diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6077d35 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +# Set update schedule for GitHub Actions +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..3a85f6d --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,34 @@ + + +### Description + + + +### Notes to the reviewers + + + +### Changelog notice + + + + +### Checklists + +#### All Submissions: + +* [ ] I've signed all my commits +* [ ] I followed the [contribution guidelines](https://github.com/bitcoindevkit/bdk/blob/master/CONTRIBUTING.md) +* [ ] I ran `just p` before pushing + +#### New Features: + +* [ ] I've added tests for the new feature +* [ ] I've added docs for the new feature + +#### Bugfixes: + +* [ ] This pull request breaks the existing API +* [ ] I've added tests to reproduce the issue which are now passing +* [ ] I'm linking the issue being fixed by this PR diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..35219bd --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,35 @@ +name: Audit + +# Performs a security audit of Rust dependencies using cargo-audit through the actions-rust-lang/audit action. +# Runs nightly on schedule and when Cargo.toml, Cargo.lock, or audit.toml files are modified. +# Helps identify known security vulnerabilities in the dependency tree. + +on: + push: + paths: + # Run if workflow changes + - ".github/workflows/audit.yml" + # Run on changed dependencies + - "**/Cargo.toml" + - "**/Cargo.lock" + # Run if the configuration file changes + - "**/audit.toml" + # Rerun periodically + schedule: + - cron: "0 0 * * *" # Nightly + # Run manually + workflow_dispatch: + +jobs: + audit: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions-rust-lang/audit@v1 + name: Audit Rust Dependencies diff --git a/.github/workflows/code_coverage.yml b/.github/workflows/code_coverage.yml new file mode 100644 index 0000000..124b7c8 --- /dev/null +++ b/.github/workflows/code_coverage.yml @@ -0,0 +1,51 @@ +name: Code Coverage + +# Generates code coverage reports using cargo-llvm-cov and uploads results to Codecov. +# Runs on every push and pull request to track test coverage metrics. +# Uploads coverage reports to Codecov for visualization and analysis. + +on: [push, pull_request] + +permissions: + contents: read + pull-requests: write + +jobs: + coverage: + name: Code Coverage + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: nightly + components: llvm-tools-preview + cache: true + - name: Install cargo-llvm-cov + run: cargo install cargo-llvm-cov + - name: Generate coverage data + run: cargo llvm-cov --all-features --branch --quiet --ignore-filename-regex "test_utils" --lcov --output-path lcov.info + env: + RUSTFLAGS: "--cfg coverage_nightly" + - name: Generate HTML coverage report + run: cargo llvm-cov --all-features --branch --quiet --ignore-filename-regex "test_utils" --html + env: + RUSTFLAGS: "--cfg coverage_nightly" + - name: Codecov upload + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de + with: + files: ./lcov.info + flags: rust + name: codecov-bdk-electrum-streaming-client + token: ${{ secrets.CODECOV_TOKEN }} + fail_ci_if_error: false + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: coverage-report + path: target/llvm-cov/html diff --git a/.github/workflows/cont_integration.yml b/.github/workflows/cont_integration.yml new file mode 100644 index 0000000..47f6a75 --- /dev/null +++ b/.github/workflows/cont_integration.yml @@ -0,0 +1,137 @@ +on: [push, pull_request] + +# Main continuous integration workflow that runs build, test, and code quality checks. +# Runs on every push and pull request, testing against both MSRV (1.85) and stable Rust. +# # Includes no_std and WASM compatibility checks, formatting validation, and clippy linting. + +name: CI + +permissions: {} + +env: + CARGO_TERM_COLOR: always + +jobs: + build-test-msrv: + name: Build & Test MSRV + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: + - ubuntu-latest + features: + - --no-default-features --features tokio + - --all-features + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + # The 'toolchain' argument on this action overrides the Rust compiler version set in rust-toolchain.toml + # in order to test our MSRV. + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: 1.85 # MSRV + cache: true + - name: Pin dependencies for MSRV + run: ./ci/pin-msrv.sh + - name: Build + Test + run: | + cargo build --workspace --all-targets ${{ matrix.features }} + cargo test --workspace ${{ matrix.features }} + + build-test-stable: + name: Build & Test Rust Stable + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: + - ubuntu-latest + features: + - --no-default-features --features tokio + - --all-features + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + - name: Build + Test + run: | + cargo build --workspace --all-targets ${{ matrix.features }} + cargo test --workspace ${{ matrix.features }} + + check-no-std: + name: Check no_std + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + - name: Check no-std + run: cargo check --workspace --all-targets --no-default-features --features tokio + + check-wasm: + name: Check WASM + runs-on: ubuntu-latest + env: + CC: clang-14 + CFLAGS: -I/usr/include + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - run: wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - || exit 1 + - run: sudo apt-get update || true + - run: sudo apt-get install -y libclang-common-14-dev clang-14 libc6-dev-i386 || exit 1 + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + target: wasm32-unknown-unknown + - name: Check-WASM + run: | + rustup target add wasm32-unknown-unknown + cargo check --workspace --no-default-features --target wasm32-unknown-unknown + + fmt: + name: Rust fmt + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + - name: Check fmt + run: cargo fmt --all -- --check + + clippy_check: + name: Rust Clippy + runs-on: ubuntu-latest + permissions: + checks: write + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + - name: Install Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + cache: true + - name: Check Clippy + run: cargo clippy --workspace --all-targets -- -D warnings diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..1829917 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,40 @@ +name: Zizmor Actions Analysis + +# Analyzes Github Actions workflows for security vulnerabilities using zizmor. +# Runs on pushes to master and all pull requests to detect potential security issues +# in workflow configurations. Results are uploaded as a GitHub's security dashboard. +# The .github/zizmor.yml configures the rules this action will check against. + +on: + push: + branches: ["master"] + pull_request: + branches: ["master"] + +jobs: + zizmor: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Rust Cache + uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 + + - name: Install zizmor + run: cargo install zizmor --locked --version 1.6.0 + + - name: Run zizmor 🌈 + run: zizmor --format sarif . > results.sarif + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v4 + with: + sarif_file: results.sarif + category: zizmor diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 0000000..d02781b --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,7 @@ +rules: + unpinned-uses: + config: + policies: + actions-rust-lang/setup-rust-toolchain: ref-pin + github/codeql-action/*: ref-pin + actions/*: ref-pin diff --git a/ci/pin-msrv.sh b/ci/pin-msrv.sh new file mode 100755 index 0000000..15797f1 --- /dev/null +++ b/ci/pin-msrv.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -x +set -euo pipefail + +# Pin dependencies for MSRV + +# To pin deps, switch toolchain to MSRV and execute the below updates + +# cargo clean +# rustup override set 1.85.0 + +# e.g cargo update -p home --precise "0.5.11" diff --git a/ci/start-core.sh b/ci/start-core.sh new file mode 100755 index 0000000..4c0bb69 --- /dev/null +++ b/ci/start-core.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env sh + +echo "Starting bitcoin node." +mkdir $GITHUB_WORKSPACE/.bitcoin +/root/bitcoind -regtest -server -daemon -datadir=$GITHUB_WORKSPACE/.bitcoin -fallbackfee=0.0002 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0 -blockfilterindex=1 -peerblockfilters=1 + +echo "Waiting for bitcoin node." +until /root/bitcoin-cli -regtest -datadir=$GITHUB_WORKSPACE/.bitcoin getblockchaininfo; do + sleep 1 +done +/root/bitcoin-cli -regtest -datadir=$GITHUB_WORKSPACE/.bitcoin createwallet $BDK_RPC_WALLET +echo "Generating 150 bitcoin blocks." +ADDR=$(/root/bitcoin-cli -regtest -datadir=$GITHUB_WORKSPACE/.bitcoin -rpcwallet=$BDK_RPC_WALLET getnewaddress) +/root/bitcoin-cli -regtest -datadir=$GITHUB_WORKSPACE/.bitcoin generatetoaddress 150 $ADDR diff --git a/justfile b/justfile new file mode 100644 index 0000000..e5cab06 --- /dev/null +++ b/justfile @@ -0,0 +1,32 @@ +alias b := build +alias c := check +alias f := fmt +alias t := test +alias p := pre-push + +_default: + @just --list + +# Build the project +build: + cargo build + +# Check code: formatting, compilation, linting, and commit signature +check: + cargo +nightly fmt --all -- --check + cargo check --all-features --all-targets + cargo clippy --all-features --all-targets -- -D warnings + @[ "$(git log --pretty='format:%G?' -1 HEAD)" = "N" ] && \ + echo "\n⚠️ Unsigned commit: BDK requires that commits be signed." || \ + true + +# Format all code +fmt: + cargo +nightly fmt + +# Run all tests on the workspace with all features +test: + cargo test --all-features + +# Run pre-push suite: format, check, and test +pre-push: fmt check test