Juggle inputs

action.yml

@@ -23,33 +23,23 @@ inputs:
     required: true
 
   ### Typical / recommended
+  name:
+    description: Name that will be used in any issues artifacts; e.g. ZAP pen tests
   parameters:
-    description: Template parameters/variables to pass (e.g. -p ZONE=...)
+    description: Template parameters/variables to pass; e.g. -p ZONE=...
   penetration_test:
     description: Run a ZAProxy penetration test against any routes? [true|false]
-  penetration_test_fail:
-    description: Allow ZAProxy alerts to fail the workflow? [true|false]
-    default: "false"
-  penetration_test_artifact:
-    description: Provide a name to attach ZAProxy scan artifacts to workflows; e.g. frontend, backend
-    default: "unnamed"
-  penetration_test_issue:
-    description: Provide a name to enable ZAProxy issue creation; e.g. frontend, backend
-    default: ""
+  penetration_test_token:
+    description: Specify token (GH or PAT), instead of inheriting one from the calling workflow
+    default: ${{ github.token }}
   timeout:
     description: Timeout for deployment. [default=15m]
     default: "15m"
   triggers:
     description: Omit to always build, otherwise trigger by path; e.g. ('./backend/', './frontend/)
   verification_path:
-    description: Sets the health endpoint to be used during check stage, does not require the '/' at the begining
+    description: Sets the health endpoint to be used during verificatoin, does not require '/' at the begining; e.g. api
     default: ""
-  verification_retry_attempts:
-    description: Number of times to attempt deployment verification
-    default: "3"
-  verification_retry_seconds:
-    description: Seconds to wait between deployment verification attempts
-    default: "10"
 
   ### Usually a bad idea / not recommended
   diff_branch:
@@ -58,9 +48,24 @@ inputs:
   repository:
     description: Optionally, specify a different repo to clone
     default: ${{ github.repository }}
-  penetration_test_token:
-    description: Specify token (GH or PAT), instead of inheriting one from the calling workflow
-    default: ${{ github.token }}
+  penetration_test_fail:
+    description: Allow ZAProxy alerts to fail the workflow? Caution, very annoying!  [true|false]
+    default: "false"
+  verification_retry_attempts:
+    description: Number of times to attempt deployment verification
+    default: "3"
+  verification_retry_seconds:
+    description: Seconds to wait between deployment verification attempts
+    default: "10"
+
+  ### Deprecated / to remove
+  # Both replaced by `penetration_test_name`, used for issues and artifacts
+  penetration_test_issue:
+    description: Provide a name to attach ZAProxy scan artifacts to workflows; e.g. frontend, backend
+    default: "unnamed"
+  penetration_test_artifact:
+    description: Provide a name to enable ZAProxy issue creation; e.g. frontend, backend
+    default: ""
 
 runs:
   using: composite
@@ -196,9 +201,9 @@ runs:
         cmd_options: "-a"
         fail_action: "${{ inputs.penetration_test_fail }}"
         # allow_... is purposefully obscured - if a title is provided, then = true
-        allow_issue_writing: "${{ inputs.penetration_test_issue && true || false }}"
-        artifact_name: "zap_${{ inputs.penetration_test_artifact }}"
-        issue_title: "ZAP: ${{ inputs.penetration_test_issue }}"
+        allow_issue_writing: "${{ inputs.name && true || false }}"
+        artifact_name: "zap_${{ inputs.name }}"
+        issue_title: "ZAP: ${{ inputs.name }}"
 
     # Action repo needs to be present for cleanup/tests
     - name: Checkout to make sure action.yml is present (tests)