From c5448c4e09c081c93dec6de99a72f2e61f2208e0 Mon Sep 17 00:00:00 2001
From: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Date: Thu, 26 Oct 2023 18:38:14 +0200
Subject: [PATCH] chore: Documentation updates

---
 README.md                        | 48 +++++++++++++++++++++---------
 doc-resources/repo-intro.md      | 50 +++++++++++++++++++++++---------
 doc-resources/template-values.md | 17 +++++++++++
 setup/dist/index.js              |  4 +++
 setup/src/setup.ts               |  6 +++-
 5 files changed, 97 insertions(+), 28 deletions(-)

diff --git a/README.md b/README.md
index 6dfdc5e..7cd78ec 100644
--- a/README.md
+++ b/README.md
@@ -15,33 +15,33 @@ The [Fortify github-action repository]({{repo-url}}) hosts various Fortify-relat
 
 **Fortify on Demand**
 
-* [`https://github.com/fortify-ps/github-action@<version>`](#primary-action)  
+* [`fortify/github-action@v1`](#primary-action)  
   For now, this action provides the same functionality as the `fod-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other FoD actions.
-* [`https://github.com/fortify-ps/github-action/fod-sast-scan@<version>`](#fod-sast-scan-action)  
+* [`fortify/github-action/fod-sast-scan@v1`](#fod-sast-scan-action)  
   Package source code, submit SAST scan request to Fortify on Demand, optionally wait for completion and export results back to the GitHub Security dashboard.
-* [`https://github.com/fortify-ps/github-action/package@<version>`](#package-action)  
+* [`fortify/github-action/package@v1`](#package-action)  
   Package source code for running a SAST scan, using the latest version of ScanCentral Client.
-* [`https://github.com/fortify-ps/github-action/fod-export@<version>`](#fod-export-action)  
+* [`fortify/github-action/fod-export@v1`](#fod-export-action)  
   Export vulnerability data from Fortify on Demand to the GitHub Security dashboard.
-* [`https://github.com/fortify-ps/github-action/setup@<version>`](#setup-action)  
+* [`fortify/github-action/setup@v1`](#setup-action)  
   Install various Fortify tools like [fcli](https://github.com/fortify/fcli), [ScanCentral Client](https://www.microfocus.com/documentation/fortify-software-security-center/2310/SC_SAST_Help_23.1.0/index.htm#A_Clients.htm), [FortifyVulnerabilityExporter](https://github.com/fortify/FortifyVulnerabilityExporter) and [FortifyBugTrackerUtility](https://github.com/fortify-ps/FortifyBugTrackerUtility) for use in your pipeline
   
 **SSC / ScanCentral SAST/ ScanCentral DAST**
 
-* [`https://github.com/fortify-ps/github-action@<version>`](#primary-action)  
+* [`fortify/github-action@v1`](#primary-action)  
   For now, this action provides the same functionality as the `ssc-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other SSC / ScanCentral actions.
-* [`https://github.com/fortify-ps/github-action/sc-sast-scan@<version>`](#sc-sast-scan-action)  
+* [`fortify/github-action/sc-sast-scan@v1`](#sc-sast-scan-action)  
   Package source code, submit SAST scan request to ScanCentral SAST, optionally wait for completion and export results back to the GitHub Security dashboard.
-* [`https://github.com/fortify-ps/github-action/package@<version>`](#package-action)  
+* [`fortify/github-action/package@v1`](#package-action)  
   Package source code for running a SAST scan, using the latest version of ScanCentral Client.
-* [`https://github.com/fortify-ps/github-action/ssc-export@<version>`](#ssc-export-action)  
+* [`fortify/github-action/ssc-export@v1`](#ssc-export-action)  
   Export vulnerability data from Fortify Software Security Center (SSC) to the GitHub Security dashboard.
-* [`https://github.com/fortify-ps/github-action/setup@<version>`](#setup-action)  
+* [`fortify/github-action/setup@v1`](#setup-action)  
   Install various Fortify tools like [fcli](https://github.com/fortify/fcli), [ScanCentral Client](https://www.microfocus.com/documentation/fortify-software-security-center/2310/SC_SAST_Help_23.1.0/index.htm#A_Clients.htm), [FortifyVulnerabilityExporter](https://github.com/fortify/FortifyVulnerabilityExporter) and [FortifyBugTrackerUtility](https://github.com/fortify-ps/FortifyBugTrackerUtility) for use in your pipeline
 
 ## Primary action
 
-The primary `fortify/github-action` currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST; future versions may add support for other activities like running DAST scans. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables.
+The primary `fortify/github-action@v1` currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST; future versions may add support for other activities like running DAST scans. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables.
 
 ### Action inputs
 
@@ -50,8 +50,8 @@ If not specified or when set to false, no SAST scan will be performed. When set
 
 To successfully perform the SAST scan, additional environment variables will need to be configured on the action as listed in these sections:
 
-* Fortify on Demand: [`https://github.com/fortify-ps/github-action/fod-sast-scan@<version>`](#fod-sast-scan-action)
-* ScanCentral SAST: [`https://github.com/fortify-ps/github-action/sc-sast-scan@<version>`](#sc-sast-scan-action)
+* Fortify on Demand: [`fortify/github-action/fod-sast-scan@v1`](#fod-sast-scan-action)
+* ScanCentral SAST: [`fortify/github-action/sc-sast-scan@v1`](#sc-sast-scan-action)
 
 ### Sample workflows
 
@@ -129,24 +129,46 @@ The sample workflow below demonstrates how to configure the action for installin
 
 ## package action
 
+This action packages source code to be scanned on Fortify on Demand or ScanCentral SAST.
+
+TODO
+
+### Action environment variable inputs
+
 TODO
 
 ## fod-sast-scan action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 ## fod-export action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 ## sc-sast-scan action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 ## ssc-export action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 <!-- END-INCLUDE:repo-intro.md -->
 
 
diff --git a/doc-resources/repo-intro.md b/doc-resources/repo-intro.md
index 92d8f73..43559f5 100644
--- a/doc-resources/repo-intro.md
+++ b/doc-resources/repo-intro.md
@@ -2,33 +2,33 @@ The [Fortify github-action repository]({{repo-url}}) hosts various Fortify-relat
 
 **Fortify on Demand**
 
-* [`{{var:repo-url}}@<version>`](#primary-action)  
+* [`fortify/github-action@{{var:action-major-version}}`](#primary-action)  
   For now, this action provides the same functionality as the `fod-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other FoD actions.
-* [`{{var:repo-url}}/fod-sast-scan@<version>`](#fod-sast-scan-action)  
+* [`fortify/github-action/fod-sast-scan@{{var:action-major-version}}`](#fod-sast-scan-action)  
   Package source code, submit SAST scan request to Fortify on Demand, optionally wait for completion and export results back to the GitHub Security dashboard.
-* [`{{var:repo-url}}/package@<version>`](#package-action)  
+* [`fortify/github-action/package@{{var:action-major-version}}`](#package-action)  
   Package source code for running a SAST scan, using the latest version of ScanCentral Client.
-* [`{{var:repo-url}}/fod-export@<version>`](#fod-export-action)  
+* [`fortify/github-action/fod-export@{{var:action-major-version}}`](#fod-export-action)  
   Export vulnerability data from Fortify on Demand to the GitHub Security dashboard.
-* [`{{var:repo-url}}/setup@<version>`](#setup-action)  
+* [`fortify/github-action/setup@{{var:action-major-version}}`](#setup-action)  
   Install various Fortify tools like [fcli](https://github.com/fortify/fcli), [ScanCentral Client](https://www.microfocus.com/documentation/fortify-software-security-center/2310/SC_SAST_Help_23.1.0/index.htm#A_Clients.htm), [FortifyVulnerabilityExporter](https://github.com/fortify/FortifyVulnerabilityExporter) and [FortifyBugTrackerUtility](https://github.com/fortify-ps/FortifyBugTrackerUtility) for use in your pipeline
   
 **SSC / ScanCentral SAST/ ScanCentral DAST**
 
-* [`{{var:repo-url}}@<version>`](#primary-action)  
+* [`fortify/github-action@{{var:action-major-version}}`](#primary-action)  
   For now, this action provides the same functionality as the `ssc-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other SSC / ScanCentral actions.
-* [`{{var:repo-url}}/sc-sast-scan@<version>`](#sc-sast-scan-action)  
+* [`fortify/github-action/sc-sast-scan@{{var:action-major-version}}`](#sc-sast-scan-action)  
   Package source code, submit SAST scan request to ScanCentral SAST, optionally wait for completion and export results back to the GitHub Security dashboard.
-* [`{{var:repo-url}}/package@<version>`](#package-action)  
+* [`fortify/github-action/package@{{var:action-major-version}}`](#package-action)  
   Package source code for running a SAST scan, using the latest version of ScanCentral Client.
-* [`{{var:repo-url}}/ssc-export@<version>`](#ssc-export-action)  
+* [`fortify/github-action/ssc-export@{{var:action-major-version}}`](#ssc-export-action)  
   Export vulnerability data from Fortify Software Security Center (SSC) to the GitHub Security dashboard.
-* [`{{var:repo-url}}/setup@<version>`](#setup-action)  
+* [`fortify/github-action/setup@{{var:action-major-version}}`](#setup-action)  
   Install various Fortify tools like [fcli](https://github.com/fortify/fcli), [ScanCentral Client](https://www.microfocus.com/documentation/fortify-software-security-center/2310/SC_SAST_Help_23.1.0/index.htm#A_Clients.htm), [FortifyVulnerabilityExporter](https://github.com/fortify/FortifyVulnerabilityExporter) and [FortifyBugTrackerUtility](https://github.com/fortify-ps/FortifyBugTrackerUtility) for use in your pipeline
 
 ## Primary action
 
-The primary `fortify/github-action` currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST; future versions may add support for other activities like running DAST scans. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables.
+The primary `fortify/github-action@{{var:action-major-version}}` currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST; future versions may add support for other activities like running DAST scans. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables.
 
 ### Action inputs
 
@@ -37,8 +37,8 @@ If not specified or when set to false, no SAST scan will be performed. When set
 
 To successfully perform the SAST scan, additional environment variables will need to be configured on the action as listed in these sections:
 
-* Fortify on Demand: [`{{var:repo-url}}/fod-sast-scan@<version>`](#fod-sast-scan-action)
-* ScanCentral SAST: [`{{var:repo-url}}/sc-sast-scan@<version>`](#sc-sast-scan-action)
+* Fortify on Demand: [`fortify/github-action/fod-sast-scan@{{var:action-major-version}}`](#fod-sast-scan-action)
+* ScanCentral SAST: [`fortify/github-action/sc-sast-scan@{{var:action-major-version}}`](#sc-sast-scan-action)
 
 ### Sample workflows
 
@@ -100,7 +100,7 @@ The sample workflow below demonstrates how to configure the action for installin
 ```yaml
     steps:    
       - name: Setup Fortify tools
-        uses: fortify/github-action/setup@v1
+        uses: fortify/github-action/setup@{{var:action-major-version}}
         with:
           export-path: true
           fcli: latest
@@ -116,20 +116,42 @@ The sample workflow below demonstrates how to configure the action for installin
 
 ## package action
 
+This action packages source code to be scanned on Fortify on Demand or ScanCentral SAST.
+
+TODO
+
+### Action environment variable inputs
+
 TODO
 
 ## fod-sast-scan action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 ## fod-export action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 ## sc-sast-scan action
 
 TODO
 
+### Action environment variable inputs
+
+TODO
+
 ## ssc-export action
 
 TODO
+
+### Action environment variable inputs
+
+TODO
diff --git a/doc-resources/template-values.md b/doc-resources/template-values.md
index 0936193..3c7975f 100644
--- a/doc-resources/template-values.md
+++ b/doc-resources/template-values.md
@@ -7,3 +7,20 @@ https://github.com/fortify-ps/github-action
 # copyright-years
 {{var:current-year}}
 
+# action-major-version
+v1
+
+# action-fcli-version
+2.0.0
+
+# action-sc-client-version
+23.1.0
+
+# action-vuln-exporter-version
+2.0.4
+
+# action-fod-uploader-version
+5.4.0
+
+# action-bugtracker-utility-version
+4.12
\ No newline at end of file
diff --git a/setup/dist/index.js b/setup/dist/index.js
index d08bf27..8de74bb 100644
--- a/setup/dist/index.js
+++ b/setup/dist/index.js
@@ -6589,6 +6589,10 @@ const tc = __importStar(__nccwpck_require__(7784));
 const exec = __importStar(__nccwpck_require__(1514));
 const fs = __importStar(__nccwpck_require__(3994));
 const crypto = __importStar(__nccwpck_require__(5764));
+// IMPORTANT: When updating "action-default" versions in the TOOLS record,
+//            please make sure to update doc-resources/template-values.md
+//            accordingly to allow for proper version-specific links in
+//            the action documentation.  
 const TOOLS = {
     "fcli": {
         "versionAliases": { "action-default": "2.0.0", "latest": "2.0.0" },
diff --git a/setup/src/setup.ts b/setup/src/setup.ts
index 1c3207a..63542b1 100644
--- a/setup/src/setup.ts
+++ b/setup/src/setup.ts
@@ -3,7 +3,11 @@ import * as tc from '@actions/tool-cache';
 import * as exec from '@actions/exec';
 import * as fs from 'node:fs';
 import * as crypto from 'node:crypto';
-      
+
+// IMPORTANT: When updating "action-default" versions in the TOOLS record,
+//            please make sure to update doc-resources/template-values.md
+//            accordingly to allow for proper version-specific links in
+//            the action documentation.  
 const TOOLS: Record<string, Record<string, Record<string, string>>> = {
 	"fcli": { 
 		"versionAliases": {"action-default": "2.0.0", "latest": "2.0.0"},