Add 'As featured in' section to the readme and full OIDC setup instructions

sureshcsdp · web-flow · commit 38e2c8727533 · 2026-03-10T17:55:41.000Z
diff --git a/README.fr.md b/README.fr.md
@@ -39,6 +39,11 @@ Gaspillage mensuel estimé : ~$147
 Régions scannées : us-east-1, us-west-2, eu-west-1
 ```
 
+## Mentionné dans la presse
+
+- [Korben](https://korben.info/cleancloud-nettoyeur-cloud-aws-azure.html) 🇫🇷 — Grand média tech français
+- [Last Week in AWS #457](https://www.lastweekinaws.com/newsletter/15259/) — La newsletter AWS de Corey Quinn
+
 ## Ce qu'en disent les utilisateurs
 
 > "Outil de découverte solide qui remonte les économies potentielles. Facile à installer et à utiliser !"
@@ -54,13 +59,18 @@ pipx ensurepath        # ajoute cleancloud au PATH — relancez votre shell apr
 cleancloud demo        # visualisez des findings sans aucun credential cloud
 ```
 
-Prêt à scanner votre vrai environnement :
+Prêt à scanner votre vrai environnement ? Authentifiez-vous d'abord, puis lancez :
 
 ```bash
+# AWS : assurez-vous d'être connecté (aws configure, aws sso login, ou rôle IAM)
 cleancloud scan --provider aws --all-regions
+
+# Azure : assurez-vous d'être connecté (az login)
 cleancloud scan --provider azure
 ```
 
+Pas sûr que vos credentials aient les bonnes permissions ? Lancez d'abord `cleancloud doctor --provider aws` ou `cleancloud doctor --provider azure`.
+
 ### Sans installation — essayez dans votre cloud shell
 
 Vous avez un compte AWS ou Azure ? Lancez un vrai scan en quelques secondes, sans installation locale.
@@ -241,43 +251,11 @@ Les scans se terminent avec `0` par défaut. Activez l'application de politique
 | `--fail-on-cost 50` | Échec si gaspillage mensuel estimé >= 50$ | `2` |
 | `--fail-on-findings` | Échec sur n'importe quel finding | `2` |
 
-### GitHub Actions — AWS (OIDC)
-
-```yaml
-- uses: aws-actions/configure-aws-credentials@v4
-  with:
-    role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
-    aws-region: us-east-1
-
-- run: pip install cleancloud
-
-- run: |
-    cleancloud scan --provider aws --all-regions \
-      --fail-on-confidence HIGH \
-      --output json --output-file scan.json
-```
-
-### GitHub Actions — Azure (Workload Identity)
-
-```yaml
-- uses: azure/login@v2
-  with:
-    client-id: ${{ secrets.AZURE_CLIENT_ID }}
-    tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-- run: pip install cleancloud
-
-- run: |
-    cleancloud scan --provider azure \
-      --fail-on-confidence MEDIUM \
-      --output json --output-file scan.json
-```
+Workflows GitHub Actions complets et prêts à l'emploi pour AWS (OIDC) et Azure (Workload Identity) — incluant la configuration OIDC, les politiques IAM/RBAC, et les patterns d'application :
 
-**Guide CI/CD complet :** [`docs/ci.md`](docs/ci.md) — configuration OIDC, patterns d'application, formats de sortie.
-Guides de configuration : [AWS](docs/aws.md) · [Azure](docs/azure.md)
+**[Guide CI/CD →](docs/ci.md)** · [Configuration AWS →](docs/aws.md) · [Configuration Azure →](docs/azure.md)
 
-> Les snippets CI/CD ci-dessus utilisent `pip install` — correct pour les runners éphémères où l'isolation pipx n'est pas nécessaire.
+**Besoin d'aide avec OIDC ou les flags d'application ?** [Posez votre question dans notre discussion CI/CD →](https://github.com/cleancloud-io/cleancloud/discussions/98)
 
 ---
 
diff --git a/README.md b/README.md
@@ -39,10 +39,16 @@ Estimated monthly waste: ~$147
 Regions scanned: us-east-1, us-west-2, eu-west-1
 ```
 
+## As featured in
+
+- [Korben](https://korben.info/cleancloud-nettoyeur-cloud-aws-azure.html) 🇫🇷 — Major French tech publication
+- [Last Week in AWS #457](https://www.lastweekinaws.com/newsletter/15259/) — Corey Quinn's weekly AWS newsletter
+
 ## What users say
 
 > "Solid discovery tool that bubbles up potential savings. Easy to install and use!"
 > — [Reddit user](https://www.reddit.com/r/AZURE/comments/1rm7an5/comment/o8zfv6a/)
+
 ---
 
 ## Get Started
@@ -53,13 +59,18 @@ pipx ensurepath        # adds cleancloud to PATH — restart your shell after th
 cleancloud demo        # see sample findings without any cloud credentials
 ```
 
-When you're ready to scan your real environment:
+When you're ready to scan your real environment, authenticate first — then run:
 
 ```bash
+# AWS: make sure you're logged in (aws configure, aws sso login, or IAM role)
 cleancloud scan --provider aws --all-regions
+
+# Azure: make sure you're logged in (az login)
 cleancloud scan --provider azure
 ```
 
+Not sure if your credentials have the right permissions? Run `cleancloud doctor --provider aws` or `cleancloud doctor --provider azure` first.
+
 ### No install — try in your cloud shell
 
 Got an AWS or Azure account? Run a real scan in seconds with no local setup.
@@ -242,43 +253,11 @@ Scans exit `0` by default. Opt in to enforcement:
 | `--fail-on-cost 50` | Fail if estimated monthly waste >= $50 | `2` |
 | `--fail-on-findings` | Fail on any finding | `2` |
 
-### GitHub Actions — AWS (OIDC)
-
-```yaml
-- uses: aws-actions/configure-aws-credentials@v4
-  with:
-    role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
-    aws-region: us-east-1
-
-- run: pip install cleancloud
-
-- run: |
-    cleancloud scan --provider aws --all-regions \
-      --fail-on-confidence HIGH \
-      --output json --output-file scan.json
-```
-
-### GitHub Actions — Azure (Workload Identity)
-
-```yaml
-- uses: azure/login@v2
-  with:
-    client-id: ${{ secrets.AZURE_CLIENT_ID }}
-    tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-    subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-- run: pip install cleancloud
-
-- run: |
-    cleancloud scan --provider azure \
-      --fail-on-confidence MEDIUM \
-      --output json --output-file scan.json
-```
+Complete, copy-pasteable GitHub Actions workflows for AWS (OIDC) and Azure (Workload Identity) — including OIDC setup, trust policy, RBAC, and enforcement patterns:
 
-**Complete CI/CD guide:** [`docs/ci.md`](docs/ci.md) — OIDC setup, enforcement patterns, output formats.
-Setup guides: [AWS](docs/aws.md) · [Azure](docs/azure.md)
+**[CI/CD guide →](docs/ci.md)** · [AWS setup →](docs/aws.md) · [Azure setup →](docs/azure.md)
 
-> CI/CD snippets above use `pip install` — correct for ephemeral runners where pipx isolation isn't needed.
+**Need help with OIDC or enforcement flags?** [Ask in our CI/CD setup discussion →](https://github.com/cleancloud-io/cleancloud/discussions/98)
 
 ---
 
diff --git a/docs/aws.md b/docs/aws.md
@@ -110,7 +110,9 @@ Go to your repo → Settings → Secrets and variables → Actions → Variables
 
 > Use `vars` (not `secrets`) for account ID — it's not sensitive and makes debugging easier.
 
-#### GitHub Actions Workflow
+#### Validate Your Setup
+
+Once credentials are configured, verify everything works:
 
 ```yaml
 permissions:
@@ -129,20 +131,13 @@ jobs:
           role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
           aws-region: us-east-1
 
-      - name: Install CleanCloud
-        run: pip install cleancloud
-
       - name: Validate AWS permissions
-        run: cleancloud doctor --provider aws --region us-east-1
-
-      - name: Scan and enforce
         run: |
-          cleancloud scan --provider aws --region us-east-1 \
-            --output json --output-file scan.json \
-            --fail-on-confidence HIGH
+          pip install cleancloud
+          cleancloud doctor --provider aws --region us-east-1
 ```
 
-> Use `--all-regions` instead of `--region us-east-1` to scan all regions with active resources.
+For the complete production workflow with enforcement flags, scheduling, and artifact upload: **[CI/CD guide →](ci.md)**
 
 ---
 
diff --git a/docs/azure.md b/docs/azure.md
@@ -92,7 +92,9 @@ Go to your repo → Settings → Secrets and variables → Actions → New repos
 
 No `AZURE_CLIENT_SECRET` needed — OIDC uses federated credentials.
 
-#### GitHub Actions Workflow
+#### Validate Your Setup
+
+Once credentials are configured, verify everything works:
 
 ```yaml
 permissions:
@@ -112,19 +114,14 @@ jobs:
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - name: Install CleanCloud
-        run: pip install cleancloud
-
       - name: Validate Azure permissions
-        run: cleancloud doctor --provider azure
-
-      - name: Scan and enforce
         run: |
-          cleancloud scan --provider azure \
-            --output json --output-file scan.json \
-            --fail-on-confidence MEDIUM
+          pip install cleancloud
+          cleancloud doctor --provider azure
 ```
 
+For the complete production workflow with enforcement flags, scheduling, and artifact upload: **[CI/CD guide →](ci.md)**
+
 ---
 
 ### 2. Service Principal with Environment Variables (Local Development)
