update docs for release v0.3.0 (#15)

update docs

Signed-off-by: Jakub Jarosz <j.jarosz@f5.com>

Author: jjngx

.github/actions/assertion/README.md

@@ -121,7 +121,7 @@ uses: nginxinc/compliance-rules/.github/workflows/codeql.yml@<git_tag>
 
 ### Data flow
 
-![assertion](img/assertion3.png)
+![assertion](img/assertion-action.png)
 
 #### GitHub Action Assertion - Configuration
 
@@ -137,15 +137,17 @@ The full list of required variables:
 - `builder-id` - github.com
 - `builder-version`
 - `invocation-id` - unique id for the build pipeline
-- `artifactory-user`
-- `artifactory-api-token`
-- `artifactory-url`
-- `artifactory-repo` - Artifactory repository used for pulling build dependencies, for example 'f5-nginx-go-local-approved-dependency'
+- `artifactory-user` - `ARTIFACTORY_USER` stored in github org secrets (`secrets.ARTIFACTORY_USER`)
+- `artifactory-api-token` - `ARTIFACTORY_TOKEN` stored in github org secrets (`secrets.ARTIFACTORY_TOKEN`)
+- `artifactory-url` - `ARTIFACTORY_URL` stored in github org secrets (`secrets.ARTIFACTORY_URL`)
+- `artifactory-repo` - Artifactory repository used for pulling build dependencies - for example `f5-nginx-go-local-approved-dependency`
 - `assertion-doc-file` - file generated by the action `assertion_${{ unique identifier }}.json`
 - `build-content-path` - file containing output from `go version -m` command executed against the binary
+- `started-on` - start time
+- `finished-on` - end time
 - `log-level` - setup log level for assertion action. Default value: `INFO`. Allowed values `DEBUG`, `WARN`, `ERROR`.
 
-After successful run the action produces an assertion document in JSON format. The document needs to be signed and stored for further processing.
+After successful run the action produces an assertion document in JSON format. The Sign Action takes the document, signes it, and stores in GitHub storage.
 
 Example:
 
@@ -154,8 +156,8 @@ Example:
       id: assertiondoc
       uses: nginxinc/compliance-rules/.github/actions/assertion@<git-tag>
       with:
-        artifact-name: ptdcli_${{ github.ref_name }}
-        artifact-digest: 'test-digest'
+        artifact-name: ${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_number }}_${{ matrix.gateway.os }}_${{ matrix.gateway.arch }}
+        artifact-digest: ${{ matrix.gateway.digest }}
         build-type: 'github'
         builder-id: 'github.com'
         builder-version: '0.1.0-xyz'
@@ -164,14 +166,16 @@ Example:
         artifactory-api-token: ${{ secrets.ARTIFACTORY_TOKEN }}
         artifactory-url: ${{ secrets.ARTIFACTORY_URL }}
         artifactory-repo: 'f5-nginx-go-local-approved-dependency'
-        assertion-doc-file: assertion_ptdcli_${{ github.ref_name }}.json
+        assertion-doc-file: assertion_${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_id }}_${{ github.run_number }}_${{ matrix.gateway.os }}_${{ matrix.gateway.arch }}.json
         build-content-path: ${{ steps.godeps.outputs.goversionm }}
+        started-on: ${{ github.event.head_commit.timestamp || github.event.created_at }}
+        finished-on: ${{ github.event.head_commit.timestamp || github.event.created_at }}
         log-level: 'DEBUG'
 ```
 
 #### GitHub Action Sign - Configuration
 
-The `Sign` action takes a path to the generated assertion document, signs the document and stores it in GitHub.
+The `Sign` action takes a path to the generated assertion document, signs it, and stores signed doc in GitHub.
 
 The list of required variables:
 
@@ -186,3 +190,4 @@ Example:
       with:
         assertion-doc: ${{ steps.assertiondoc.outputs.assertion-document-path }}
 ```
+