Merge remote-tracking branch 'origin/main' into compat2-big-refactor

.github/runs-on.yml

@@ -0,0 +1,5 @@
+images:
+  aptos-ubuntu-x64:
+    platform: "linux"
+    arch: "x64"
+    ami: "ami-0d8c19bef4893b1ea"

.github/workflows/forge-stable.yaml

@@ -24,15 +24,14 @@ on:
         required: false
         type: string
         description: The git SHA1 to checkout. This affects the Forge test runner that is used. If not specified, the latest main will be used
+  # NOTE: to support testing different branches on different schedules, you need to specify the cron schedule in the 'determine-test-branch' step as well below
+  # Reference: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
   schedule:
-    - cron: "0 6 * * *" # The main branch cadence. This runs every day at 6am UTC.
+    - cron: "0 22 * * 0,2,4" # The main branch cadence. This runs every Sun,Tues,Thurs
   pull_request:
     paths:
       - ".github/workflows/forge-stable.yaml"
       - "testsuite/find_latest_image.py"
-  push:
-    branches:
-      - aptos-release-v* # the aptos release branches
 
 env:
   AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }}
@@ -55,9 +54,10 @@ jobs:
 
       - name: Determine branch based on cadence
         id: determine-test-branch
+        # NOTE: the schedule cron MUST match the one in the 'on.schedule.cron' section above
         run: |
           if [[ "${{ github.event_name }}" == "schedule" ]]; then
-            if [[ "${{ github.event.schedule }}" == "0 6 * * *" ]]; then
+            if [[ "${{ github.event.schedule }}" == "0 22 * * 0,2,4" ]]; then
               echo "Branch: main"
               echo "BRANCH=main" >> $GITHUB_OUTPUT
             else
@@ -136,7 +136,7 @@ jobs:
 
   run-forge-realistic-env-max-load-long:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-framework-upgrade-test ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-framework-upgrade-test] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -148,7 +148,7 @@ jobs:
 
   run-forge-realistic-env-load-sweep:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-realistic-env-max-load-long ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-realistic-env-max-load-long] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -160,7 +160,7 @@ jobs:
 
   run-forge-realistic-env-workload-sweep:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-realistic-env-load-sweep ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-realistic-env-load-sweep] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -172,7 +172,7 @@ jobs:
 
   run-forge-realistic-env-graceful-overload:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-realistic-env-workload-sweep ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-realistic-env-workload-sweep] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -184,7 +184,7 @@ jobs:
 
   run-forge-realistic-network-tuned-for-throughput:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-realistic-env-graceful-overload ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-realistic-env-graceful-overload] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -199,7 +199,7 @@ jobs:
 
   run-forge-consensus-stress-test:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-realistic-network-tuned-for-throughput ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-realistic-network-tuned-for-throughput] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -211,7 +211,7 @@ jobs:
 
   run-forge-workload-mix-test:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-consensus-stress-test ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-consensus-stress-test] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -223,7 +223,7 @@ jobs:
 
   run-forge-single-vfn-perf:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-workload-mix-test ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-workload-mix-test] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -235,7 +235,7 @@ jobs:
 
   run-forge-fullnode-reboot-stress-test:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-single-vfn-perf ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-single-vfn-perf] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -249,7 +249,7 @@ jobs:
 
   run-forge-compat:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-fullnode-reboot-stress-test ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-fullnode-reboot-stress-test] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -265,7 +265,7 @@ jobs:
 
   run-forge-changing-working-quorum-test:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-compat ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-compat] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -278,7 +278,7 @@ jobs:
 
   run-forge-changing-working-quorum-test-high-load:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-changing-working-quorum-test ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-changing-working-quorum-test] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:
@@ -292,7 +292,7 @@ jobs:
   # Measures PFN latencies with a constant TPS (with a realistic environment)
   run-forge-pfn-const-tps-realistic-env:
     if: ${{ github.event_name != 'pull_request' && always() }}
-    needs: [ determine-test-metadata, run-forge-changing-working-quorum-test-high-load ] # Only run after the previous job completes
+    needs: [determine-test-metadata, run-forge-changing-working-quorum-test-high-load] # Only run after the previous job completes
     uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main
     secrets: inherit
     with:

.github/workflows/replay-verify.yaml

@@ -23,7 +23,7 @@ on:
       - ".github/workflows/replay-verify.yaml"
       - "testsuite/replay_verify.py"
   schedule:
-    - cron: "0 22 * * 0,2,4"
+    - cron: "0 22 * * 0,2,4" # The main branch cadence. This runs every Sun,Tues,Thurs
 
 # cancel redundant builds
 concurrency:
@@ -82,7 +82,7 @@ jobs:
       TIMEOUT_MINUTES: 480
 
   test-replay:
-    if: ${{ github.event_name == 'pull_request' }}
+    if: ${{ (github.event_name == 'pull_request') && contains(github.event.pull_request.labels.*.name, 'CICD:test-replay')}}
     needs: determine-test-metadata
     uses: ./.github/workflows/workflow-run-replay-verify.yaml
     secrets: inherit

Cargo.toml

@@ -198,6 +198,7 @@ members = [
     "third_party/move/move-binary-format",
     "third_party/move/move-binary-format/serializer-tests",
     "third_party/move/move-borrow-graph",
+    "third_party/move/move-bytecode-spec",
     "third_party/move/move-bytecode-verifier",
     "third_party/move/move-bytecode-verifier/bytecode-verifier-tests",
     "third_party/move/move-bytecode-verifier/fuzz",
@@ -803,6 +804,7 @@ z3tracer = "0.8.0"
 # MOVE DEPENDENCIES
 move-abigen = { path = "third_party/move/move-prover/move-abigen" }
 move-binary-format = { path = "third_party/move/move-binary-format" }
+move-bytecode-spec = { path = "third_party/move/move-bytecode-spec" }
 move-bytecode-verifier = { path = "third_party/move/move-bytecode-verifier" }
 move-bytecode-utils = { path = "third_party/move/tools/move-bytecode-utils" }
 move-cli = { path = "third_party/move/tools/move-cli" }

SECURITY.md

@@ -2,4 +2,4 @@
 
 The Aptos Foundation welcomes feedback from security researchers and the general public to help improve the security of the Aptos Network, and, at its sole discretion, offers bounty rewards for security reports that identify previously unknown, in-scope security vulnerabilities.
 
-To learn more visit the [Aptos Foundation Bounty Program](https://hackenproof.com/aptos-labs/aptos-network) page.
+To learn more visit the [Aptos Foundation Bounty Program](https://hackenproof.com/aptos) page.