Skip to content

Various small docs improvements #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Various small docs improvements #47

wants to merge 6 commits into from

Conversation

@tsteenbe
Copy link
Member

@tsteenbe tsteenbe commented Nov 5, 2025

See individual commits for details.

@tsteenbe
docs(README): Remove trailing spaces
c459463 
Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe
docs(README): Improve introduction
5b1bac0 
Improved introductory wording for clarity, added a link to
GitHub actions documentation to better assist novice users.

Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe
docs(README): Use main branch in examples
0cc3638 
Updated examples to use the main branch and added note advising users
to use tagged revisions for production instead of the main branch.
This change reduces the need to update the README every time a
new revision of the GitHub action for ORT is tagged.

Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe
docs(README): Update checkout action to latest version
4504ab1 
Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe
chore(NOTICE): Add "Thomas Steenbergen" as copyright holder
01272a3 
Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe
docs(README): Update copyright year range
047b546 
Updated copyright year range so it matches NOTICE file.

Signed-off-by: Thomas Steenbergen <[email protected]>
@tsteenbe tsteenbe force-pushed the small-docs-improvements branch from 8b5348e to 047b546 Compare November 5, 2025 15:12
@tsteenbe tsteenbe requested a review from fviernau November 5, 2025 17:12
heliocastro
heliocastro requested changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@heliocastro heliocastro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Samll changes, more as a security quality of life, the rest is fine

README.md
run: git config --global url.https://github.com/.insteadOf ssh://[email protected]/
- name: Checkout project
uses: actions/checkout@v3
uses: actions/checkout@v5
Copy link
Contributor

@heliocastro heliocastro Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: if you want to get the benefits of dependabot or similar services to autoupdate actions, pin down the action, inclusive, this is one of items that is considered in scorecard.
So, it would be something like:

actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8

Copy link
Member Author

@tsteenbe tsteenbe Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heliocastro I followed the actions/checkout docs which clearly shows to use the v5. Think using hash in action versions looks weird especially in examples

Copy link
Contributor

@heliocastro heliocastro Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool

README.md
run: git config --global url.https://github.com/.insteadOf ssh://[email protected]/
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
uses: oss-review-toolkit/ort-ci-github-action@main
Copy link
Contributor

@heliocastro heliocastro Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same thing here, avoid @main, which is not seen very well. Consider always tag and pin down

Copy link
Member

@sschuberth sschuberth Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess main is intended here as it's this action itself.

Copy link
Member Author

@tsteenbe tsteenbe Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heliocastro I switch to using "main" as I prefer not having to update the README every time we tag a new version of the action. We could also change it to a tag called "latest" similar to how we do things for the ORT docker image. Does that work for you?

Copy link
Contributor

@heliocastro heliocastro Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So keep with main in this case, but then for external actions, move to pinnning and then is ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sschuberth sschuberth sschuberth left review comments

@heliocastro heliocastro heliocastro requested changes

@fviernau fviernau Awaiting requested review from fviernau

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tsteenbe @sschuberth @heliocastro