Skip to content

Commit fb7badb

Browse files
timoschdtimoschd
committed
updated deployment Readmes
1 parent 4934503 commit fb7badb

File tree

3 files changed

+33
-28
lines changed

3 files changed

+33
-28
lines changed

.github/workflows/README.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,22 +15,22 @@ The `docker-publish.yml` workflow automatically builds and publishes Docker imag
1515
- Log in to Docker Hub
1616
- Go to Account Settings → Security → New Access Token
1717
- Name: `github-actions`
18-
- Permissions: **Read & Write** (Read, Write, Delete is also fine but not required)
18+
- Permissions: **Read & Write**
1919
- Copy the token (you won't see it again!)
2020

21-
**Note**: If you get a "Forbidden" error when updating the README, ensure:
22-
- The token has **Read & Write** permissions
23-
- You're using a **Personal Access Token** (not a password)
24-
- The token hasn't expired
25-
2621
3. **Configure GitHub Secrets**:
2722

2823
Go to your GitHub repository → Settings → Secrets and variables → Actions, and add:
2924

30-
| Secret Name | Description | Example Value |
31-
| -------------------- | ------------------------------ | ------------------ |
32-
| `DOCKERHUB_USERNAME` | Your Docker Hub username | `yourusername` |
33-
| `DOCKERHUB_TOKEN` | Docker Hub access token | `dckr_pat_xxx...` |
25+
| Secret Name | Description | Example Value |
26+
| ---------------------- | ---------------------------------------- | ------------------ |
27+
| `DOCKERHUB_USERNAME` | Your Docker Hub username | `yourusername` |
28+
| `DOCKERHUB_TOKEN` | Docker Hub access token (for image push) | `dckr_pat_xxx...` |
29+
| `DOCKERHUB_PASSWORD` | Your Docker Hub password (for README sync) | `your-password` |
30+
31+
**Note**: The README sync feature requires your actual Docker Hub **password**, not an access token.
32+
This is a limitation of the Docker Hub API. If you prefer not to store your password in GitHub Secrets,
33+
you can manually update the README on Docker Hub's website instead.
3434

3535
4. **Push to trigger build**:
3636
```bash

.github/workflows/SECRETS.md

Lines changed: 22 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -10,31 +10,36 @@ Configure these in your GitHub repository: **Settings → Secrets and variables
1010

1111
Required for the `docker-publish.yml` workflow:
1212

13-
| Secret Name | Description | How to Get |
14-
| -------------------- | ------------------------------ | ----------------------------------------------------------------------------------------------- |
15-
| `DOCKERHUB_USERNAME` | Your Docker Hub username | Your Docker Hub account username |
16-
| `DOCKERHUB_TOKEN` | Docker Hub access token | Docker Hub → Account Settings → Security → New Access Token (with Read, Write, Delete permissions) |
13+
| Secret Name | Description | How to Get |
14+
| -------------------- | ---------------------------------------- | ----------------------------------------------------------------------------------------------- |
15+
| `DOCKERHUB_USERNAME` | Your Docker Hub username | Your Docker Hub account username |
16+
| `DOCKERHUB_TOKEN` | Docker Hub access token (for image push) | Docker Hub → Account Settings → Security → New Access Token (with Read & Write permissions) |
17+
| `DOCKERHUB_PASSWORD` | Your Docker Hub password (for README sync) | Your actual Docker Hub account password (required for README updates via API) |
18+
19+
**Note**: The README sync feature requires your actual password due to Docker Hub API limitations. If you prefer not to store your password, you can remove the "Update Docker Hub description" step from the workflow and manually update the README on Docker Hub's website.
1720

1821
### For Cloud Run Deployment (Workload Identity Federation - Recommended)
1922

20-
| Secret Name | Description | How to Get |
21-
| --------------------- | -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
22-
| `GCP_PROJECT_ID` | Your GCP project ID | `gcloud config get-value project` |
23-
| `WIF_PROVIDER` | Workload Identity Federation provider resource name | Format: `projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_NAME/providers/PROVIDER_NAME` |
24-
| `WIF_SERVICE_ACCOUNT` | Service account email for Workload Identity Federation | Format: `SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com` |
25-
| `BIGQUERY_PROJECT` | BigQuery project ID (can be same or different from GCP) | Your BigQuery project ID |
26-
| `BIGQUERY_LOCATION` | BigQuery location/region | e.g., `us-central1`, `europe-west4`, `asia-northeast1` |
23+
| Name | Type | Description | How to Get |
24+
| --------------------- | ---- | -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
25+
| `GCP_PROJECT_ID` | Variable | Your GCP project ID | `gcloud config get-value project` |
26+
| `WIF_PROVIDER` | Secret | Workload Identity Federation provider resource name | Format: `projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_NAME/providers/PROVIDER_NAME` |
27+
| `WIF_SERVICE_ACCOUNT` | Secret | Service account email for Workload Identity Federation | Format: `SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com` |
28+
| `BIGQUERY_PROJECT` | Variable | BigQuery project ID (can be same or different from GCP) | Your BigQuery project ID |
29+
| `BIGQUERY_LOCATION` | Variable | BigQuery location/region | e.g., `us-central1`, `europe-west4`, `asia-northeast1` |
30+
31+
**Note**: Project IDs and locations are not sensitive and can be stored as **Variables** instead of **Secrets** for better visibility. Go to **Settings → Secrets and variables → Actions → Variables tab** to add them.
2732

2833
### For Service Account Key (Alternative)
2934

3035
If not using Workload Identity Federation, use these instead:
3136

32-
| Secret Name | Description | How to Get |
33-
| ------------------- | ------------------------------------ | ----------------------------------------------------------------------------------------------- |
34-
| `GCP_PROJECT_ID` | Your GCP project ID | `gcloud config get-value project` |
35-
| `GCP_SA_KEY` | Service account JSON key (base64) | Create key, then: `cat key.json \| base64` |
36-
| `BIGQUERY_PROJECT` | BigQuery project ID | Your BigQuery project ID |
37-
| `BIGQUERY_LOCATION` | BigQuery location/region | e.g., `us-central1`, `europe-west4` |
37+
| Name | Type | Description | How to Get |
38+
| ------------------- | ---- | ------------------------------------ | ----------------------------------------------------------------------------------------------- |
39+
| `GCP_PROJECT_ID` | Variable | Your GCP project ID | `gcloud config get-value project` |
40+
| `GCP_SA_KEY` | Secret | Service account JSON key (base64) | Create key, then: `cat key.json \| base64` |
41+
| `BIGQUERY_PROJECT` | Variable | BigQuery project ID | Your BigQuery project ID |
42+
| `BIGQUERY_LOCATION` | Variable | BigQuery location/region | e.g., `us-central1`, `europe-west4` |
3843

3944
## Optional Secrets
4045

.github/workflows/docker-publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ jobs:
6969
uses: peter-evans/dockerhub-description@v4
7070
with:
7171
username: ${{ secrets.DOCKERHUB_USERNAME }}
72-
password: ${{ secrets.DOCKERHUB_TOKEN }}
72+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
7373
repository: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
7474
short-description: ${{ github.event.repository.description }}
7575
readme-filepath: ./README.md

0 commit comments

Comments
 (0)