Fix CI workflow and clarify Nginx WAF usage

- Remove redundant 'gh auth login' command in CI workflow (fixes exit code 1 error)
- Use GH_TOKEN env var instead of GITHUB_TOKEN for gh CLI
- Update Nginx README to clarify that individual category .conf files should not be included directly
- Document that users must use waf_maps.conf (http block) + waf_rules.conf (server block)

Fixes #17

waf_patterns/nginx/README.md

@@ -4,6 +4,9 @@ This directory contains Nginx WAF configuration files generated from OWASP rules
 You can include these files in your existing Nginx configuration to enhance security.
 
 ## Usage
+
+**Important:** You should only include the two main configuration files (`waf_maps.conf` and `waf_rules.conf`). The individual category files (e.g., `attack.conf`, `xss.conf`) are provided for reference only and should **not** be included directly, as they contain both `map` and `if` directives that cannot be used in the same Nginx context.
+
 1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
    ```nginx
    http {
@@ -24,7 +27,9 @@ You can include these files in your existing Nginx configuration to enhance secu
    ```
 
 ## Notes
-- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file.
-- The rules (if statements) are defined in the `waf_rules.conf` file.
+- The `map` directives (defined in `waf_maps.conf`) must be placed in the `http` context.
+- The `if` rules (defined in `waf_rules.conf`) must be placed in a `server` or `location` context.
+- **Do not** try to include individual category files like `attack.conf` directly - they are auto-generated for reference and viewing purposes only.
 - Blocked requests return a `403 Forbidden` response by default.
 - You can enable logging for blocked requests by uncommenting the `access_log` line.
+