Add new deployment troubleshooting steps

Author: cmyers-mieweb

mie-opensource-landing/docs/users/proxmox-launchpad/getting-started.md

@@ -22,11 +22,24 @@ Add these secrets in your repository's **Settings > Secrets and variables > Acti
 
 ## Action Inputs
 
-| Input | Required | Description |
-|-------|----------|-------------|
-| `api_key` | Yes | Bearer token for authenticating with the create-a-container API |
-| `api_url` | Yes | Base URL of the create-a-container server |
-| `template_name` | No | Docker/OCI image reference to deploy (e.g., `ghcr.io/org/app:tag`) |
+| Input | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `api_key` | Yes | — | Bearer token for authenticating with the create-a-container API |
+| `api_url` | Yes | — | Base URL of the create-a-container server |
+| `template_name` | No | — | Docker/OCI image reference to deploy (e.g., `ghcr.io/org/app:tag`). Omit to delete the container. |
+| `container_env_vars` | No | — | Environment variables to set inside the container (JSON string, e.g., `'{"NODE_ENV": "production"}'`) |
+| `services` | No | — | Services configuration (JSON array) |
+| `site_id` | No | `1` | Site ID for the container management system |
+
+## Supported Workflow Events
+
+| Event | Action |
+|-------|--------|
+| `push` | Creates or locates the container for the branch |
+| `create` | Creates a container for the new branch |
+| `pull_request` (opened/synchronize/reopened) | Creates or locates the container for the PR head branch |
+| `pull_request` (closed) | Deletes the container |
+| `delete` | Deletes the container for the deleted branch |
 
 ## Basic Usage
 
@@ -166,10 +179,11 @@ ssh -p <port> <username>@<hostname>.os.mieweb.org
 
 ## Docker Image Requirements
 
-Your Docker image should:
+Your Docker image must:
 
-1. **EXPOSE ports** — Declare which ports your application listens on
-2. **Use the `org.mieweb.opensource-server.services.http.default-port` label** — Specify the primary HTTP port for reverse proxy configuration
+1. **Be publicly accessible** — The create-a-container server pulls images anonymously. If your image is on GHCR, go to **Package settings > Danger Zone > Change visibility > Public**.
+2. **EXPOSE ports** — Declare which ports your application listens on
+3. **Use the `org.mieweb.opensource-server.services.http.default-port` label** — Specify the primary HTTP port for reverse proxy configuration
 
 ```dockerfile
 EXPOSE 3000
@@ -184,11 +198,20 @@ The create-a-container server reads these from the image metadata to configure n
 - Verify `LAUNCHPAD_API_KEY` secret is set correctly
 - Confirm the API key hasn't been revoked
 
+**Deploy step runs but skips container creation:**
+- Check the workflow output for the "Create or Locate Container" step — if it's missing, the action version may not support your event type
+- Ensure you're using the latest version of `mieweb/launchpad@main`
+- Verify the workflow includes the correct `on:` triggers for your use case
+
 **Container not accessible after deploy:**
 - Wait 1-2 minutes for background provisioning to complete
 - Verify your Docker image exposes the correct port
 - Check that the `default-port` label matches your application's listen port
 
+**Container creation fails with `HTTP 401: authentication required`:**
+- The Docker image is private. The server pulls images without credentials, so the package must be public.
+- On GHCR: go to `https://github.com/users/<owner>/packages/container/<image>/settings` → **Danger Zone** → **Change visibility** → **Public**
+
 **Image not found:**
 - Ensure the Docker image was pushed successfully before the deploy step
 - Verify the image tag matches between the build and deploy jobs