update actions (#277)

* update actions

* fix lint errors

* review fixes

.github/workflows/links.yml

@@ -0,0 +1,22 @@
+---
+name: Check for broken links
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+
+  linkCheck:
+    name: Link Checking
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        file-extensions: [".md", ".mdx"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: LinkCheck
+        uses: ConsenSys/docs-gha/linkcheck@main
+        with:
+          FILE_EXTENSION: ${{ matrix.file-extensions }}

.github/workflows/lint.yml

@@ -1,5 +1,5 @@
 ---
-name: Check for lint, spelling and link errors
+name: Check for lint errors
 
 on:
   pull_request:
@@ -8,27 +8,19 @@ on:
 
 jobs:
   lint:
-    name: Lint Code Base, Spelling, Link Check
+    name: Lint 
     runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
       - uses: actions/checkout@v4
 
-      - name: Lint
+      - name: Lint code
         uses: ConsenSys/docs-gha/lint@main
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  linkCheck:
-    name: Link Checking
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        file-extensions: [".md", ".mdx"]
-    steps:
-      - uses: actions/checkout@v4
-      - name: LinkCheck
-        uses: ConsenSys/docs-gha/linkcheck@main
+      - name: Lint markdown
+        uses: ConsenSys/docs-gha/lint-markdown@main
         with:
-          FILE_EXTENSION: ${{ matrix.file-extensions }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/spelling.yml

@@ -0,0 +1,23 @@
+---
+name: Check for spelling with vale
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  vale:
+    name: Spelling
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Vale
+        uses: Consensys/docs-gha/spelling@main
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FILEPATHS: "docs"
+

docs/concepts/architecture.md

@@ -3,25 +3,26 @@ description: Learn more about Web3Signer's architecture.
 sidebar_position: 1
 ---
 
-# Architecture 
+# Architecture
 
 Web3Signer is a remote signing client comprised of three main components:
 
 - Remote signer
 - Slashing database
-- APIs 
+- APIs
 
 ## The remote signer
 
-The remote signer [loads private keys](../how-to/load-keys.md) into memory and responds to signature requests. 
-If you are using an [HSM](../how-to/store-keys/hsm/_category_.json) or a [vault](../how-to/store-keys/vaults/_category_.json) for execution layer signing, the keys stay at rest. 
+The remote signer [loads private keys](../how-to/load-keys.md) into memory and responds to signature requests.
+If you are using an [HSM](../how-to/store-keys/hsm/_category_.json) or a [vault](../how-to/store-keys/vaults/_category_.json) for execution layer signing, the keys stay at rest.
 This component communicates with the slashing database, the APIs, and the keystore (if used), to coordinate remote signing.
 
 ## The slashing database
 
-The [slashing database](./slashing-protection.md) is a Postgres database that tracks which keys have signed messages. 
+The [slashing database](./slashing-protection.md) is a Postgres database that tracks which keys have signed messages.
 Database locking ensures that when multiple Web3Signer instances load the same keys, only one instance is permitted to sign.
 
 ## The APIs
 
-Web3Signer supports REST and [JSON-RPC APIs](../reference/api/_category_.json) to sign consensus layer and execution layer payloads respectively. These connections should be carefully secured. Web3Signer offers [TLS communication](../how-to/configure-tls.md).
+Web3Signer supports REST and [JSON-RPC APIs](../reference/api/_category_.json) to sign consensus layer and execution layer payloads
+respectively. These connections should be carefully secured. Web3Signer offers [TLS communication](../how-to/configure-tls.md).

docs/get-started/install-binaries.md

@@ -4,11 +4,11 @@ description: Install Web3Signer from a binary distribution.
 sidebar_position: 1
 ---
 
+# Install binary distribution
+
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
-# Install binary distribution
-
 ## Prerequisites
 
 - [Java JDK](https://jdk.java.net/)

docs/get-started/key-best-practices.md

@@ -5,8 +5,8 @@ sidebar_position: 5
 
 # Private key management best practices
 
-Web3Signer manages validator keys for Ethereum 2.0 staking. 
-This document outlines best practices for key generation, storage, access control, and system security when using Web3Signer. 
+Web3Signer manages validator keys for Ethereum 2.0 staking.
+This document outlines best practices for key generation, storage, access control, and system security when using Web3Signer.
 The following guidelines help protect your staked assets and supports Ethereum network integrity.
 
 ## Generate secure BLS keys

docs/get-started/start-web3signer.md

@@ -4,11 +4,11 @@ description: Start Web3Signer.
 sidebar_position: 4
 ---
 
+# Start Web3Signer
+
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
-# Start Web3Signer
-
 :::note
 This documentation has been updated in line with the name changes [recommended by the Ethereum
 Foundation](https://blog.ethereum.org/2022/01/24/the-great-eth2-renaming/).
@@ -114,4 +114,4 @@ Web3Signer by default also performs a health check on the
 [subcommand]: ../reference/cli/subcommands.md
 [bulk load signing keys]: ../how-to/load-keys.md#bulk-load-keys
 [slashing protection]: ../concepts/slashing-protection.md
-[slashing protection database]: ../how-to/configure-slashing-protection.md
+[slashing protection database]: ../how-to/configure-slashing-protection.md

docs/how-to/configure-slashing-protection.md

@@ -4,11 +4,11 @@ description: Configure consensus layer slashing protection.
 sidebar_position: 6
 ---
 
+# Configure consensus layer slashing protection
+
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
-# Configure consensus layer slashing protection
-
 Configure [slashing protection] to prevent consensus layer validators from being penalized for
 signing conflicting blocks or attestations.
 
@@ -74,14 +74,18 @@ Use the [Flyway] migration tool to automatically load them in order.
   <TabItem value="Flyway DB migration tool" label="Flyway DB migration tool" default>
 
 ```bash
-flyway migrate -url="jdbc:postgresql://localhost/web3signer" -locations="filesystem:/Users/me/web3signer-0.2.1-SNAPSHOT/migrations/postgresql"
+flyway migrate -url="jdbc:postgresql://localhost/web3signer" \
+-locations="filesystem:/Users/me/web3signer-0.2.1-SNAPSHOT/migrations/postgresql"
 ```
+
   </TabItem>
   <TabItem value="Postgres command line" label="Postgres command line" >
 
 ```bash
-psql --echo-all --host=localhost --port=5432 --dbname=web3signer --username=postgres -f /Users/me/web3signer-0.2.1-SNAPSHOT/migrations/postgresql/postgresql/V1__initial.sql
+psql --echo-all --host=localhost --port=5432 --dbname=web3signer --username=postgres \
+-f /Users/me/web3signer-0.2.1-SNAPSHOT/migrations/postgresql/postgresql/V1__initial.sql
 ```
+
   </TabItem>
 </Tabs>
 
@@ -95,7 +99,9 @@ If using the PostgreSQL command line inside a docker container, ensure you mount
 Start Web3Signer and specify the PostgreSQL connection options.
 
 ```bash
-web3signer --key-store-path=/Users/me/keys eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" --slashing-protection-db-username=postgres --slashing-protection-db-password=password --slashing-protection-pruning-enabled=true
+web3signer --key-store-path=/Users/me/keys eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" \
+--slashing-protection-db-username=postgres --slashing-protection-db-password=password \
+--slashing-protection-pruning-enabled=true
 ```
 
 :::note
@@ -121,13 +127,17 @@ Use the [`eth2 import`](../reference/cli/subcommands.md#eth2-import) and
 To import a slashing protection database file into the Postgres database, run:
 
 ```bash
-web3signer eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" --slashing-protection-db-username=postgres --slashing-protection-db-password=password import --from=/Users/me/my_node/interchange.json
+web3signer eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" \
+--slashing-protection-db-username=postgres \
+--slashing-protection-db-password=password import --from=/Users/me/my_node/interchange.json
 ```
 
 To export the Postgres database to a file run:
 
 ```bash
-web3signer eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" --slashing-protection-db-username=postgres --slashing-protection-db-password=password export --to=/Users/me/my_node/interchange.json
+web3signer eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" \
+--slashing-protection-db-username=postgres \
+--slashing-protection-db-password=password export --to=/Users/me/my_node/interchange.json
 ```
 
 You must supply the Postgres database connection details when importing or exporting the slashing
@@ -150,7 +160,10 @@ You can include additional optional pruning configuration options.
 For example, run:
 
 ```bash
-web3signer eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" --slashing-protection-db-username=postgres --slashing-protection-db-password=password --slashing-protection-pruning-enabled=true --slashing-protection-pruning-at-boot-enabled=true --slashing-protection-pruning-epochs-to-keep=5000 --slashing-protection-pruning-interval=18
+web3signer eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" \
+--slashing-protection-db-username=postgres --slashing-protection-db-password=password \
+--slashing-protection-pruning-enabled=true --slashing-protection-pruning-at-boot-enabled=true \
+--slashing-protection-pruning-epochs-to-keep=5000 --slashing-protection-pruning-interval=18
 ```
 
 :::caution Warning

docs/how-to/configure-tls.md

@@ -45,7 +45,7 @@ The file contents use the format `<common_name> <hex-string>` where:
 - `<common_name>` is the Common Name used for the client's keystore
 - `<hex-string>` is the SHA-256 fingerprint of the client's keystore.
 
-```
+```bash
 curl_client DF:65:B8:02:08:5E:91:82:0F:91:F5:1C:96:56:92:C4:1A:F6:C6:27:FD:6C:FC:31:F2:BB:90:17:22:59:5B:50
 ```
 
@@ -54,7 +54,7 @@ You can use [OpenSSL](https://www.openssl.org/) or
 client's Common Name and fingerprint.
 For example:
 
-```
+```bash
 keytool -list -v -keystore <keystore> -storetype PKCS12 -storepass <password>
 ```
 
@@ -110,7 +110,7 @@ The file contents use the format `<hostname>:<port> <hex-string>` where:
 - `<port>` is the port used for communication
 - `<hex-string>` is the SHA-256 fingerprint of the server's certificate.
 
-```
+```bash
 localhost:8590 6C:B2:3E:F9:88:43:5E:62:69:9F:A9:9D:41:14:03:BA:83:24:AC:04:CE:BD:92:49:1B:8D:B2:A4:86:39:4C:BB
 127.0.0.1:8590 6C:B2:3E:F9:88:43:5E:62:69:9F:A9:9D:41:14:03:BA:83:24:AC:04:CE:BD:92:49:1B:8D:B2:A4:86:39:4C:BB
 ```
@@ -122,7 +122,10 @@ Specify both hostname and IP address in the file if unsure which is used in requ
 ### Start Web3Signer
 
 ```bash
-web3signer eth1 --downstream-http-tls-enabled --downstream-http-tls-keystore-file=/Users/me/my_node/keystore.pfx --downstream-http-tls-keystore-password-file=/Users/me/my_node/keyPassword --downstream-http-tls-known-servers-file=/Users/me/my_node/knownServers
+web3signer eth1 --downstream-http-tls-enabled \
+--downstream-http-tls-keystore-file=/Users/me/my_node/keystore.pfx \
+--downstream-http-tls-keystore-password-file=/Users/me/my_node/keyPassword \
+--downstream-http-tls-known-servers-file=/Users/me/my_node/knownServers
 ```
 
 The command line: