diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 00000000000..e7e82ee41ee --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,17 @@ +name: Security Audit +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + +jobs: + audit: + runs-on: ubuntu-latest + permissions: + issues: write + checks: write + steps: + - uses: actions/checkout@v3 + - uses: rustsec/audit-check@v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/Cargo.toml b/Cargo.toml index a12f6ff9ff3..ddc82cd5d45 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,10 +10,10 @@ members = [ "lightning-background-processor", "lightning-rapid-gossip-sync", "lightning-custom-message", + "lightning-transaction-sync", ] exclude = [ - "lightning-transaction-sync", "no-std-check", "msrv-no-dev-deps-check", "bench", diff --git a/README.md b/README.md index a4ab59b5383..f8de40f3193 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,9 @@ Rust-Lightning [![Crate](https://img.shields.io/crates/v/lightning.svg?logo=rust)](https://crates.io/crates/lightning) [![Documentation](https://img.shields.io/static/v1?logo=read-the-docs&label=docs.rs&message=lightning&color=informational)](https://docs.rs/lightning/) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) +[![Security Audit](https://github.com/lightningdevkit/rust-lightning/actions/workflows/audit.yml/badge.svg)](https://github.com/lightningdevkit/rust-lightning/actions/workflows/audit.yml) -[LDK](https://lightningdevkit.org)/`rust-lightning` is a highly performant and flexible +[LDK](https://lightningdevkit.org)/`rust-lightning` is a highly performant and flexible implementation of the Lightning Network protocol. The primary crate, `lightning`, is runtime-agnostic. Data persistence, chain interactions, diff --git a/ci/ci-tests.sh b/ci/ci-tests.sh index 3eccc48798d..baec6910130 100755 --- a/ci/ci-tests.sh +++ b/ci/ci-tests.sh @@ -63,8 +63,14 @@ PIN_RELEASE_DEPS # pin the release dependencies in our main workspace # The addr2line v0.21 crate (a dependency of `backtrace` starting with 0.3.69) relies on rustc 1.65 [ "$RUSTC_MINOR_VERSION" -lt 65 ] && cargo update -p backtrace --precise "0.3.68" --verbose +# Starting with version 0.5.9 (there is no .6-.8), the `home` crate has an MSRV of rustc 1.70.0. +[ "$RUSTC_MINOR_VERSION" -lt 70 ] && cargo update -p home --precise "0.5.5" --verbose + export RUST_BACKTRACE=1 +# Build `lightning-transaction-sync` in no_download mode. +export RUSTFLAGS="$RUSTFLAGS --cfg no_download" + echo -e "\n\nBuilding and testing all workspace crates..." cargo test --verbose --color always cargo check --verbose --color always @@ -85,24 +91,16 @@ if [[ "$HOST_PLATFORM" != *windows* ]]; then echo -e "\n\nBuilding and testing Transaction Sync Clients with features" pushd lightning-transaction-sync - # reqwest 0.11.21 had a regression that broke its 1.63.0 MSRV - [ "$RUSTC_MINOR_VERSION" -lt 65 ] && cargo update -p reqwest --precise "0.11.20" --verbose - # Starting with version 1.10.0, the `regex` crate has an MSRV of rustc 1.65.0. - [ "$RUSTC_MINOR_VERSION" -lt 65 ] && cargo update -p regex --precise "1.9.6" --verbose - # Starting with version 0.5.9 (there is no .6-.8), the `home` crate has an MSRV of rustc 1.70.0. - [ "$RUSTC_MINOR_VERSION" -lt 70 ] && cargo update -p home --precise "0.5.5" --verbose - DOWNLOAD_ELECTRS_AND_BITCOIND - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo test --verbose --color always --features esplora-blocking - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo check --verbose --color always --features esplora-blocking - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo test --verbose --color always --features esplora-async - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo check --verbose --color always --features esplora-async - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo test --verbose --color always --features esplora-async-https - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo check --verbose --color always --features esplora-async-https - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo test --verbose --color always --features electrum - RUSTFLAGS="$RUSTFLAGS --cfg no_download" cargo check --verbose --color always --features electrum - + cargo test --verbose --color always --features esplora-blocking + cargo check --verbose --color always --features esplora-blocking + cargo test --verbose --color always --features esplora-async + cargo check --verbose --color always --features esplora-async + cargo test --verbose --color always --features esplora-async-https + cargo check --verbose --color always --features esplora-async-https + cargo test --verbose --color always --features electrum + cargo check --verbose --color always --features electrum popd fi diff --git a/lightning-transaction-sync/Cargo.toml b/lightning-transaction-sync/Cargo.toml index 26a82809e06..4118d3012ef 100644 --- a/lightning-transaction-sync/Cargo.toml +++ b/lightning-transaction-sync/Cargo.toml @@ -34,8 +34,8 @@ electrum-client = { version = "0.18.0", optional = true } lightning = { version = "0.0.121", path = "../lightning", default-features = false, features = ["std", "_test_utils"] } tokio = { version = "1.35.0", features = ["full"] } -[target.'cfg(not(no_download))'.dev-dependencies] +[target.'cfg(all(not(target_os = "windows"), not(no_download)))'.dev-dependencies] electrsd = { version = "0.26.0", default-features = false, features = ["legacy", "esplora_a33e97e1", "bitcoind_25_0"] } -[target.'cfg(no_download)'.dev-dependencies] +[target.'cfg(all(not(target_os = "windows"), no_download))'.dev-dependencies] electrsd = { version = "0.26.0", default-features = false, features = ["legacy"] } diff --git a/lightning-transaction-sync/tests/integration_tests.rs b/lightning-transaction-sync/tests/integration_tests.rs index 8aadf9a2ed1..48044b236bf 100644 --- a/lightning-transaction-sync/tests/integration_tests.rs +++ b/lightning-transaction-sync/tests/integration_tests.rs @@ -1,4 +1,4 @@ -#![cfg(any(feature = "esplora-blocking", feature = "esplora-async", feature = "electrum"))] +#![cfg(all(not(target_os = "windows"), any(feature = "esplora-blocking", feature = "esplora-async", feature = "electrum")))] #[cfg(any(feature = "esplora-blocking", feature = "esplora-async"))] use lightning_transaction_sync::EsploraSyncClient;