Merge branch 'improve-container-image-instructions'

1 files changed, 14 insertions, 2 deletions

diff --git a/building/README.md b/building/README.md
index 856b18a690..1c4ea04794 100644
--- a/building/README.md
+++ b/building/README.md
@@ -23,7 +23,19 @@ docker:
 ```
 
 Sign in to ghcr.io with a classic auth token. Read more here:
-https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic
+https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic.
+The TLDR is basically:
+1. Go to https://github.com/settings/tokens/new?scopes=write:packages
+2. Create a new token named `build@app-build-linux3` with `write:packages` as the only permission.
+   Set a very short expiry time on the token, since it's tied to your personal account.
+3. Log podman in to ghcr.io with the new token. :
+   ```
+   $ podman login ghcr.io -u <YOUR_PERSONAL_GITHUB_USERNAME>
+   Password: <Here you paste the token generated above>
+   ```
+   This login session is valid as long as the token is valid. You can revoke the token on github
+   as soon as the container building and pushing is done.
+
 
 Build and publish the container image. Tag it with the github hash of the current commit.
 This also adds the container GPG signatures to the sigstore and commits that to git.
@@ -33,7 +45,7 @@ The single sigstore addition (signed) commit can be pushed directly to the main
 ./build-and-publish-container-image.sh (linux|android)
 
 # Pushes the new sigstore entry
-GIT_SSH_COMMAND="ssh -i /path/to/deploy-key" git push
+GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ed25519-mullvadvpn-app-deploy" git push
 ```
 
 When satisfied with how the new image works, the `building/{linux,android}-container-image.txt`