internal/worker: document cloud-run-proxy
Document a relatively painless way to visit the worker in a browser.
Change-Id: Id07df93c350255065536926285191f9420c6dfcb
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/393774
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
diff --git a/internal/worker/README.md b/internal/worker/README.md
new file mode 100644
index 0000000..84432f7
--- /dev/null
+++ b/internal/worker/README.md
@@ -0,0 +1,30 @@
+# Go Vulnerability Worker
+
+The vuln worker triages incoming security advisories and scans selected modules
+for vulnerabilities.
+
+The Go security team runs the worker on Google Cloud Platform's Cloud Run
+product. See the repo's `terraform` directory for more on the deployment setup.
+
+The main program for the worker, in the repo's `cmd/worker` directory, can also
+be used as a command-line tool for one-off executions of some of the server's
+actions.
+
+## Browsing the worker
+
+Accessing the worker server's home page from a browser requires authentication.
+We recommend
+[cloud-run-proxy](https://github.com/GoogleCloudPlatform/cloud-run-proxy) for
+painless browsing. Install it with
+```
+go install github.com/GoogleCloudPlatform/cloud-run-proxy@latest
+```
+If you have authenticated with `gcloud`, you can run it with
+```
+cloud-run-proxy -host WORKER_CLOUD_RUN_URL
+```
+Otherwise, obtain a token on another machine that has authenticated with
+```
+gcloud auth print-identity-token
+```
+and pass the output to `cloud-run-proxy` with the `-token` flag.
