Update container

Author: lann

.github/workflows/publish.yml

@@ -18,4 +18,5 @@ jobs:
           go-version: '1.24.x'
 
       - uses: ko-build/setup-ko@v0.8
-      - run: ko build
+
+      - run: ko build --bare

README.md

@@ -1,5 +1,7 @@
 Monitor GH auth tokens for problems like upcoming expiration
 
+# Usage
+
 ```console
 $ TOKEN=$(gh auth token) github-token-monitor --token-env-vars TOKEN
 Checking "TOKEN"...
@@ -20,7 +22,31 @@ Error: checks failed for token(s): OLD_TOKEN
 exit status 1
 ```
 
-Also supports pointing to a directory with `--tokens-dir`, which can be
-convenient when using this as an e.g. Kubernetes CronJob to mount existing
-Secrets to be checked. The files in this directory can be either bare tokens
-or dockerconfig JSON.
+# Container
+
+This repo publishes a lightweight container with
+[`ko`](https://github.com/ko-build/ko).
+
+## Github Actions
+
+You can check expiration for a token in a Github Actions job directly using the
+container, e.g. for a secret named `TEST_TOKEN`:
+
+```yaml
+jobs:
+  test_token_expiration:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: docker://ghcr.io/fermyon/github-token-monitor:latest
+        with:
+          args: "--token-env-vars TEST_TOKEN"
+        env:
+          TEST_TOKEN: ${{ secrets.TEST_TOKEN }}
+```
+
+## Tokens Dir
+
+You can point to a directory with `--tokens-dir`, which can be convenient when
+using this as an e.g. Kubernetes CronJob to mount existing Secrets to be
+checked. All files in the directory will be parsed as either bare tokens or
+dockerconfig JSON.