From 4a6008401dc6225a3a0f0091ca4d621c87bc2297 Mon Sep 17 00:00:00 2001
From: Peter Mescalchin <peter@magnetikonline.com>
Date: Thu, 26 May 2022 01:24:29 +1000
Subject: [PATCH] Workflow and `README.md` tweaks (#44)

* Stricter `.gitignore`

* Bump actions to `@v3`

* Set name for publish workflow, bump actions to `@v3`

* Add workflow badges, some Markdown tweaks
---
 .github/workflows/publish.yml | 15 ++++++++++-----
 .github/workflows/test.yml    |  6 +++---
 .gitignore                    |  4 ++--
 README.md                     | 31 +++++++++++++++++++------------
 4 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 6c01293..a82b860 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,16 +1,21 @@
+name: Publish
+
 on:
   push:
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+*'
+
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
-          node-version-file: ".nvmrc"
-      - run: npm install
-      - uses: JS-DevTools/npm-publish@v1
+          node-version-file: .nvmrc
+      - name: npm install
+        run: npm ci
+      - name: Publish package
+        uses: JS-DevTools/npm-publish@v1
         with:
           token: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bba12b3..94adb2a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,10 +12,10 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
-          node-version-file: '.nvmrc'
+          node-version-file: .nvmrc
       - name: npm install
         run: npm ci
       - name: test
diff --git a/.gitignore b/.gitignore
index e0db072..7132ac9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-out/
-node_modules/
+/out/
+/node_modules/
 .DS_Store
 npm-debug.log
diff --git a/README.md b/README.md
index 8fbdcec..8bd3ff1 100644
--- a/README.md
+++ b/README.md
@@ -1,26 +1,33 @@
 # js-releases
 
+[![Run tests](https://github.com/hashicorp/js-releases/actions/workflows/test.yml/badge.svg)](https://github.com/hashicorp/js-releases/actions/workflows/test.yml)
+[![Publish](https://github.com/hashicorp/js-releases/actions/workflows/publish.yml/badge.svg)](https://github.com/hashicorp/js-releases/actions/workflows/publish.yml)
+
 ## Download packages from releases.hashicorp.com
 
-js-releases is a handy tool for downloading and verifying packages from releases.hashicorp.com. You can:
- - fetch metadata for a given release (or latest)
- - download the package
- - verify the SHASUM and signature
- - unpack to a specified directory
+`js-releases` is a handy tool for downloading and verifying packages from [releases.hashicorp.com](https://releases.hashicorp.com/).
+
+You can:
+
+- fetch metadata for a given release (or latest)
+- download the package
+- verify the SHASUM and signature
+- unpack to a specified directory
 
 ## Environment variables
 
 The downloader can be configured with environment variables.
-Current available vars:
 
-| Parameter                   | Description                                              | Default |
-| --------------------------- | -------------------------------------------------------- | ------- |
-| `HTTP_PROXY`/`http_proxy`   | If configured will set the HTTP_PROXY to download with.  | -       |
-| `HTTPS_PROXY`/`https_proxy` | If configured will set the HTTPS_PROXY to download with. | -       |
+Currently available variables:
+
+| Environment variable           | Description                                                    | Default |
+|:-------------------------------|:---------------------------------------------------------------|:--------|
+| `HTTP_PROXY` \| `http_proxy`   | If configured will set the HTTP proxy to fetch/download with.  | -       |
+| `HTTPS_PROXY` \| `https_proxy` | If configured will set the HTTPS proxy to fetch/download with. | -       |
 
 ## Usage
 
-```
+```js
 import { Release, getRelease } from '@hashicorp/js-releases';
 
 // Setting a user agent string is optional but helpful!
@@ -50,7 +57,7 @@ return release.unpack(installPath, destination)
 
 ## Validating releases
 
-Packages are verified using HashiCorp's public GPG key `72D7468F`. The previous key was rotated and revoked per [HCSEC-2021-12](https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512) on 4/22/21. As a result, earlier versions of `js-releases` will no longer be able to verify packages.
+Packages are verified using HashiCorp's public GPG key `72D7468F`. The previous key was rotated and revoked per [HCSEC-2021-12](https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512) on 2021-04-22. As a result, earlier versions of `js-releases` will no longer be able to verify packages.
 
 ## License