Merge pull request 'chore(docs): detailed instructions to obtain the OVH credentials' (#14) from earl-warren/ovh-dns-update:wip-docs into main

Reviewed-on: https://code.forgejo.org/forgejo/ovh-dns-update/pulls/14

README.md

@@ -3,9 +3,9 @@
 <!-- action-docs-description -->
 ## Description
 
-Update a given DNS record using the OVH API for use in the [Release Version Check Over DNS (RVCoDNS)](https://codeberg.org/forgejo-contrib/rvcodns).
+Update a given DNS record using the OVH API.
 
-**NOTE:** This action is written in Go. Please setup the Go environment (>=1.21) before running this action or use a runner with Go environment installed.
+**NOTE:** This action is written in Go. Please setup the Go environment before running this action or use a runner with Go environment installed.
 
 <!-- action-docs-description -->
 <!-- action-docs-inputs -->
@@ -23,14 +23,26 @@ Update a given DNS record using the OVH API for use in the [Release Version Chec
 | ovh-consumer-key | The OVH API Consumer Key | `true` |  |
 <!-- action-docs-inputs -->
 
-## Security notice
+## Create the OVH credentials and information
 
-You should create restricted credentials for only the specific record you want to update. See https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET to retrieve its `record-id` and then visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (replacing the placeholders) to create dedicated credentials.
+* https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET
+* Authenticate
+* Set zoneName (e.g `forgejo.org`)
+* Set fieldType to `TXT`
+* Set subDomain (e.g. `release`)
+* Click `EXECUTE`
+* The content of `RESPONSE` is the `record-id` (e.g. `5283602601`)
+* Visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (e.g. https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/forgejo.org/record/5283602601)
+* Click create
+* `Application key` is `ovh-app-key`
+* `Application secret` is `ovh-app-secret`
+* `Consumer Key` is `ovh-consumer-key`
+
+## Security notice
 
 **However be aware that the credentials can also update the subdmain!** This means that anyone with this credentials can publish a TXT record under any `subdomain` of the `domain` (for instance to get a signed certificate by completing the [DNS challenge of the ACME protocol](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)).
 
-To mitigate this issue, [forgejo.org decided to use a dedicated `domain`](https://codeberg.org/forgejo/infrastructure-as-code/issues/5) with only TXT records (and CNAME records on the main `domain`, which points to those TXT records).
+To mitigate this issue, a dedicated `domain` can be used with only TXT records (and CNAME records on the main `domain`, which points to those TXT records).
-
 
 ## Example
 
@@ -40,12 +52,12 @@ jobs:
   upload-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
           go-version: ">=1.21"
           check-latest: true
-      - uses: actions/forgejo-release@v1
+      - uses: https://code.forgejo.org/forgejo/ovh-dns-update@v1.0.1
         with:
           subdomain: _release
           domain: example.org
@@ -55,3 +67,7 @@ jobs:
           ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
           ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
 ```
+
+## Legacy
+
+It was originally developed for use in the [Release Version Check Over DNS (RVCoDNS)](https://codeberg.org/forgejo-contrib/rvcodns).