Skip to content

docs: document api-key fallback behavior#671

Open
Thinking-builder wants to merge 1 commit into
step-security:mainfrom
Thinking-builder:docs/improve-harden-runner-api-key-fallback
Open

docs: document api-key fallback behavior#671
Thinking-builder wants to merge 1 commit into
step-security:mainfrom
Thinking-builder:docs/improve-harden-runner-api-key-fallback

Conversation

@Thinking-builder

Copy link
Copy Markdown

Summary

Update the api-key action input description to document its current fallback behavior.

Motivation

Since #665, enabling use-policy-store without an API key no longer fails the action. Harden-Runner emits a warning and defaults to audit mode, but action.yml still says the key is required.

Changes

  • Document the audit-mode fallback in the api-key input description.
  • Keep runtime behavior unchanged.

Validation

  • git diff --check
  • npm test -- --runInBand (67 tests passed)
  • npm run build (passed; no dist/ changes)
  • Parsed action.yml as YAML and checked the updated description
  • npm run lint reports 80 existing errors in unchanged src/ files

Signed-off-by: Thinking-builder <15251793056@163.com>
@cschanhniem

Copy link
Copy Markdown

I reviewed the current action.yml description for api-key:

"StepSecurity API key for authenticating with the policy store. Required when use-policy-store is set to true."

Since #665, enabling use-policy-store without an API key no longer fails the action — it falls back to audit mode with a warning. The description should reflect that.

Suggested replacement:

"StepSecurity API key for authenticating with the policy store. Optional when use-policy-store is set to true — if no key is provided, Harden-Runner emits a warning and defaults to egress-policy: audit. If use-policy-store is false, this input is unused."

This covers: the fallback behavior, the warning, the audit mode default, and the fact that the key is irrelevant when use-policy-store is false.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants