Skip to content

Commit 38e2c87

Browse files
authored
Add 'As featured in' section to the readme and full OIDC setup instructions
1 parent f7ebf2d commit 38e2c87

4 files changed

Lines changed: 42 additions & 93 deletions

File tree

README.fr.md

Lines changed: 14 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,11 @@ Gaspillage mensuel estimé : ~$147
3939
Régions scannées : us-east-1, us-west-2, eu-west-1
4040
```
4141

42+
## Mentionné dans la presse
43+
44+
- [Korben](https://korben.info/cleancloud-nettoyeur-cloud-aws-azure.html) 🇫🇷 — Grand média tech français
45+
- [Last Week in AWS #457](https://www.lastweekinaws.com/newsletter/15259/) — La newsletter AWS de Corey Quinn
46+
4247
## Ce qu'en disent les utilisateurs
4348

4449
> "Outil de découverte solide qui remonte les économies potentielles. Facile à installer et à utiliser !"
@@ -54,13 +59,18 @@ pipx ensurepath # ajoute cleancloud au PATH — relancez votre shell apr
5459
cleancloud demo # visualisez des findings sans aucun credential cloud
5560
```
5661

57-
Prêt à scanner votre vrai environnement :
62+
Prêt à scanner votre vrai environnement ? Authentifiez-vous d'abord, puis lancez :
5863

5964
```bash
65+
# AWS : assurez-vous d'être connecté (aws configure, aws sso login, ou rôle IAM)
6066
cleancloud scan --provider aws --all-regions
67+
68+
# Azure : assurez-vous d'être connecté (az login)
6169
cleancloud scan --provider azure
6270
```
6371

72+
Pas sûr que vos credentials aient les bonnes permissions ? Lancez d'abord `cleancloud doctor --provider aws` ou `cleancloud doctor --provider azure`.
73+
6474
### Sans installation — essayez dans votre cloud shell
6575

6676
Vous avez un compte AWS ou Azure ? Lancez un vrai scan en quelques secondes, sans installation locale.
@@ -241,43 +251,11 @@ Les scans se terminent avec `0` par défaut. Activez l'application de politique
241251
| `--fail-on-cost 50` | Échec si gaspillage mensuel estimé >= 50$ | `2` |
242252
| `--fail-on-findings` | Échec sur n'importe quel finding | `2` |
243253

244-
### GitHub Actions — AWS (OIDC)
245-
246-
```yaml
247-
- uses: aws-actions/configure-aws-credentials@v4
248-
with:
249-
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
250-
aws-region: us-east-1
251-
252-
- run: pip install cleancloud
253-
254-
- run: |
255-
cleancloud scan --provider aws --all-regions \
256-
--fail-on-confidence HIGH \
257-
--output json --output-file scan.json
258-
```
259-
260-
### GitHub Actions — Azure (Workload Identity)
261-
262-
```yaml
263-
- uses: azure/login@v2
264-
with:
265-
client-id: ${{ secrets.AZURE_CLIENT_ID }}
266-
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
267-
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
268-
269-
- run: pip install cleancloud
270-
271-
- run: |
272-
cleancloud scan --provider azure \
273-
--fail-on-confidence MEDIUM \
274-
--output json --output-file scan.json
275-
```
254+
Workflows GitHub Actions complets et prêts à l'emploi pour AWS (OIDC) et Azure (Workload Identity) — incluant la configuration OIDC, les politiques IAM/RBAC, et les patterns d'application :
276255

277-
**Guide CI/CD complet :** [`docs/ci.md`](docs/ci.md) — configuration OIDC, patterns d'application, formats de sortie.
278-
Guides de configuration : [AWS](docs/aws.md) · [Azure](docs/azure.md)
256+
**[Guide CI/CD →](docs/ci.md)** · [Configuration AWS →](docs/aws.md) · [Configuration Azure →](docs/azure.md)
279257

280-
> Les snippets CI/CD ci-dessus utilisent `pip install` — correct pour les runners éphémères où l'isolation pipx n'est pas nécessaire.
258+
**Besoin d'aide avec OIDC ou les flags d'application ?** [Posez votre question dans notre discussion CI/CD →](https://github.com/cleancloud-io/cleancloud/discussions/98)
281259

282260
---
283261

README.md

Lines changed: 15 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,16 @@ Estimated monthly waste: ~$147
3939
Regions scanned: us-east-1, us-west-2, eu-west-1
4040
```
4141

42+
## As featured in
43+
44+
- [Korben](https://korben.info/cleancloud-nettoyeur-cloud-aws-azure.html) 🇫🇷 — Major French tech publication
45+
- [Last Week in AWS #457](https://www.lastweekinaws.com/newsletter/15259/) — Corey Quinn's weekly AWS newsletter
46+
4247
## What users say
4348

4449
> "Solid discovery tool that bubbles up potential savings. Easy to install and use!"
4550
> [Reddit user](https://www.reddit.com/r/AZURE/comments/1rm7an5/comment/o8zfv6a/)
51+
4652
---
4753

4854
## Get Started
@@ -53,13 +59,18 @@ pipx ensurepath # adds cleancloud to PATH — restart your shell after th
5359
cleancloud demo # see sample findings without any cloud credentials
5460
```
5561

56-
When you're ready to scan your real environment:
62+
When you're ready to scan your real environment, authenticate first — then run:
5763

5864
```bash
65+
# AWS: make sure you're logged in (aws configure, aws sso login, or IAM role)
5966
cleancloud scan --provider aws --all-regions
67+
68+
# Azure: make sure you're logged in (az login)
6069
cleancloud scan --provider azure
6170
```
6271

72+
Not sure if your credentials have the right permissions? Run `cleancloud doctor --provider aws` or `cleancloud doctor --provider azure` first.
73+
6374
### No install — try in your cloud shell
6475

6576
Got an AWS or Azure account? Run a real scan in seconds with no local setup.
@@ -242,43 +253,11 @@ Scans exit `0` by default. Opt in to enforcement:
242253
| `--fail-on-cost 50` | Fail if estimated monthly waste >= $50 | `2` |
243254
| `--fail-on-findings` | Fail on any finding | `2` |
244255

245-
### GitHub Actions — AWS (OIDC)
246-
247-
```yaml
248-
- uses: aws-actions/configure-aws-credentials@v4
249-
with:
250-
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
251-
aws-region: us-east-1
252-
253-
- run: pip install cleancloud
254-
255-
- run: |
256-
cleancloud scan --provider aws --all-regions \
257-
--fail-on-confidence HIGH \
258-
--output json --output-file scan.json
259-
```
260-
261-
### GitHub Actions — Azure (Workload Identity)
262-
263-
```yaml
264-
- uses: azure/login@v2
265-
with:
266-
client-id: ${{ secrets.AZURE_CLIENT_ID }}
267-
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
268-
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
269-
270-
- run: pip install cleancloud
271-
272-
- run: |
273-
cleancloud scan --provider azure \
274-
--fail-on-confidence MEDIUM \
275-
--output json --output-file scan.json
276-
```
256+
Complete, copy-pasteable GitHub Actions workflows for AWS (OIDC) and Azure (Workload Identity) — including OIDC setup, trust policy, RBAC, and enforcement patterns:
277257

278-
**Complete CI/CD guide:** [`docs/ci.md`](docs/ci.md) — OIDC setup, enforcement patterns, output formats.
279-
Setup guides: [AWS](docs/aws.md) · [Azure](docs/azure.md)
258+
**[CI/CD guide →](docs/ci.md)** · [AWS setup →](docs/aws.md) · [Azure setup →](docs/azure.md)
280259

281-
> CI/CD snippets above use `pip install` — correct for ephemeral runners where pipx isolation isn't needed.
260+
**Need help with OIDC or enforcement flags?** [Ask in our CI/CD setup discussion →](https://github.com/cleancloud-io/cleancloud/discussions/98)
282261

283262
---
284263

docs/aws.md

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,9 @@ Go to your repo → Settings → Secrets and variables → Actions → Variables
110110

111111
> Use `vars` (not `secrets`) for account ID — it's not sensitive and makes debugging easier.
112112
113-
#### GitHub Actions Workflow
113+
#### Validate Your Setup
114+
115+
Once credentials are configured, verify everything works:
114116

115117
```yaml
116118
permissions:
@@ -129,20 +131,13 @@ jobs:
129131
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/CleanCloudCIReadOnly
130132
aws-region: us-east-1
131133

132-
- name: Install CleanCloud
133-
run: pip install cleancloud
134-
135134
- name: Validate AWS permissions
136-
run: cleancloud doctor --provider aws --region us-east-1
137-
138-
- name: Scan and enforce
139135
run: |
140-
cleancloud scan --provider aws --region us-east-1 \
141-
--output json --output-file scan.json \
142-
--fail-on-confidence HIGH
136+
pip install cleancloud
137+
cleancloud doctor --provider aws --region us-east-1
143138
```
144139
145-
> Use `--all-regions` instead of `--region us-east-1` to scan all regions with active resources.
140+
For the complete production workflow with enforcement flags, scheduling, and artifact upload: **[CI/CD guide →](ci.md)**
146141
147142
---
148143

docs/azure.md

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,9 @@ Go to your repo → Settings → Secrets and variables → Actions → New repos
9292

9393
No `AZURE_CLIENT_SECRET` needed — OIDC uses federated credentials.
9494

95-
#### GitHub Actions Workflow
95+
#### Validate Your Setup
96+
97+
Once credentials are configured, verify everything works:
9698

9799
```yaml
98100
permissions:
@@ -112,19 +114,14 @@ jobs:
112114
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
113115
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
114116

115-
- name: Install CleanCloud
116-
run: pip install cleancloud
117-
118117
- name: Validate Azure permissions
119-
run: cleancloud doctor --provider azure
120-
121-
- name: Scan and enforce
122118
run: |
123-
cleancloud scan --provider azure \
124-
--output json --output-file scan.json \
125-
--fail-on-confidence MEDIUM
119+
pip install cleancloud
120+
cleancloud doctor --provider azure
126121
```
127122
123+
For the complete production workflow with enforcement flags, scheduling, and artifact upload: **[CI/CD guide →](ci.md)**
124+
128125
---
129126
130127
### 2. Service Principal with Environment Variables (Local Development)

0 commit comments

Comments
 (0)