Merge pull request #46 from smlx/gonew

feat: update README

.github/workflows/ossf-scorecard.yaml

@@ -19,7 +19,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: "Run analysis"
-      uses: ossf/scorecard-action@v2
+      uses: ossf/scorecard-action@v2.3.1
       with:
         results_file: results.sarif
         results_format: sarif

README.md

@@ -9,25 +9,74 @@ It adds basic PR building, dependabot integration, testing, coverage etc.
 
 ### How to use
 
-1. Copy the contents of this repo into a new directory.
-   ```bash
-   git clone [email protected]:smlx/go-cli-github.git $PROJECT_DIR && rm -rf ./$PROJECT_DIR/.git
-   ```
-1. Update the `release` workflow branch from `main` to `foo` to disable it, commit all the files, and push to `main` on a new repo.
-1. Update for your project, send a PR and merge it once green:
+First set up the Github repo
+
+1. Create a new empty Github repository.
+
+Then push some code to main:
+
+1. Install [gonew](https://go.dev/blog/gonew) and run this command, replacing the last argument with the name of your new module:
+
+    ```bash
+    gonew github.com/smlx/go-cli-github github.com/smlx/newproject
+    ```
+
+1. Create the git repo and push to `main` (which will become the default branch):
+
+    ```bash
+    cd newproject
+    git init .
+    git branch -M main
+    git remote add origin [email protected]:smlx/newproject.git
+    git add .
+    git commit -a
+    git push -u origin main
+    ```
+
+Then customize the code for your repository:
+
+1. Check out a new branch to set up the repo `git checkout -b setup`
+
+1. Update the code for your project:
+
     * rename `deploy/go-cli-github` to `deploy/$YOUR_COMMAND`
     * update `deploy/$YOUR_COMMAND/Dockerfile`
     * rename `cmd/go-cli-github` to `cmd/$YOUR_COMMAND`
+    * update module in `cmd/$YOUR_COMMAND/*.go`, `internal/server/serve_test.go`
     * update `.goreleaser.yml` to build `cmd/$YOUR_COMMAND`
     * update the links at the top of the README
-    * update the `build`, `release`, and `tag-to-release` workflows, replacing `go-cli-github` with `$YOUR_COMMAND`
-    * update module in `go.mod` and in `cmd/$YOUR_COMMAND/*.go`, `internal/server/serve_test.go`
+    * update the `build`, `release`, and `tag-to-release` workflows, replacing `go-cli-github` with `$YOUR_COMMAND`.
+
+1. Commit and push:
+
+    ```bash
+    git commit -a
+    git push -u origin setup
+    ```
+1. Open a PR, ensure all the actions are green, then merge the PR.
+
+Configure the repository:
+
 1. Go to repository Settings > General:
-    * Disable wiki and projects
+
+    * Disable wiki and projects (unless you plan to use them!)
     * Allow only merge commits for Pull Requests
     * Allow auto-merge
     * Automatically delete head branches
+
+1. Go to repository Settings > Code security and analysis, and enable:
+
+    * Dependabot alerts
+    * Dependabot security updates
+        * Secret scanning
+            * Push protection
+
+1. Go to repository Settings > Actions > General:
+
+    * Set Workflow permissions to "Read repository contents and package permissions"
+
 1. Go to repository Settings > Branches and add branch protection to `main`, and enable:
+
     * Require a PR before merging
         * Dismiss stale pull request approvals
     * Require status checks to pass before merging
@@ -40,12 +89,5 @@ It adds basic PR building, dependabot integration, testing, coverage etc.
             * go-test
             * lint
     * Include administrators
-1. Go to repository Settings > Code security and analysis, and enable:
-    * Dependabot alerts
-    * Dependabot security updates
-    * Secret scanning
-        * Push protection
-1. Go to repository Settings > Actions > General:
-    * Set Workflow permissions to "Read repository contents and package permissions"
-1. When ready to release, rename the target branch in the release workflow from `foo` to `main`, and send a PR.
+
 1. That's it.