From ff64d55039363c2f584b5224d437a8cb186ee959 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Sat, 22 Feb 2025 21:34:47 -0500 Subject: [PATCH] Change name of permissions monitoring config input Also: - Update the description of this input. - Give the input the same default value that the GitHubSecurityLab/actions-permission/monitor action uses. - Make the input not required. --- README.md | 2 +- action.yml | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index eb17355..1716bb6 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ beginning of every GitHub Actions job. | Name | Description | Interpreted Type | Default | Required | |------|-------------|------------------|---------|:--------:| -| actions_permissions_config | A JSON string containing the permissions configuration to use for permissions monitoring. In the case of cisagov you will usually want to set this to `${{ vars.ACTIONS_PERMISSIONS_CONFIG }}` so it agrees with our organization-wide GitHub Actions permissions configuration. See [the documentation for the GitHubSecurityLab/actions-permissions/monitor action](https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration) for more details. | `string` | n/a | yes | | harden_runner_egress_policy | The egress policy to use for runner hardening. See [step-security/harden-runner](https://github.com/step-security/harden-runner) for more details and valid values. | `string` | `audit` | no | +| permissions_monitoring_config | A JSON string containing the configuration to use for permissions monitoring. In the case of cisagov you will usually want to set this to `${{ vars.ACTIONS_PERMISSIONS_CONFIG }}` so it agrees with our organization-wide GitHub Actions permissions monitoring configuration. See [the documentation for the GitHubSecurityLab/actions-permissions/monitor action](https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration) for more details. | `string` | `""` | no | ### Outputs ### diff --git a/action.yml b/action.yml index 7f6055e..b21c900 100644 --- a/action.yml +++ b/action.yml @@ -9,24 +9,24 @@ description: >- name: Job preamble inputs: - actions_permissions_config: - description: >- - A JSON string containing the permissions configuration to use - for permissions monitoring. In the case of cisagov you will - usually want to set this to `\$\{\{ - vars.ACTIONS_PERMISSIONS_CONFIG \}\}` so it agrees with our - organization-wide GitHub Actions permissions configuration. See - the documentation for the - GitHubSecurityLab/actions-permission/monitor action for more - details: - https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration - required: true harden_runner_egress_policy: default: audit description: >- The egress policy to use for runner hardening. See step-security/harden-runner for more details and valid values. required: false + permissions_monitoring_config: + default: "" + description: >- + A JSON string containing the configuration to use for + permissions monitoring. In the case of cisagov you will almost + usually to set this to `\$\{\{ vars.ACTIONS_PERMISSIONS_CONFIG + \}\}` so it agrees with our organization-wide GitHub Actions + permissions monitoring configuration. See the documentation for + the GitHubSecurityLab/actions-permission/monitor action for more + details: + https://github.com/GitHubSecurityLab/actions-permissions/tree/main/monitor#configuration + required: false runs: using: composite