address review

README.md

@@ -207,6 +207,11 @@ called `ssdlc_compliance_report.md`.
   uses: mongodb-labs/drivers-github-tools/compliance-report@v2
 ```
 
+There are several ways to specify the security report:
+- By specifying an absolute URL starting with https
+- By specifying a relative path, which is then linked to the corresponding git blob for the tagged version
+- By adding the `security-report-url` to the AWS Secrets Vault
+
 ## Full Report
 
 This action is a convenience function to handle all of the SSDLC reports and put them

compliance-report/generate.sh

@@ -21,7 +21,7 @@ elif [ -n "$SECURITY_REPORT_URL" ]; then
     SECURITY_REPORT="See $SECURITY_REPORT_URL"
 fi
 
-cat << EOF >> ${S3_ASSETS}/ssdlc_compliance_report.md
+cat << EOF >> ${S3_ASSETS}/ssdlc_compliance_report.txt
 Release Creator
 ${RELEASE_CREATOR}
 
@@ -42,6 +42,4 @@ ${SECURITY_REPORT}
 
 Known Vulnerabilities
 Any vulnerabilities that may be shown in the files referenced above have been reviewed and accepted by the appropriate approvers.
-EOF
-
-cat ${S3_ASSETS}/ssdlc_compliance_report.md
+EOF

setup/setup.sh

@@ -11,7 +11,10 @@ for var in $vars; do
 done
 
 echo "::group::Set up artifactory"
-ARTIFACTORY_USERNAME=${ARTIFACTORY_USERNAME_INPUT:-ARTIFACTORY_USERNAME}
+ARTIFACTORY_USERNAME=${ARTIFACTORY_USERNAME}
+if [ -n "${ARTIFACTORY_USERNAME_INPUT}" ]; then
+  ARTIFACTORY_USERNAME=$ARTIFACTORY_USERNAME_INPUT
+fi
 echo $ARTIFACTORY_PASSWORD | podman login -u $ARTIFACTORY_USERNAME --password-stdin $ARTIFACTORY_REGISTRY
 echo "::endgroup::"