Skip to content

Merge v0.50#8597

Merged
turbolent merged 39 commits into
masterfrom
bastian/merge-v0.50
Jul 2, 2026
Merged

Merge v0.50#8597
turbolent merged 39 commits into
masterfrom
bastian/merge-v0.50

Conversation

@turbolent

@turbolent turbolent commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • New Features

    • Improved support for release-candidate version branches in CI.
    • New account creation flows now preserve the active execution context.
  • Bug Fixes

    • Corrected account setup behavior to better match runtime execution.
    • Updated version compatibility handling for additional network beacon events.
  • Tests

    • Added regression coverage for creating and funding a new account in one transaction.
  • Chores

    • Updated CI setup conditions and refreshed dependency versions.

turbolent and others added 30 commits June 24, 2026 16:39
… discrepancy

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
[v0.50-rc] Add CI support for -rc branches
…-rc.6

[v0.50-rc] Update to internal Cadence v1.10.4-rc.6
…n-shared-storage

[v0.50-rc] FVM: fix lost minimum storage reservation during account creation
@turbolent turbolent requested a review from a team as a code owner July 2, 2026 16:56
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
gomod/github.com/onflow/atree 0.16.1 🟢 8.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 8SAST tool detected but not run on all commits
gomod/github.com/onflow/cadence 1.10.4 🟢 7.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 10SAST tool is run on all commits
gomod/github.com/onflow/atree 0.16.1 🟢 8.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 8SAST tool detected but not run on all commits
gomod/github.com/onflow/cadence 1.10.4 🟢 7.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 10SAST tool is run on all commits
gomod/github.com/onflow/atree 0.16.1 🟢 8.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 8SAST tool detected but not run on all commits
gomod/github.com/onflow/cadence 1.10.4 🟢 7.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • go.mod
  • insecure/go.mod
  • integration/go.mod

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 062b09cd-0a73-4842-899d-716104259d14

📥 Commits

Reviewing files that changed from the base of the PR and between 4c61355 and 57e85ec.

⛔ Files ignored due to path filters (3)
  • go.sum is excluded by !**/*.sum
  • insecure/go.sum is excluded by !**/*.sum
  • integration/go.sum is excluded by !**/*.sum
📒 Files selected for processing (11)
  • .github/workflows/ci.yml
  • cmd/util/ledger/migrations/cadence_value_diff.go
  • engine/common/version/version_control.go
  • fvm/environment/account_creator.go
  • fvm/environment/mock/account_creator.go
  • fvm/environment/mock/environment.go
  • fvm/environment/system_contracts.go
  • fvm/fvm_test.go
  • go.mod
  • insecure/go.mod
  • integration/go.mod

📝 Walkthrough

Walkthrough

This PR threads a Cadence interpreter.InvocationContext through account creation, replacing the removed SystemContracts.SetupNewAccount method with a direct FlowServiceAccount.setupNewAccount contract invocation on the same runtime context. Mocks are regenerated, a regression test is added, and unrelated CI, version-override, storage-diff, and dependency updates are included.

Changes

Account creation invocation context refactor

Layer / File(s) Summary
AccountCreator signature changes
fvm/environment/account_creator.go
CreateAccount on AccountCreator, ParseRestrictedAccountCreator, NoAccountCreator, and accountCreator now accept an interpreter.InvocationContext parameter, threaded through internal createAccount.
setupNewAccount invocation and system contract cleanup
fvm/environment/account_creator.go, fvm/environment/system_contracts.go
Service-account setup now invokes FlowServiceAccount.setupNewAccount via runtime.InvokeContractFunctionOnContext on the invocation context instead of the removed SystemContracts.SetupNewAccount; contract argument specs switch to sema.TheAddressType and a variable-sized address array.
Mock regeneration
fvm/environment/mock/account_creator.go, fvm/environment/mock/environment.go
Generated mocks for AccountCreator and Environment are updated to include the new invocationContext/context parameter in Called, Run, and RunAndReturn.
Regression test
fvm/fvm_test.go
Adds TestTokenInspectorCreateAndFundNewAccount, verifying payer debit accounting for account creation plus funding under both borrow orderings using TokenChangesInspector.

Estimated code review effort: 4 (Complex) | ~60 minutes

CI workflow updates, version override, storage diff, and dependency bumps

Layer / File(s) Summary
CI trigger and private-setup normalization
.github/workflows/ci.yml
Adds v*-rc branch filters to push/pull_request triggers and standardizes/adds the private build setup step condition across jobs (golangci, tidy, unit-test, unit-test-insecure, docker-build, integration-test-others, integration-test).
Version override and storage diff fix
engine/common/version/version_control.go, cmd/util/ledger/migrations/cadence_value_diff.go
Adds 0.50.0 to defaultCompatibilityOverrides; passes interpreter instances instead of nil into DomainStorageMap.ReadValue during diffing.
Dependency bumps
go.mod, insecure/go.mod, integration/go.mod
Bumps github.com/onflow/atree to v0.16.1 and github.com/onflow/cadence to v1.10.4 across module files.

Estimated code review effort: 2 (Simple) | ~15 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Transaction
  participant accountCreator
  participant InvocationContext
  participant FlowServiceAccount

  Transaction->>accountCreator: CreateAccount(payer, invocationContext)
  accountCreator->>accountCreator: createAccount(payer, invocationContext)
  accountCreator->>FlowServiceAccount: InvokeContractFunctionOnContext(setupNewAccount, invocationContext)
  FlowServiceAccount-->>accountCreator: setup result / error
  accountCreator-->>Transaction: new account address, error
Loading

Possibly related PRs

  • onflow/flow-go#8364: Both PRs extend defaultCompatibilityOverrides in engine/common/version/version_control.go with a new version entry.
  • onflow/flow-go#8374: Both PRs bump github.com/onflow/cadence and github.com/onflow/atree across go.mod, insecure/go.mod, and integration/go.mod.
  • onflow/flow-go#8424: The new TestTokenInspectorCreateAndFundNewAccount test exercises inspection.TokenChangesInspector, which this related PR introduces.

Suggested reviewers: zhangchiqing, janezpodhostnik, fxamacker

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title is generic and does not describe the specific code changes in this pull request. Use a concise title that names the main change, such as the account creation context update or v0.50 merge details.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch bastian/merge-v0.50

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov-commenter

codecov-commenter commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 3.44828% with 56 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
fvm/environment/account_creator.go 0.00% 21 Missing ⚠️
fvm/environment/mock/account_creator.go 0.00% 16 Missing ⚠️
fvm/environment/mock/environment.go 0.00% 16 Missing ⚠️
fvm/environment/system_contracts.go 0.00% 3 Missing ⚠️

📢 Thoughts on this report? Let us know!

@turbolent turbolent enabled auto-merge July 2, 2026 17:11
@turbolent turbolent added this pull request to the merge queue Jul 2, 2026
Merged via the queue into master with commit e8fa4b4 Jul 2, 2026
115 of 117 checks passed
@turbolent turbolent deleted the bastian/merge-v0.50 branch July 2, 2026 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants