videojs/video.js
1
0
Fork 0
mirror of https://github.com/videojs/video.js.git synced 2026-03-26 11:39:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,202 Commits 20 Branches 532 Tags
main
Commit Graph

39 Commits

Author SHA1 Message Date
mister-ben
6dec037438 chore: Convert PR title action to module (#9152) 2026-02-05 14:32:35 +01:00
Christian Pillsbury
4ceeb01569 ci: remove npm token from GHA release.yml to test trusted publisher workflow without it (#9121) 2025-11-14 07:07:38 -08:00
Essk
1a09554cca fix: update release workflow discussion permission (#9031) 2025-04-16 17:05:46 +01:00
Essk
e0b252108a fix: update release workfow permissions (#9027) 2025-04-15 17:55:13 +01:00
Jakub Pavlik
c1a8cbfb18 chore: Enable supply chain security through npm provenance attestation (#8911) 
## Description

- Configure GitHub Actions workflow for secure publishing
- Enable automatic provenance generation during npm publish
- Add integrity verification through Sigstore transparency logs

Following the recent Lottie-Player supply chain attack, it's crucial to
enhance package security. NPM provenance provides cryptographic proof
that this package was built from this repository using GitHub Actions,
making supply chain attacks significantly harder. More info in my blog
post
https://medium.com/exaforce/npm-provenance-the-missing-security-layer-in-popular-javascript-libraries-b50107927008

## Specific Changes proposed
Changes the workflow github to publish provenance attestation on
https://www.npmjs.com/package/video.js

## Requirements Checklist
- [x] Feature implemented in CI/CD
- [ ] If necessary, more likely in a feature request than a bug fix
- [ ] Change has been verified in an actual browser (Chrome, Firefox,
IE)
  - [x] Unit Tests updated or fixed
  - [ ] Docs/guides updated
- [ ] Example created ([starter template on
JSBin](https://codepen.io/gkatsev/pen/GwZegv?editors=1000#0))
- [ x Has no DOM changes which impact accessiblilty or trigger warnings
(e.g. Chrome issues tab)
  - [x] Has no changes to JSDoc which cause `npm run docs:api` to error
- [ ] Reviewed by Two Core Contributors
 2025-02-05 09:23:17 -08:00
mister-ben
c5f548be09 chore: Update PR template (#8750) 
Adds reminders to check impact of JSDoc and DOM changes.
 2024-05-28 19:44:56 +02:00
mister-ben
af06f50d09 chore: update GitHub Actions version and remove xvfb (#8682) 
* uncovered change to a file

* update codecov action

* revert temp test change

* bump other action versions

* remove xvfb action
 2024-04-12 18:06:35 +02:00
mister-ben
04d10ef3dd chore: Add action to validate PR titles (#8614) 2024-03-04 17:54:33 +01:00
mister-ben
e42b8594ff chore: update issue template (#8212) 2023-04-04 16:48:05 -04:00
Phil Hale
882f3af3b2 chore: Update CI and release workflows (#8214) 
* Update deprecated set-output command.
* Update actions to use Node 16 rather than Node 12.
 2023-03-30 15:22:28 +01:00
Jon Dufresne
423f7ebd67 Fix several typos in docs and comments (#8110) 2023-03-22 15:00:01 +01:00
mister-ben
0cfc4857b4 chore: Update codecov action (#8103) 2023-02-01 19:18:30 +01:00
mister-ben
e59222a4ff chore: Update lock thrads dependency (#8044) 2022-12-13 09:52:52 +01:00
André
1be46d4ebf chore(lock-threads): run only daily at 1:00 am, and skip in forks (#7832) 
* chore(lock-action): performed daily at 1:00 am

* Skip for forks

Co-authored-by: mister-ben <git@misterben.me>
 2022-07-11 13:55:36 +02:00
mister-ben
18bad57322 chore: Lock old closed issues (#7777) 2022-05-24 23:14:23 -04:00
mister-ben
3e40512501 chore: Update issue template to a form (#7735) 2022-05-16 17:20:49 -04:00
Gary Katsevman
dae1266bce chore: use aws s3 cp rather than sync (#7400) 
Sync needs extra permissions, like ListObject, to function, but the keys
we have are the most minimal that are possible. Instead, we should copy
local files unconditionally.
 2021-08-25 16:52:51 -04:00
Gary Katsevman
af484eccbe chore: specify bucket for CDN push (#7393) 2021-08-23 18:30:56 -04:00
Gary Katsevman
957c6fa009 chore: add a release and deploy Github Action (#7385) 
The release job will do an npm publish and a github-release.
It's based on videojs/.github/github-release.yml.
The new version is published as `next` and requires to be promoted to
latest manually.

The deploy job, should do an aws s3 sync to upload the files to S3 for
us. It uses a Github Environment secrets. This is so that we can require
a user to approve the CDN upload.
 2021-08-23 15:30:05 -04:00
Brandon Casey
fab6e87205 chore: use setup-node cache and remove individual cache step (#7310) 2021-07-06 11:08:32 -04:00
Brandon Casey
4cecbdab45 chore: add a code coverage ci workflow (#7282) 2021-06-23 00:53:52 -04:00
Brandon Casey
b6412a3358 chore: never skip github actions workflows in main (#7169) 2021-04-07 11:04:53 -04:00
Gary Katsevman
fbf34e3429 test: a couple of minor fixes, tweak CI config, swap rollup replace plugin (#7128) 2021-03-09 11:41:01 -05:00
Brandon Casey
5904ec2d7c test: update ci workflow to prevent install failures (#7041) 2021-01-14 15:46:13 -05:00
Amin
861753017e docs: change blog links to most recent blog version, fix typo (#6904) 
Co-authored-by: aminamos <26092352+aminamos@users.noreply.github.com>
 2020-11-10 18:10:49 -05:00
Gary Katsevman
6a28562d74 chore: setup Github CI (#6940) 2020-11-10 17:45:26 -05:00
Gary Katsevman
1cd9be7200 chore: add Affects: a11y and switch to outdated label (#6015) 
Add "Affects: a11y" as an exempt label and switch to outdated label instead of wontfix as the stale label.
 2019-05-28 11:35:32 -04:00
Gary Katsevman
287b267305 docs: update starter template (#5570) 
Use a codepen template for the starter template that includes the latest version of Video.js.

The template is at https://codepen.io/gkatsev/pen/GwZegv?editors=1000#0

Fixes #5562
 2018-11-14 13:45:20 -05:00
Gary Katsevman
e63776862f chore(welcome bot): add welcome bot config (#5313) 2018-07-11 15:15:37 -04:00
Gary Katsevman
00bb788899 chore: enable move and stale probots (#5292) 
Enable [stale](https://probot.github.io/apps/stale/) and [move](https://probot.github.io/apps/move/) [probots](https://probot.github.io/).

`confirmed` and `a11y` labels have been added as exempt labels for stalebot
 2018-07-02 16:20:02 -04:00
Gary Katsevman
4e79a04579 chore(first-timers-bot): fix slack url in template 2018-04-03 10:47:36 -04:00
Gary Katsevman
9612c8f870 chore(first-timers-bot): correct the path to template file 2018-04-02 17:02:08 -04:00
Gary Katsevman
edb257c544 chore(first-timers-bot): quote repository option 2018-04-02 16:58:00 -04:00
Gary Katsevman
81de856b05 chore(first-timers-bot): add repo to bot options 2018-04-02 16:21:53 -04:00
Gary Katsevman
43b5a6dc5f chore: make sure first-timers bot uses our template (#5001) 2018-03-12 13:36:20 -04:00
Gary Katsevman
f5c737327b chore: add first-timers-issue-template.md (#4958) 2018-02-15 13:42:38 -05:00
Brandon Casey
0493f54d6f chore(docs): Documentation Linting and TOC generation (#3841) 
Use remark to lint and generate TOC for markdown files.
 2016-12-20 16:55:59 -05:00
Brandon Casey
72fcb6c659 chore(pr_template): add checkbox to verify changes in a browser (#3775) 2016-11-14 15:28:01 -05:00
Piotr
86f0830502 chore: move metadata to hidden folder and update references 
ISSUE_TEMPLATE and PULL_REQUEST_TEMPLATE were both moved to a .github/ folder to clean up the root of the project a bit. CONTRIBUTING.md was kept at the top level because it is generic enough and contains useful information.
 2016-09-28 18:17:18 -04:00