Update README.md

Author: cheton

README.md

@@ -16,7 +16,7 @@ npm install -g github-release-cli
 Run `github-release` with `-h` or `--help` options:
 
 ```
-Usage: github-release [options]
+Usage: github-release [options] [file ...]
 
 Options:
 
@@ -30,6 +30,63 @@ Options:
   -b, --body <body>    body
 ```
 
+## Secure Setup
+
+### 1. Get an OAuth token from GitHub
+
+First you will need to get an OAuth Token from GitHub using your own username and "note":
+
+```
+curl \
+  -u 'username' \
+  -d '{"scopes":["repo"], "note":"Publish to GitHub Releases"}' \
+  https://api.github.com/authorizations
+```
+
+For users with two-factor authentication enabled, you must send the user's authentication code (i.e., one-time password) in the `X-GitHub-OTP` header:
+
+```
+curl \
+  -u 'username' \
+  -H 'X-GitHub-OTP: 000000' \
+  -d '{"scopes":["repo"], "note":"Publish to GitHub Releases"}' \
+  https://api.github.com/authorizations
+```
+
+### 2. Storing the OAuth token in an environment variable
+
+For reducing security risks, you can store your OAuth token in an environment variable.
+
+Export the token using the one you got from above:
+
+```
+export GITHUB_TOKEN=your_token
+```
+
+### 3. Set up a CI build
+
+Now you're ready to upload assets to a GitHub repository from a CI server. For example:
+
+```
+COMMIT_LOG=`git log -1 --format='%ci %H %s'`
+github-release \
+  --owner=cheton \
+  --repo=github-release-cli \
+  --tag="${TRAVIS_BRANCH}" \
+  --name="${TRAVIS_BRANCH}" \
+  --body="${COMMIT_LOG}" \
+  "releases/file.zip" \
+  "releases/file.tar.gz"
+```
+
+If you're using Travis CI, you may want to encrypt environment variables.
+
+Learn how to define encrypted variables in .travis.yml:<br>
+https://docs.travis-ci.com/user/environment-variables/#Defining-encrypted-variables-in-.travis.yml
+
+## Examples
+https://github.com/cncjs/cncjs/blob/master/.travis.yml
+
 ## License
 
 MIT