.createQueryBuilder('q')
	.select('COALESCE(SUM(q."matchingFundPriceUsd"),0)', 'total')
	.where('q.projectId = :projectId', { projectId })
	.getRawOne();
	return result.total;
	} catch (e) {
	logger.error('Error in getQfRoundHistoryMatchingValueUsd', e);
	throw e;
	}
	};
	export const getQfRoundHistoryMatchingValueUsd = async (
	projectId: number,
	): Promise<number> => {
	try {
	logger.debug('Executing query to fetch matching fund values');
	const result = await QfRoundHistory.createQueryBuilder('q')
	.select('COALESCE(SUM(q."matchingFundPriceUsd"),0)', 'total')
	.where('q.projectId = :projectId', { projectId })
	.getRawOne();
	return result.total;
	} catch (e) {
	logger.error(`Error in getQfRoundHistoryMatchingValueUsd for project ID ${projectId}:`, e);
	throw e;
	}
	};

[coderabbitai]

Refactor the function for clarity and potential performance improvements.

The function findAllQfRounds could be refactored for better clarity and potential performance improvements. Consider using a single query with conditional logic inside the SQL instead of separate if conditions in code, which can help in reducing the overhead of multiple conditional checks and make the function more concise.

-  if (slug) {
-    query.where('slug = :slug', { slug });
-  }
-  if (activeOnly) {
-    query.andWhere('"isActive" = true');
-  }
-  if (slug || activeOnly) {
-    const res = await query.getOne();
-    return res ? [res] : [];
-  }
+  query.where('1=1');
+  if (slug) query.andWhere('slug = :slug', { slug });
+  if (activeOnly) query.andWhere('"isActive" = true');
+  return await query.getMany();

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const findAllQfRounds = async ({
	slug,
	activeOnly,
	}: QfRoundsArgs): Promise<QfRound[]> => {
	const query = QfRound.createQueryBuilder('qf_round').addOrderBy(
	'qf_round.id',
	'DESC',
	);
	if (slug) {
	query.where('slug = :slug', { slug });
	}
	if (activeOnly) {
	query.andWhere('"isActive" = true');
	}
	if (slug || activeOnly) {
	const res = await query.getOne();
	return res ? [res] : [];
	}
	return query.getMany();
	export const findAllQfRounds = async ({
	slug,
	activeOnly,
	}: QfRoundsArgs): Promise<QfRound[]> => {
	const query = QfRound.createQueryBuilder('qf_round').addOrderBy(
	'qf_round.id',
	'DESC',
	);
	query.where('1=1');
	if (slug) query.andWhere('slug = :slug', { slug });
	if (activeOnly) query.andWhere('"isActive" = true');
	return await query.getMany();

[coderabbitai]

Ensure API keys and URLs are managed securely.

The addition of BASE and BASE_SEPOLIA API keys and URLs is noted. It's crucial to ensure these keys are managed securely and not exposed in environments where they could be compromised. Consider using environment variables or secret management tools to handle these sensitive values.

[coderabbitai]

TODO comment about adding a transaction link is still present.

Consider addressing this TODO or removing it if it's no longer relevant.

[coderabbitai]

Consider refining the error handling in syncDonationStatusWithBlockchainNetwork to provide more specific feedback and actions based on different types of blockchain-related errors.

---

Add error handling or transaction management in insertDonationsFromQfRoundHistory to ensure data consistency and reliability, especially given the complexity of the SQL operations involved.

[Meriem-BM]

I just have 2 comments, overall the code LGTM!

[coderabbitai]

Actionable comments posted: 3

Outside diff range and nitpick comments (3)

src/entities/project.ts (2)

Line range hint 431-431: Refactor the use of this in static context to use the class name directly.

- this.createQueryBuilder('project')
+ Project.createQueryBuilder('project')

---

Line range hint 532-538: Remove unnecessary else clause to simplify control flow.

- else {
-   throw new Error(
-     i18n.__(
-       translationErrorMessagesKeys.YOU_DONT_HAVE_ACCESS_TO_DEACTIVATE_THIS_PROJECT,
-     ),
-   );
- }

src/resolvers/projectResolver.ts (1)

Line range hint 653-653: Incorrect usage of decorators in a non-class context.

The static analysis tool has flagged multiple lines where decorators are used incorrectly. Decorators in TypeScript are only valid on class declarations, class expressions, and class methods. You may need to enable parameter decorators by setting the unsafeParameterDecoratorsEnabled option to true in your configuration file, or review the placement of these decorators.

Also applies to: 655-655, 689-689, 705-705, 719-719, 795-795, 797-797, 831-831, 832-832, 834-834, 835-835, 910-910, 911-911, 913-913, 914-914, 1047-1047, 1048-1048, 1049-1049, 1208-1208, 1209-1209

[coderabbitai]

Remove the focus from the test to ensure all tests are executed.

The it.only method is used, which restricts the test runner to this test case only. This is typically used during development for debugging but should be removed in production code to ensure all tests are executed.

- it.only('should return projects, filter by accept donation on zkevm', async () => {
+ it('should return projects, filter by accept donation on zkevm', async () => {

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	it.only('should return projects, filter by accept donation on zkevm', async () => {
	it('should return projects, filter by accept donation on zkevm', async () => {

Tools

Biome

[error] 1069-1069: Don't focus the test. (lint/suspicious/noFocusedTests)

The 'only' method is often used for debugging or during implementation. It should be removed before deploying to production.
Consider removing 'only' to ensure all tests are executed.
Unsafe fix: Remove focus from test.

[coderabbitai]

Tip

Codebase Verification

Ensure the security of API keys and URLs, especially for new ZKEVM network settings.

• The API key 0000000000000000000000000000000000 and addresses are found in multiple files, including test and migration scripts. These should be reviewed to avoid exposure in production environments.
  • test/testUtils.ts
  • src/provider.ts
  • src/workers/draftDonationMatchWorker.test.ts
  • src/types/etherscan.ts
  • src/services/Idriss/contractDonations.ts
  • src/services/chains/evm/draftDonationService.test.ts
  • src/services/onramper/webhookHandler.test.ts
  • src/services/onramper/donationService.ts
  • src/adapters/superFluid/superFluidMockAdapter.ts
  • src/adapters/superFluid/superFluidAdapter.ts
  • migration/1679383446020-addOptimisticNativeToken.ts
  • migration/1709204568033-addCoingeckoId.ts
  • migration/1716549958362-add_donations_mannually_to_db.ts
  • migration/data/seedTokens.ts
  • README.md

Please ensure these keys and addresses are securely managed and not exposed in the public repository.

Analysis chain

Ensure the security of API keys and URLs, especially for new ZKEVM network settings.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify that the API keys and URLs are not exposed in public repositories.

# Test: Search for the API keys in the entire repository. Expect: No occurrences outside of secure contexts.
rg --type all '0000000000000000000000000000000000'

Length of output: 7868