docs: Minor cleanups including lint warnings and structure

Signed-off-by: Stephen Augustus <[email protected]>
ossf · Jun 26, 2024 · a79a3be · a79a3be
1 parent 93b107a
commit a79a3be
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,16 +2,14 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-### [1.0.1](https://github.com/ossf/scorecard-monitor/compare/v1.0.0...v1.0.1) (2023-02-15)
-
+## [1.0.1](https://github.com/ossf/scorecard-monitor/compare/v1.0.0...v1.0.1) (2023-02-15)
 
 ### Other
 
 * added github action branding  ([831364a](https://github.com/ossf/scorecard-monitor/commits/831364aaf4654af1bbc4747fcbc414539b9d7a74))
 
 ## 1.0.0 (2023-02-15)
 
-
 ### Features
 
 * added basic github action definition ([f98ce7c](https://github.com/ossf/scorecard-monitor/commits/f98ce7c0affd8559f37e5fbf2f9a2c3e30242eca))
@@ -32,12 +30,10 @@ All notable changes to this project will be documented in this file. See [standa
 * simplified legacy code ([eb024ed](https://github.com/ossf/scorecard-monitor/commits/eb024ed84e505433bb89098c65140e43b5784e7c))
 * WIP core logic ([939ebba](https://github.com/ossf/scorecard-monitor/commits/939ebba0c1d773237366620cefd77e2a54afff09))
 
-
 ### Bug Fixes
 
 * minor bugs ([#4](https://github.com/ossf/scorecard-monitor/issues/4)) ([e07d7f7](https://github.com/ossf/scorecard-monitor/commits/e07d7f7dd38efa5caaf64d0c548752f2ae54ed45))
 
-
 ### Other
 
 * added actions dependencies ([42029e2](https://github.com/ossf/scorecard-monitor/commits/42029e2788dfae7ad0b2ffd9011b085d46b10416))

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -13,50 +13,49 @@ project. This document describes the contribution guidelines for the project.
 > For more details, see the [LF DCO wiki](https://wiki.linuxfoundation.org/dco)
 > or [this Pi-hole signoff guide](https://docs.pi-hole.net/guides/github/how-to-signoff/).
 
-* [Contributing code](#contributing-code)
-    * [Getting started](#getting-started)
-    * [Environment Setup](#environment-setup)
-    * [New to Node.js?](#new-to-nodejs)
-* [Contributing steps](#contributing-steps)
-* [Running the project locally](#running-the-project-locally)
-* [Installing the project dependencies](#installing-the-project-dependencies)
-* [Running tests](#running-tests)
-* [Linting the codebase](#linting-the-codebase)
-* [What to do before submitting a pull request](#what-to-do-before-submitting-a-pull-request)
-* [PR Process](#pr-process)
-* [Where the CI Tests are configured](#where-the-ci-tests-are-configured)
-* [Updating Docs](#updating-docs)
+- [Contributing code](#contributing-code)
+  - [Getting started](#getting-started)
+  - [Environment Setup](#environment-setup)
+  - [New to Node.js?](#new-to-nodejs)
+- [Contributing steps](#contributing-steps)
+- [Running the project locally](#running-the-project-locally)
+- [Installing the project dependencies](#installing-the-project-dependencies)
+- [Running tests](#running-tests)
+- [Linting the codebase](#linting-the-codebase)
+- [What to do before submitting a pull request](#what-to-do-before-submitting-a-pull-request)
+- [PR Process](#pr-process)
+- [Where the CI Tests are configured](#where-the-ci-tests-are-configured)
+- [Updating Docs](#updating-docs)
 
 ## Contributing code
 
 ### Getting started
 
-1.  Create [a GitHub account](https://github.com/join)
-1.  Create a [personal access token](https://docs.github.com/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)
-1.  Set up your [development environment](#environment-setup)
+1. Create [a GitHub account](https://github.com/join)
+1. Create a [personal access token](https://docs.github.com/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)
+1. Set up your [development environment](#environment-setup)
 
 ### Environment Setup
 
 You must install these tools:
 
-1.  [`git`](https://help.github.com/articles/set-up-git/): For source control
+1. [`git`](https://help.github.com/articles/set-up-git/): For source control
 
-1.  [`node`](https://nodejs.org/en/download/package-manager): You need node version
-        `v20+`. The project includes support for [nvm](https://github.com/nvm-sh/nvm).
+1. [`node`](https://nodejs.org/en/download/package-manager): You need node version `v20+`. The project includes support for [nvm](https://github.com/nvm-sh/nvm).
 
 ### New to Node.js?
 
 If you're unfamiliar with Node.js, there are plenty of articles, resources, and books.
 We recommend starting with several resources from the official Node.js website:
 
-* [Introduction to Node.js](https://nodejs.org/en/learn/getting-started/introduction-to-nodejs)
+- [Introduction to Node.js](https://nodejs.org/en/learn/getting-started/introduction-to-nodejs)
 
 ## Contributing steps
 
-1.  Identify an existing issue you would like to work on, or submit an issue describing your proposed change to the repo in question.
-1.  The maintainers will respond to your issue promptly.
-1.  Fork this repo, develop, and test your code changes.
-1.  Submit a pull request.
+1. Identify an existing issue you would like to work on, or submit an issue describing your proposed change to the repo in question.
+1. The maintainers will respond to your issue promptly.
+1. Fork this repo, develop, and test your code changes.
+1. Submit a pull request.
 
 ## Running the project locally
 
@@ -73,6 +72,7 @@ First, check that you are using Node v20+ and then execute `npm ci` instead of `
 Currently, the project is using [Jest](https://jestjs.io/) and [Snapshot Testing](https://jestjs.io/docs/snapshot-testing).
 
 You have several options to run the tests:
+
 - `npm run test`: this will run the tests
 - `npm run test:update`: this will run the tests and update the snapshots
 - `npm run test:coverage` this will run the tests and generate a coverage report as terminal output and in HTML format that can be found in the `coverage/` folder
@@ -109,9 +109,8 @@ change, it's generally encouraged to submit the bugfix separately, but if you mu
 
 ## Where the CI Tests are configured
 
-1.  See the [action files](.github/workflows) to check its tests, and the
-    scripts used on it.
+1. See the [action files](.github/workflows) to check its tests, and the scripts used on it.
 
 ## Updating Docs
 
-The documentation can be found in the [README](./README.md). Any changes that are merged to `main` will be reflected directly on https://github.com/marketplace/actions/openssf-scorecard-monitor. Therefore, documentation changes do not require a specific release.
+The documentation can be found in the [README](./README.md). Any changes that are merged to `main` will be reflected directly on the [GitHub Actions Marketplace](https://github.com/marketplace/actions/openssf-scorecard-monitor), so documentation changes do not require a specific release.
diff --git a/README.md b/README.md
@@ -2,25 +2,19 @@
 
 **Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts.**
 
----
-
-**📢 IMPORTANT**
-
-This project is now part of the [OpenSSF](https://openssf.org/) organization. You can find more information about it in [this announcement](https://github.com/ossf/scorecard-monitor/issues/79).
-
----
+*This project is part of [OpenSSF Scorecard](https://github.com/ossf/scorecard). Read [the announcement](https://github.com/ossf/scorecard-monitor/issues/79) for more details.*
 
 ## 🔮 About
 
-If you're feeling overwhelmed by an avalanche of repository scorecards in your organization, you can breathe easy: Automation is here to make your life easier! It will streamline the process of keeping track of them all by providing a comprehensive report in Markdown and a local database in JSON with all the scores. Furthermore, to stay on top of any changes in the scores, you can choose to get notifications through Github Issues.
+If you're feeling overwhelmed by an avalanche of scorecards across your organizations, you can breathe easy: automation is here to make your life easier! Scorecard Monitor streamlines the process of keeping track of them all by providing a comprehensive report in Markdown and a local database in JSON with all the scores. To stay on top of any changes in the scores, you can also choose to get notifications through Github Issues.
 
 ## ✅ Requirements
 
 Please ensure that any repository you wish to track with Scorecard Monitor has already been analyzed by [OpenSSF Scorecard](https://github.com/ossf/scorecard) at least once. This can be accomplished using the official [GitHub Action](https://github.com/ossf/scorecard-action) or the [Scorecard CLI](https://github.com/ossf/scorecard?tab=readme-ov-file#scorecard-command-line-interface).
 
 It's also possible that some repositories in your organization are already being [automatically tracked](https://github.com/ossf/scorecard/blob/main/docs/faq.md#can-i-preview-my-projects-score) by OpenSSF in this [CSV file](https://github.com/ossf/scorecard/blob/main/cron/internal/data/projects.csv) via weekly cronjob. One caveat: Automatically tracked projects _do not_ include [certain checks](https://github.com/ossf/scorecard/issues/3438) in their analysis (`CI-Tests,Contributors,Dependency-Update-Tool,Webhooks`).
 
-If you're not sure whether a specific project is already using Scorecard, you can always spot-check with the following URL pattern: `https://securityscorecards.dev/viewer/?uri=github.com/<ORG_NAME>/<REPO_NAME>` (substitute `<ORG_NAME>` and `<REPO_NAME>` as appropriate). The [Scorecard API](https://api.securityscorecards.dev/) is also able to fetch scores for a given repository.
+If you're not sure whether a specific project is already using OpenSSF Scorecard, you can always spot-check with the following URL pattern: `https://securityscorecards.dev/viewer/?uri=github.com/<ORG_NAME>/<REPO_NAME>` (substitute `<ORG_NAME>` and `<REPO_NAME>` as appropriate). The [Scorecard API](https://api.scorecard.dev/) is also able to fetch scores for a given repository.
 
 ## 📺 Tutorial
 
@@ -31,7 +25,7 @@ If you would like to contribute to the documentation, please feel free to open a
 
 - Easy to use with great customization
 - Easy to patch the scoring as the reports includes a direct link to [StepSecurity](https://app.stepsecurity.io)
-- Easy way to visualize the scorecard results with [The Scorecard Visualizer](https://ossf.github.io/scorecard-visualizer/#/projects/github.com/nodejs/node) or [deps.dev](https://deps.dev/project/github/nodejs%2Fnode)
+- Easy way to visualize results with [Scorecard Visualizer](https://ossf.github.io/scorecard-visualizer/#/projects/github.com/nodejs/node) or [deps.dev](https://deps.dev/project/github/nodejs%2Fnode)
 - Cutting-edge feature that effortlessly compares OpenSSF scorecards between previous and current commits with [The Scorecard Visualizer Comparator](https://ossf.github.io/scorecard-visualizer/#/projects/github.com/nodejs/node/compare/39a08ee8b8d3818677eb823cb566f36b1b1c4671/19fa9f1bc47b0666be0747583bea8cb3d8ad5eb1)
 - Discovery mode: list all the repos in one or many organizations that are already being tracked with [OpenSSF Scorecard](https://github.com/ossf/scorecard)
 - Reporting in Markdown with essential information (hash, date, score) and comparative against the prior score
@@ -42,7 +36,7 @@ If you would like to contribute to the documentation, please feel free to open a
 - Extend the markdown template with you own content by using tags
 - Easy to modify the files and ensure the integrity with JSON Schemas
 - The report data is exported as an output and can be used in the pipeline
-- Great test coverage (in progress)
+- Great test coverage
 
 ### 🎉 Demo
 
@@ -136,7 +130,7 @@ jobs:
 - `report-tags-enabled`: Defines if the markdown report must be created/updated around tags by default is disabled. This is useful if the report is going to be include in a file that has other content on it, like docusaurus docs site or similar
 - `report-start-tag` Defines the start tag, default `<!-- OPENSSF-SCORECARD-MONITOR:START -->`
 - `report-end-tag`: Defines the closing tag, default `<!-- OPENSSF-SCORECARD-MONITOR:END -->`
-- `render-badge`: Defines if the OpenSSF badge must be rendered in the reportor to only show the score
+- `render-badge`: Defines if the OpenSSF Scorecard badge must be rendered in the reporter to only show the score
 - `report-tool`: Defines the reporting review tool in place: `scorecard-visualizer` [Example](https://ossf.github.io/scorecard-visualizer/#/projects/github.com/nodejs/node) or `deps.dev` [Example](https://deps.dev/project/github/nodejs%2Fnode), by default `scorecard-visualizer`
 
 ### Outputs
@@ -285,4 +279,4 @@ Just for reference, the database will store the current value and previous value
 
 ## 💪 Contributing
 
-Please read [CONTRIBUTING.md](https://github.com/UlisesGascon/.github/blob/main/contributing.md) for details on our code of conduct and the process for submitting pull requests to us. You need to accept DCO 1.1 in order to make contributions.
+Please read [CONTRIBUTING.md](https://github.com/ossf/scorecard-monitor/blob/main/CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests to us. You need to accept DCO 1.1 in order to make contributions.
diff --git a/RELEASE.md b/RELEASE.md
@@ -8,14 +8,12 @@ This document describes the process for releasing a new version of the Scorecard
 
 In order to generate a new release, it is recommended to use the commands:
 
-
-```
+```console
 npm run release:minor
 npm run release:patch
 npm run release:major
 ```
 
-
 This includes all the changes in the [CHANGELOG](./CHANGELOG.md) and ensures that the `package.json` and `package-lock.json` are up to date.
 
 You can discard the tag that has been generated locally, as we won't use it.
@@ -33,5 +31,5 @@ In order to create a new release, follow these steps:
 3. Target the new release version, like `v.1.0.3-beta5`. Note that you can use metadata like `-beta5` and you must include `v` as prefix.
 4. Mark `Set as the latest release`
 5. (Optionally) mark `Set as a pre-release` if it is non-production ready.
-6. :bulb: **Hint:** You can check another release ([example](https://github.com/ossf/scorecard-monitor/releases/tag/v2.0.0-beta7)) to follow the style for title and description (_Main Changes, PRs, New contributions_). 
-7. Click the `Generate release notes` button in the top right to automatically populate the release description.
+6. :bulb: **Hint:** You can check another release ([example](https://github.com/ossf/scorecard-monitor/releases/tag/v2.0.0-beta7)) to follow the style for title and description (_Main Changes, PRs, New contributions_).
+7. Click the `Generate release notes` button in the top right to automatically populate the release description.
diff --git a/action.yml b/action.yml
@@ -1,6 +1,6 @@
 name: 'OpenSSF Scorecard Monitor'
-description: 'Monitor OpenSSF Scorecard Evolution over time'
-author: 'Ulises Gascon'
+description: 'Monitor OpenSSF Scorecard evolution over time'
+author: 'OpenSSF Scorecard Authors'
 
 inputs:
   scope:
@@ -56,7 +56,7 @@ inputs:
     required: false
     default: "10"
   render-badge:
-    description: 'Render the OSSF badge in the report'
+    description: 'Render the OpenSSF Scorecard badge in the report'
     required: false
     default: "false"
   report-tool: