Documentation updates (#6)

- Sentence structure
- Use MONDOO_CLIENT_ACCOUNT as the secret name not MONDOO_AGENT_ACCOUNT.
  This isn't an actual env var so the name isn't super critical, but we
should align with product branding here
- Update the instructions and screenshot for secret setup
- Make sure the user base64 encodes their service account credentials.
  If they don't it won't work.

Signed-off-by: Tim Smith <[email protected]>

README.md

@@ -2,39 +2,39 @@
 
 With the Mondoo [GitHub Action](https://github.com/features/actions) you can scan Kubernetes manifests and Terraform configuration files for common security misconfigurations. These results are available in the GitHub Actions UI as well as the Mondoo console.
 
-## Mondoo Service Account Setup
+## Securely Store Credentials
 
-To fetch polices and send scan results to the Mondoo Platform you'll need to configure a Mondoo service account in your GitHub repository. This account should be securely stored using a [GitHub Actions Secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository).
+To fetch polices and send scan results to the Mondoo Platform, configure a Mondoo service account in your GitHub repository. Store this account securely using a [GitHub Actions Secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository).
 
-In the Mondoo console go to Settings -> Service Accounts and click Add Acccount:
+In the Mondoo console, go to Settings -> Service Accounts and click Add Acccount:
 ![Service Accounts Page](/assets/service_account.png)
 
-In the left menu select Download Credentials, click Generate New Credentials and copy the generated credentials:
+In the left menu, select Download Credentials, check Base64-encoded, click Generate New Credentials, and copy the generated credentials:
 ![Generate Credentials](/assets/credentials.png)
 
-In your GitHub repo go to Settings -> Secrets and create a new secret named "MONDOO_AGENT_ACCOUNT" with the contents you copied from the Mondoo Console:
+In your GitHub repo, go to Settings -> Secrets -> Actions and click New repository secret. Create a new secret named "MONDOO_CLIENT_ACCOUNT" with the contents you copied from the Mondoo Console:
 ![Generate Credentials](/assets/secret.png)
 
-## Configuration Options
+## Workflow Configuration Options
 
 The Mondoo GitHub Action has three required `with` values that must be set in your workflow configuration file:
 
 **service_account_credentials**
 
-The Mondoo service account credentials. These should be stored in a GitHub secret and not set in the workflow configuration file directly. Once a secret is setup as shown above you can reference that secret in your workflow configuration file as `${{ secrets.MONDOO_AGENT_ACCOUNT }}`.
+The Mondoo service account credentials. Store these in a GitHub secret. Do not set them directly in the workflow configuration file. Once a secret is set up (as shown above) you can reference that secret in your workflow configuration file as `${{ secrets.MONDOO_CLIENT_ACCOUNT }}`.
 
 **scan_type**
 
 The type of Mondoo scan to perform:
 
-- `docker_image_from_dockerfile` for scanning of Docker images from a Dockerfile. Note: This will build and then scan the image which make be a lengthy process.
-- `docker_image` for scanning of Docker images from a Docker registry or from earlier GitHub actions steps.
-- `k8s` for Kubernetes Manifest scanning.
+- `k8s` for Kubernetes manifest scanning.
 - `tf` for Terraform configuration file scanning.
+- `docker_image` for scanning of Docker images from a Docker registry or from earlier GitHub actions steps.
+- `docker_image_from_dockerfile` for scanning of Docker images from a Dockerfile. Note: This will build and then scan the image which make be a lengthy process.
 
 **path**
 
-The file to scan with Mondoo or the path to the Dockerfile if `scan_type` is set to `docker_image_from_dockerfile`. ex: `nginx.yml` or `Dockerfile`
+The file to scan with Mondoo or, if `scan_type` is set to `docker_image_from_dockerfile`, the path to the Dockerfile. Examples: `nginx.yml` or `Dockerfile`
 
 **docker_image_name**
 
@@ -45,7 +45,7 @@ The container image name to scan when `scan_type` is set to `docker_image`. ex:
 Simple scan of nginx.yml Kubernetes manifest:
 
 ```yaml
-name: mondoo
+name: mondoo-scan
 
 on:
   pull_request:
@@ -61,7 +61,7 @@ jobs:
       - name: Scan with Mondoo
         uses: mondoohq/actions@main
         with:
-          service_account_credentials: ${{ secrets.MONDOO_AGENT_ACCOUNT }}
+          service_account_credentials: ${{ secrets.MONDOO_CLIENT_ACCOUNT }}
           scan_type: k8s
           path: nginx.yml
 ```
@@ -85,12 +85,12 @@ jobs:
       - name: Scan with Mondoo
         uses: mondoohq/actions@main
         with:
-          service_account_credentials: ${{ secrets.MONDOO_AGENT_ACCOUNT }}
+          service_account_credentials: ${{ secrets.MONDOO_CLIENT_ACCOUNT }}
           scan_type: docker_image_from_dockerfile
           path: Dockerfile
 ```
 
-Scan a docker container from a previous built image or image in a registry:
+Scan a Docker image from a previous built image or image in a registry:
 
 ```yaml
 name: mondoo-scan
@@ -109,7 +109,7 @@ jobs:
       - name: Scan with Mondoo
         uses: mondoohq/actions@main
         with:
-          service_account_credentials: ${{ secrets.MONDOO_AGENT_ACCOUNT }}
+          service_account_credentials: ${{ secrets.MONDOO_CLIENT_ACCOUNT }}
           scan_type: docker_image
           docker_image_name: ubuntu:22.04
 ```