github actions setup docs

Author: Mathieu Benoit

README.md

@@ -1,5 +1,7 @@
 # asm-workshop
 
+## About the content of this lab
+
 Put this https://alwaysupalwayson.com/asm-security as a workshop.
 
 1. [ ] Create a GKE cluster
@@ -20,9 +22,11 @@ Further considerations:
 - Multi-cluster?
 - MCP (control/data plane)?
 - Integrate CRfA in there? Or do another similar crfa-workshop?
+- Do a Neos tutorial based on this? Qwiklabs or Codelabs?
 
+## Developer setup
 
-## Build and run this static web site locally
+### Build and run this static web site locally
 
 ```
 git clone --recurse-submodules https://github.com/mathieu-benoit/asm-workshop
@@ -31,6 +35,37 @@ docker build -t asm-workshop .
 docker run -d -p 8080:8080 asm-workshop
 ```
 
-## Configure GitHub action
+### Configure GitHub action
+
+```
+projectId=FIXME
+gcloud config set project $projectId
+
+# Setup Service account
+saName=asm-workshop-gha-cr-push
+saId=$saName@$projectId.iam.gserviceaccount.com
+gcloud iam service-accounts create $saName \
+    --display-name=$saName
+gcloud iam service-accounts keys create ~/tmp/$saName.json \
+    --iam-account $saId
+
+# Setup Artifact Registry
+artifactRegistryName=FIXME
+artifactRegistryLocation=FIXME
+gcloud artifacts repositories add-iam-policy-binding $artifactRegistryName \
+    --project $projectId \
+    --location $artifactRegistryLocation \
+    --member "serviceAccount:$saId" \
+    --role roles/artifactregistry.writer
+gcloud projects add-iam-policy-binding $projectId \
+    --member=serviceAccount:$saId \
+    --role=roles/ondemandscanning.admin
 
-FIXME
+# Setup GitHub actions variables
+gh auth login --web
+gh secret set CONTAINER_REGISTRY_PUSH_PRIVATE_KEY < ~/tmp/$saName.json
+rm ~/tmp/$saName.json
+gh secret set CONTAINER_REGISTRY_PROJECT_ID -b"${projectId}"
+gh secret set CONTAINER_REGISTRY_NAME -b"${artifactRegistryName}"
+gh secret set CONTAINER_REGISTRY_HOST_NAME -b"${artifactRegistryLocation}-docker.pkg.dev"
+```