Address PR feedback

- Document necessary repo secrets
 - Compress build artifacts directly to the arifacts folder
 - Log test commands as they are executed
 - Add comments

Change-Id: I1cc150995d339e2e93bee4570d80263dae362bb9

.github/workflows/README.md

@@ -0,0 +1,33 @@
+# GitHub Actions CI
+
+## Workflows
+ - On PR:
+   - `build_and_test.yaml`: builds and tests all combinations of OS & build
+     settings
+   - `update_docs.yaml`: builds updated docs
+ - On release tag:
+   - `draft_github_release.yaml`: creates a draft release on GitHub, triggers
+     common `build_and_test` workflow
+   - `build_and_test.yaml` builds and tests all combinations of OS & build
+     settings, attaches official binaries to the GitHub draft release, triggers
+     `publish_github_release` workflow
+   - `publish_github_release.yaml`: finalizes the draft and published the GitHub
+     release
+   - `docker_hub_release.yaml`: builds a Docker image to match the final GitHub
+     release and pushes it to Docker Hub
+   - `npm_release.yaml`: builds an NPM package to match the final GitHub release
+     and pushes it to NPM
+   - `update_docs.yaml`: builds updated docs, pushes them to the gh-pages branch
+
+## Required Repo Secrets
+ - `DOCKERHUB_CI_USERNAME`: The username of the Docker Hub CI account
+ - `DOCKERHUB_CI_TOKEN`: An access token for Docker Hub
+   - To generate, visit https://hub.docker.com/settings/security
+ - `NPM_CI_TOKEN`: An "Automation"-type access token for NPM for the `shaka-bot`
+   account
+   - To generate, visit https://www.npmjs.com/settings/shaka-bot/tokens and
+     select the "Automation" type
+ - `SHAKA_BOT_TOKEN`: A GitHub personal access token for the `shaka-bot`
+   account, with `workflow` scope
+   - To generate, visit https://github.com/settings/tokens/new and select the
+     `workflow` scope

.github/workflows/build_and_test.yaml

@@ -129,6 +129,7 @@ jobs:
           if [[ '${{ matrix.os_name }}' == 'osx' ]]; then
             export DYLD_FALLBACK_LIBRARY_PATH=out/${{ matrix.build_type }}${{ matrix.build_type_suffix }}
           fi
+          set -x  # So we can see what commands/tests are being executed
           for i in out/${{ matrix.build_type }}${{ matrix.build_type_suffix }}/*test${{ matrix.exe_ext }}; do "$i" || exit 1; done
           python out/${{ matrix.build_type }}${{ matrix.build_type_suffix }}/packager_test.py -v --libpackager_type=${{ matrix.lib_type }}_library
 
@@ -146,12 +147,13 @@ jobs:
           if [[ '${{ matrix.os_name }}' == 'win' ]]; then
             (
               cd src/out/Release${{ matrix.build_type_suffix }}
-              7z a ../../../pssh-box.py.zip pyproto pssh-box.py
+              7z a ../../../artifacts/pssh-box-${{ matrix.os_name }}.py.zip \
+                  pyproto pssh-box.py
             )
-            mv pssh-box.py.zip artifacts/pssh-box-${{ matrix.os_name }}.py.zip
           else
-            tar -czf pssh-box.py.tar.gz -C src/out/Release${{ matrix.build_type_suffix }} pyproto pssh-box.py
-            mv pssh-box.py.tar.gz artifacts/pssh-box-${{ matrix.os_name }}.py.tar.gz
+            tar -czf artifacts/pssh-box-${{ matrix.os_name }}.py.tar.gz \
+                -C src/out/Release${{ matrix.build_type_suffix }} \
+                pyproto pssh-box.py
           fi
 
       - name: Attach artifacts to release

.github/workflows/draft_github_release.yaml

@@ -40,6 +40,7 @@ jobs:
         # name.  Subsequent steps can refer to $TARGET_REF to determine the
         # correct ref in all cases.
         run: |
+          # Strip refs/tags/ from the input to get the tag name.
           echo "TARGET_REF=${{ github.event.inputs.tag || github.ref }}" | \
               sed -e 's@refs/tags/@@' >> $GITHUB_ENV