docs: emphasize the need for a personal access token (#842)

It isn't made explicit that the default token is one that doesn't allow GitHub Actions CI jobs to run. Updated the section to make that even more clear. Signed-off-by: Leland Clemmons <leland.clemmons@gmail.com> Co-authored-by: Jeff Ching <chingor@google.com>
2026-05-13 16:01:35 +02:00 · 2023-11-07 01:38:11 -05:00
parent db8f2c60ee
commit 1ddb669c67
1 changed files with 18 additions and 10 deletions
--- a/README.md
+++ b/README.md
@@ -98,20 +98,28 @@ Automate releases with Conventional Commit Messages.
 ## GitHub credentials
-`release-please` requires a GitHub token to access the GitHub API. You configure this token via the
+`release-please` requires a GitHub token to access the GitHub API. You configure this token via
-`token` configuration option. You can use the built-in `GITHUB_TOKEN` secret, however, note that any resources
+the `token` configuration option.
 created by `release-please` (release tag or release pull request) will not trigger future GitHub actions
 workflows.
-From the [docs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
+> [!WARNING]  
-> When you use the repository's `GITHUB_TOKEN` to perform tasks, events triggered by the `GITHUB_TOKEN` will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
+> If using GitHub Actions, you will need to specify a `token` for your workflows to run on
 > Release Please's releases and PRs.
-This means that GitHub actions CI checks will not run on the release pull request and workflows normally triggered by
+By default, Release Please uses the built-in `GITHUB_TOKEN` secret. However, all resources created
-`release.created` events will also not run. You will want to configure a GitHub actions secret with a
+by `release-please` (release tag or release pull request) will not trigger future GitHub actions workflows,
-[personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
+and workflows normally triggered by `release.created` events will also not run.
-if you want other workflows to run.
+From GitHub's
 [docs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
 > When you use the repository's `GITHUB_TOKEN` to perform tasks, events triggered by the `GITHUB_TOKEN`
 > will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
 . You will want to configure a GitHub Actions secret with a
 [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
 if you want GitHub Actions CI checks to run on Release Please PRs.
 ### The `command` option
 Some additional info regarding the `command` property.
 - `github-release`: creates GitHub releases (as mentioned [here](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases)) based on the most recently merged release PR and the release strategy being used.
 - `release-pr`: uses Conventional Commits to propose a candidate release [pull request](#how-release-please-works). This pull request, once merged, is used by `github-release`/`manifest`