Change name of permissions monitoring config input

Also: - Update the description of this input. - Give the input the same default value that the GitHubSecurityLab/actions-permission/monitor action uses. - Make the input not required.
cisagov · Feb 23, 2025 · 3976653 · 3976653
1 parent 0cfead5
commit 3976653
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -12,8 +12,8 @@ beginning of every GitHub Actions job.
 
 | Name | Description | Interpreted Type | Default | Required |
 |------|-------------|------------------|---------|:--------:|
-| actions_permissions_config | A JSON string containing the permissions configuration to use for permissions monitoring.  In the case of cisagov you will usually want to set this to `${{ vars.ACTIONS_PERMISSIONS_CONFIG }}` so it agrees with our organization-wide GitHub Actions permissions configuration.  See [the documentation for the GitHubSecurityLab/actions-permissions/monitor action](https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration) for more details. | `string` | n/a | yes |
 | harden_runner_egress_policy | The egress policy to use for runner hardening.  See [step-security/harden-runner](https://github.com/step-security/harden-runner) for more details and valid values. | `string` | `audit` | no |
+| permissions_monitoring_config | A JSON string containing the configuration to use for permissions monitoring.  In the case of cisagov you will usually want to set this to `${{ vars.ACTIONS_PERMISSIONS_CONFIG }}` so it agrees with our organization-wide GitHub Actions permissions monitoring configuration.  See [the documentation for the GitHubSecurityLab/actions-permissions/monitor action](https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration) for more details. | `string` | `""` | no |
 
 ### Outputs ###
 

diff --git a/action.yml b/action.yml
@@ -9,31 +9,31 @@ description: >-
 name: Job preamble
 
 inputs:
-  actions_permissions_config:
-    description: >-
-      A JSON string containing the permissions configuration to use
-      for permissions monitoring.  In the case of cisagov you will
-      usually want to set this to `\$\{\{
-      vars.ACTIONS_PERMISSIONS_CONFIG \}\}` so it agrees with our
-      organization-wide GitHub Actions permissions configuration.  See
-      the documentation for the
-      GitHubSecurityLab/actions-permission/monitor action for more
-      details:
-      https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration
-    required: true
   harden_runner_egress_policy:
     default: audit
     description: >-
       The egress policy to use for runner hardening.  See
       step-security/harden-runner for more details and valid values.
     required: false
+  permissions_monitoring_config:
+    default: ""
+    description: >-
+      A JSON string containing the configuration to use for
+      permissions monitoring.  In the case of cisagov you will almost
+      usually to set this to `\$\{\{ vars.ACTIONS_PERMISSIONS_CONFIG
+      \}\}` so it agrees with our organization-wide GitHub Actions
+      permissions monitoring configuration.  See the documentation for
+      the GitHubSecurityLab/actions-permission/monitor action for more
+      details:
+      https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration
+    required: false
 
 runs:
   using: composite
   steps:
     - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       with:
-        config: ${{ inputs.actions_permissions_config }}
+        config: ${{ inputs.permissions_monitoring_config }}
     - id: harden-runner
       name: Harden the runner
       uses: step-security/harden-runner@v2