diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b744f4a..38185d5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -3,7 +3,7 @@ on: # Only the default branch is supported. branch_protection_rule: schedule: - - cron: '30 0 * * 2' + - cron: '0 0 * * 0' push: branches: [ "main" ] @@ -17,20 +17,17 @@ jobs: permissions: # Needed to upload the results to code-scanning dashboard. security-events: write - # Used to receive a badge. (Upcoming feature) + # Used to receive a badge. id-token: write - # Needs for private repositories. - contents: read - actions: read - + steps: - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # v1.1.1 + uses: ossf/scorecard-action@68bf5b3327e4fd443d2add8ab122280547b4a16d # v2.0.2 with: results_file: results.sarif results_format: sarif @@ -41,22 +38,22 @@ jobs: # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, regardless # of the value entered here. publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 with: name: SARIF file path: results.sarif retention-days: 5 - + # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2.1.21 with: sarif_file: results.sarif diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fd6cd1..ca66c12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,17 @@ # Changelog +## 1.1.8 (13.09.2022) + +* Add OpenSSF BestPractices & Scorecard badges. +* Add CDN version documentation. + ## 1.1.7 (08.08.2022) -- Add scorecards actions +* Add scorecards actions ## 1.1.6 (25.07.2022) -- Add security policy to the repository +* Add security policy to the repository ## 1.1.5 (15.07.2022) * Add workflow for automatic publishing in npm. diff --git a/README.md b/README.md index 824fb0f..9440873 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ -![](https://badgen.net/badge/Editor.js/v2.0/blue) # EditorJS Tooltip Inline-tool +![](https://badgen.net/badge/Editor.js/v2.0/blue) +[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6470/badge)](https://bestpractices.coreinfrastructure.org/projects/6470) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kommitters/editorjs-tooltip/badge)](https://api.securityscorecards.dev/projects/github.com/kommitters/editorjs-tooltip) Tooltip for [Editor.js](https://editorjs.io). @@ -27,6 +29,16 @@ Include module at your application import Tooltip from 'editorjs-tooltip'; ``` +### Load from CDN + +You can load a specific version of the package from [jsDelivr CDN](https://www.jsdelivr.com/package/npm/editorjs-tooltip). + +Require this script on a page with Editor.js. + +```html + +``` + ## Usage Add a new Tool to the `tools` property of the Editor.js initial config. @@ -50,7 +62,7 @@ const editor = EditorJS({ ``` Select some text, click on the tooltip button in the inline-tools bar, and type the tooltip in the input, when the key enter is pressed, the tooltip will be created. -**Note:** Use the holder field to indicate the EditorJS Id passed in the div tag, by default the holder field is 'editorjs'. +**Note:** Use the holder field to indicate the EditorJS Id passed in the div tag, by default the holder field is 'editorjs'. ## Config Params diff --git a/package.json b/package.json index d4a598c..a32441b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "editorjs-tooltip", - "version": "1.1.7", + "version": "1.1.8", "keywords": [ "tool", "tooltip",