diff --git a/README.md b/README.md
index 8e9e038..c31fdab 100644
--- a/README.md
+++ b/README.md
@@ -40,15 +40,42 @@ on:
 jobs:
   build:
     runs-on: docker
+    container:
+      image: git.van-hemmen.com/actions/kaniko:latest
     steps:
-
       - name: Build & push with Kaniko
-        uses: actions/kaniko@v1
         env:
-          # ✍️ Fill these placeholders
-          REGISTRY: ghcr.io
-          IMAGE_NAME: myorg/myapp
-          IMAGE_TAG: ${{ github.sha }}
-          # Optional authentication variables...
-          # REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-          # REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          # --- mandatory --------------------------------------------------------
+          KANIKO_CONTEXT: git://git.van-hemmen.com/actions/kaniko.git
+          GITHUB_REF_NAME: ${{ github.ref_name }}
+          GIT_USERNAME:    ${{ secrets.GIT_USERNAME }}
+          GIT_PASSWORD:    ${{ secrets.GIT_PASSWORD }}
+    
+          # --- optional (only needed when you plan to push) ---------------------
+          REGISTRY_HOST:   ghcr.io
+          REGISTRY_USER:   ${{ secrets.REGISTRY_USER }}
+          REGISTRY_PASS:   ${{ secrets.REGISTRY_PASS }}
+          KANIKO_DESTINATION: ghcr.io/myorg/myapp:${{ github.sha }}
+    
+          # --- fine-tuning ------------------------------------------------------
+          KANIKO_DOCKERFILE: ./Dockerfile
+          KANIKO_VERBOSITY:  info
+
+```
+
+## Environment variables
+
+| Variable | Required | Purpose | Example value                                                  |
+|----------|----------|---------|----------------------------------------------------------------|
+| `KANIKO_CONTEXT`  | **Yes** | Build context (`git://`). | `git://git.van-hemmen.com/actions/kaniko.git`                  |
+| `GITHUB_REF_NAME` | **Yes** | Branch or tag that is being built. | `${{ github.ref_name }}`                                                       |
+| `GIT_USERNAME`    | **Yes** | Username with access to `KANIKO_CONTEXT` when it is private. | `${{ secrets.GIT_USERNAME }}`                                  |
+| `GIT_PASSWORD`    | **Yes** | Token/password paired with `GIT_USERNAME`. | `${{ secrets.GIT_PASSWORD }}`                                  |
+| `REGISTRY_HOST`   | No (default `git.van-hemmen.com`) | Target registry hostname. | `ghcr.io`                                                      |
+| `REGISTRY_USER`   | No* | Registry username. Enables push only if **both** `REGISTRY_USER` and `REGISTRY_PASS` are set. | `${{ secrets.REGISTRY_USER }}`                                 |
+| `REGISTRY_PASS`   | No* | Registry password/token. | `${{ secrets.REGISTRY_PASS }}`                                 |
+| `KANIKO_DESTINATION` | No | Comma-separated list of image references to push (variables like `${{ github.sha }}` are expanded). | `ghcr.io/myorg/app:${{ github.sha }},ghcr.io/myorg/app:latest` |
+| `KANIKO_DOCKERFILE` | No (default `./Dockerfile`) | Path to the Dockerfile relative to the context. | `./docker/Dockerfile.alpine`                                   |
+| `KANIKO_VERBOSITY`  | No (default `info`) | Log level (`trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`). | `debug`                                                        |
+
+\* `REGISTRY_USER` / `REGISTRY_PASS` are only needed when the registry requires authentication.