diff --git a/actions/autosync/README.md b/actions/autosync/README.md index 61b56239..6310379d 100644 --- a/actions/autosync/README.md +++ b/actions/autosync/README.md @@ -26,7 +26,9 @@ name: Example Workflow | markdown_path | Path relative to the repository path where the Trestle markdown files are located. See action README.md for more information. | None | True | | oscal_model | OSCAL Model type to assemble. Values can be catalog, profile, compdef, or ssp. | None | True | | dry_run | Runs tasks without pushing changes to the repository. | false | False | -| github_token | GitHub token used to make authenticated API requests | None | False | +| github_token | "GitHub token used to make authenticated API requests. +Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do nothardcode the token." + | None | False | | version | Version of the OSCAL model to set during assembly into JSON. | None | False | | skip_assemble | Skip assembly task. Defaults to false | false | False | | skip_regenerate | Skip regenerate task. Defaults to false. | false | False | diff --git a/actions/autosync/action.yml b/actions/autosync/action.yml index be9590fe..ee620ff1 100644 --- a/actions/autosync/action.yml +++ b/actions/autosync/action.yml @@ -14,7 +14,9 @@ inputs: required: false default: "false" github_token: - description: "GitHub token used to make authenticated API requests" + description: | + "GitHub token used to make authenticated API requests. + Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do nothardcode the token." required: false version: description: "Version of the OSCAL model to set during assembly into JSON." @@ -91,7 +93,7 @@ runs: image: "../../Dockerfile" entrypoint: "/auto-sync-entrypoint.sh" env: - GITHUB_TOKEN: ${{ inputs.github_token }} + TRESTLEBOT_REPO_ACCESS_TOKEN: ${{ inputs.github_token }} branding: icon: "check" diff --git a/actions/create-cd/README.md b/actions/create-cd/README.md index b3929e68..3314f145 100644 --- a/actions/create-cd/README.md +++ b/actions/create-cd/README.md @@ -33,7 +33,9 @@ name: Example Workflow | component_description | Description of the component to create | None | True | | filter_by_profile | Name of the profile in the workspace to filter controls by | None | False | | dry_run | Runs tasks without pushing changes to the repository. | false | False | -| github_token | GitHub token used to make authenticated API requests | None | False | +| github_token | "GitHub token used to make authenticated API requests. +Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do nothardcode the token." + | None | False | | commit_message | Commit message | Sync automatic updates | False | | pull_request_title | Custom pull request title | Automatic updates from trestlebot | False | | branch | Name of the Git branch to which modifications should be pushed. Required if Action is used on the `pull_request` event. | ${{ github.ref_name }} | False | diff --git a/actions/create-cd/action.yml b/actions/create-cd/action.yml index 06f14cb7..70873926 100644 --- a/actions/create-cd/action.yml +++ b/actions/create-cd/action.yml @@ -30,7 +30,9 @@ inputs: required: false default: "false" github_token: - description: "GitHub token used to make authenticated API requests" + description: | + "GitHub token used to make authenticated API requests. + Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do nothardcode the token." required: false commit_message: description: Commit message @@ -89,7 +91,7 @@ runs: image: "../../Dockerfile" entrypoint: "/create-cd-entrypoint.sh" env: - GITHUB_TOKEN: ${{ inputs.github_token }} + TRESTLEBOT_REPO_ACCESS_TOKEN: ${{ inputs.github_token }} branding: icon: "check" diff --git a/actions/rules-transform/README.md b/actions/rules-transform/README.md index 729399ff..18703ff8 100644 --- a/actions/rules-transform/README.md +++ b/actions/rules-transform/README.md @@ -34,7 +34,9 @@ With custom rules directory: | --- | --- | --- | --- | | rules_view_path | Path relative to the repository path where the Trestle rules view files are located. Defaults to `rules/`. | rules/ | False | | dry_run | Runs tasks without pushing changes to the repository. | false | False | -| github_token | GitHub token used to make authenticated API requests | None | False | +| github_token | "GitHub token used to make authenticated API requests. +Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." + | None | False | | skip_items | Comma-separated glob patterns list of content by Trestle name to skip during task execution. For example `compdef_x,compdef_y*,`. | None | False | | commit_message | Commit message | Sync automatic updates | False | | pull_request_title | Custom pull request title | Automatic updates from trestlebot | False | diff --git a/actions/rules-transform/action.yml b/actions/rules-transform/action.yml index 832cb4f2..4ce6f772 100644 --- a/actions/rules-transform/action.yml +++ b/actions/rules-transform/action.yml @@ -12,7 +12,9 @@ inputs: required: false default: "false" github_token: - description: "GitHub token used to make authenticated API requests" + description: | + "GitHub token used to make authenticated API requests. + Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do not hardcode the token." required: false skip_items: description: "Comma-separated glob patterns list of content by Trestle name to skip during task execution. For example `compdef_x,compdef_y*,`." @@ -74,7 +76,7 @@ runs: image: "../../Dockerfile" entrypoint: "/rules-transform-entrypoint.sh" env: - GITHUB_TOKEN: ${{ inputs.github_token }} + TRESTLEBOT_REPO_ACCESS_TOKEN: ${{ inputs.github_token }} branding: icon: "check" diff --git a/actions/sync-upstreams/README.md b/actions/sync-upstreams/README.md index 65854f25..7201520d 100644 --- a/actions/sync-upstreams/README.md +++ b/actions/sync-upstreams/README.md @@ -24,7 +24,9 @@ name: Example Workflow | --- | --- | --- | --- | | sources | A newline separated list of upstream sources to sync with a repo@branch format. For example, `https://github.com/myorg/myprofiles@main` | None | True | | dry_run | Runs tasks without pushing changes to the repository. | false | False | -| github_token | GitHub token used to make authenticated API requests | None | False | +| github_token | "GitHub token used to make authenticated API requests. +Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do nothardcode the token." + | None | False | | include_model_names | Comma-separated glob pattern list of model names (i.e. trestle directory name) to include in the sync. For example, `*framework-v2`. Defaults to include all model names. | None | False | | exclude_model_names | Comma-separated glob pattern of model names (i.e. trestle directory name) to exclude from the sync. For example, `*framework-v1`. Defaults to skip no model names. | None | False | | skip_validation | Skip validation of the upstream OSCAL content. Defaults to false | false | False | diff --git a/actions/sync-upstreams/action.yml b/actions/sync-upstreams/action.yml index ceb4dbfa..e09a909f 100644 --- a/actions/sync-upstreams/action.yml +++ b/actions/sync-upstreams/action.yml @@ -11,7 +11,9 @@ inputs: required: false default: "false" github_token: - description: "GitHub token used to make authenticated API requests" + description: | + "GitHub token used to make authenticated API requests. + Note: You should use a defined secret like "secrets.GITHUB_TOKEN" in your workflow file, do nothardcode the token." required: false include_model_names: description: "Comma-separated glob pattern list of model names (i.e. trestle directory name) to include in the sync. For example, `*framework-v2`. Defaults to include all model names." @@ -80,7 +82,7 @@ runs: image: "../../Dockerfile" entrypoint: "/sync-upstreams-entrypoint.sh" env: - GITHUB_TOKEN: ${{ inputs.github_token }} + TRESTLEBOT_REPO_ACCESS_TOKEN: ${{ inputs.github_token }} branding: icon: "check"