feat(git-workflow): add audit, zizmor & dependabot

- add audit, zizmor workflows and dependabot
- set MSRV to 1.75.0

Author: tvpeter

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+enable-beta-ecosystems: true   
+
+updates:
+  
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily     
+      time: "03:00"       
+   
+  - package-ecosystem: cargo
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "04:00"
+ 

.github/workflows/audit.yml

@@ -0,0 +1,54 @@
+name: Security Audit
+
+on:
+  pull_request:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  merge_group:
+  push:
+    branches: [master]
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+  schedule:
+    # weekly
+    - cron: '0 0 * * 0'
+
+env:
+  CARGO_TERM_COLOR: always
+
+permissions:
+  contents: read               
+  security-events: write      
+  issues: write                
+
+jobs:
+  cargo-audit:
+    name: RustSec Audit (vulnerabilities)
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache cargo registry/index/target
+        uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1
+        with:
+          cache-on-failure: true
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+
+      - name: Run cargo audit (raw output — you will see this clearly)
+        run: cargo audit --deny warnings   
+        
+      - name: Run cargo audit again for GitHub Security tab upload
+        uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212ae3e3c0d700
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          deny: warnings
+          

.github/workflows/cont_integration.yml

@@ -2,6 +2,10 @@ on: [push, pull_request]
 
 name: CI
 
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
 jobs:
   fmt:
     name: Rust fmt
@@ -22,11 +26,10 @@ jobs:
 
   # Clippy lints
   clippy:
-    name: Clippy (${{ matrix.rust }}, ${{ matrix.features }})
+    name: Clippy (${{ matrix.features }})
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        rust: [stable, beta]
         features:
           - --no-default-features
           - --all-features
@@ -36,7 +39,7 @@ jobs:
       - name: Install Rust toolchain
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: ${{matrix.rust}}
+          toolchain: stable
           components: clippy
           cache: true
 
@@ -45,38 +48,21 @@ jobs:
 
   # Build and test 
   test:
-    name: Test (${{ matrix.os }}, ${{ matrix.rust }}, ${{ matrix.features }})
+    name: Test (stable, ${{ matrix.features }})
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-        rust: [stable, beta, nightly]
         features:
           - --no-default-features
           - --all-features
-        exclude:
-          - os: windows-latest
-            rust: beta
-          - os: windows-latest
-            features: --no-default-features
-          - os: macos-latest
-            rust: beta
-          - os: macos-latest
-            features: --no-default-features
-          - os: windows-latest
-            rust: nightly
-            features: --no-default-features
-          - os: macos-latest
-            rust: nightly
-            features: --no-default-features
-    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
 
       - name: Install Rust toolchain
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: ${{ matrix.rust }}
+          toolchain: stable
           cache: true
 
       - name: Build
@@ -87,7 +73,6 @@ jobs:
 
       - name: Run doc tests
         run: cargo test ${{ matrix.features }} --doc --verbose
-        continue-on-error: ${{ matrix.rust == 'nightly' }}
 
   # MSRV
   msrv:
@@ -99,7 +84,7 @@ jobs:
       - name: Install Rust toolchain
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: 1.85.0
+          toolchain: 1.75.0
           cache: true
 
       - name: Check MSRV

.github/workflows/zizmor.yml

@@ -0,0 +1,26 @@
+name: GitHub Actions Security Analysis with zizmor
+
+on:
+  pull_request:                  
+    branches: ["**"]
+  push:                          
+    branches: ["**"]             
+  schedule:
+    - cron: '0 0 * * 0'          
+  workflow_dispatch:            
+
+permissions:
+  contents: read
+  security-events: write         
+
+jobs:
+  zizmor:
+    name: zizmor security scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 
+
+      - name: Run zizmor 
+        uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4  

Cargo.lock

@@ -1,18 +1,19 @@
 [package]
-name = "bdk_rpc_client"
+name = "bdk-bitcoind-client"
 version = "0.1.0"
-edition = "2024"
-rust-version = "1.85.0"
+edition = "2021"
+rust-version = "1.75.0"
 homepage = "https://bitcoindevkit.org"
-repository = "https://github.com/bitcoindevkit/bdk-rpc-client"
-documentation = "https://docs.rs/bdk_rpc_client"
+repository = "https://github.com/bitcoindevkit/bdk-bitcoind-client"
+documentation = "https://docs.rs/bdk-bitcoind-client"
 description = "A minimal production-ready bitcoind RPC client for Bitcoin Dev Kit."
 license = "MIT OR Apache-2.0"
+authors = ["Bitcoin Dev Kit Developers"]
 readme = "README.md"
 
 [dependencies]
 corepc-types = { version = "0.10.1", features = ["default"]}
 jsonrpc = { version = "0.18.0", features = ["simple_http", "simple_tcp", "minreq_http", "simple_uds", "proxy"] }
 
 [features]
-v30_0 = [ ]
+v30_0 = []

Cargo.toml

@@ -7,7 +7,7 @@ use std::{
 use crate::error::Error;
 use crate::jsonrpc::minreq_http::Builder;
 use corepc_types::bitcoin::BlockHash;
-use jsonrpc::{Transport, serde, serde_json};
+use jsonrpc::{serde, serde_json, Transport};
 
 /// client authentication methods
 #[derive(Clone, Debug, Hash, Eq, PartialEq, Ord, PartialOrd)]

src/client.rs

@@ -7,7 +7,7 @@
 //! bitcoind -regtest -rpcuser=bitcoin -rpcpassword=bitcoin -rpcport=18443
 //! ```
 
-use bdk_rpc_client::{Auth, Client, Error};
+use bdk_bitcoind_client::{Auth, Client, Error};
 use corepc_types::bitcoin::BlockHash;
 use std::path::PathBuf;