Naming/documentation

dkfellows · dkfellows · commit 36babaf38c2f · 2025-09-03T11:50:14.000+01:00
diff --git a/.github/workflows/scan-for-secrets.yml b/.github/workflows/scan-for-secrets.yml
@@ -12,7 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: Add PR to project
+# This reusable workflow is used to scan for secrets; API keys for various
+# services that shouldn't be made public but instead ought to be handled
+# via the Github Secrets mechanisms.
+#
+# It needs no elevated permissions, and no access to real secrets.
+#
+# It uses the file secrets.baseline.json in the same directory as this
+# workflow to provide a baseline configuration when the user does not
+# specify their own.
+
+name: Scan for Secrets
 on:
   workflow_call:
     inputs:
@@ -32,7 +42,7 @@ on:
 
 jobs:
   check:
-    name: Checking for Secrets
+    name: Checking for Service API Keys
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -43,7 +53,7 @@ jobs:
           path: .uomrit-actions
           repository: UoMResearchIT/actions
           ref: add-secret-scanning # FIXME
-      - name: Scan for Secrets
+      - name: Scan
         uses: secret-scanner/action@0.2.1
         with:
           # Version locked because of bugs
diff --git a/README.md b/README.md
@@ -17,8 +17,6 @@ These are intended for use in many types of project, wherever relevant.
 
 * [`instantiate-file`](instantiate-file) creates a file with a value provided by your workflow.
 
-* ['add_prs_to_project (reusable workflow)](.github/workflows/add_prs_to_project.yml) is a reusable workflow that you can use in your repository to add any PRs assigned to a user to a Project and set the Status in the project to a value of your choosing.
-
 ## Linux runners only
 
 * [`apt-get-install`](apt-get-install) installs packages into Ubuntu runners, allowing for subtleties of installation that have been found to come up with some packages "in the wild".
@@ -29,6 +27,12 @@ These are intended for use in many types of project, wherever relevant.
 
 * [`todo`](todo) finds `FIXME` and `TODO` comments in code.
 
+## Reusable Workflows
+
+* [`add_prs_to_project` (reusable workflow)](.github/workflows/add_prs_to_project.yml) is a reusable workflow that you can use in your repository to add any PRs assigned to a user to a Project and set the Status in the project to a value of your choosing.
+
+* [`scan-for-secrets` (reusable workflow)](.github/workflows/scan-for-secrets.yml) is a reusable workflow that you can use in your repository to scan for API keys (e.g., for AWS) that your code accidentally exposes.
+
 # Language-Specific Tools
 
 These often have platform requirements for their runners. You can always have several jobs in a workflow to allow the use of Linux runners in an otherwise Windows-specific build scheme.
