Skip to content

Update README.md #472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
h3rmanj wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Update README.md #472

h3rmanj wants to merge 10 commits into from
+70 −26

Conversation

@h3rmanj
Copy link
Contributor

@h3rmanj h3rmanj commented May 8, 2025

Adds information about required permission and how to trigger other workflows using this action. Tested what's working and not in https://github.com/h3rmanj/changesets-triggers.

The feature that actually makes this possible is the commitMode: github-api introduced in #391. This just documents that it's possible.

Closes #1545, closes #187, closes #70, closes #220

It probably also closes other issues that's caused by this as well.

Andarist
Andarist reviewed May 8, 2025
View reviewed changes
Andarist
Andarist reviewed May 8, 2025
View reviewed changes
Andarist
Andarist reviewed May 8, 2025
View reviewed changes
@changeset-bot
Copy link

changeset-bot bot commented May 8, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 4a5bb6a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

s0
s0 reviewed May 8, 2025
View reviewed changes
@h3rmanj h3rmanj force-pushed the docs/workflow-permissions branch from 5665e3f to 1a6037c Compare May 9, 2025 08:27
@h3rmanj h3rmanj mentioned this pull request May 9, 2025
Open
@h3rmanj h3rmanj changed the title Add permission and workflow trigger info to README.md Update README.md May 9, 2025
s0
s0 reviewed May 9, 2025
View reviewed changes
@h3rmanj
Copy link
Contributor Author

h3rmanj commented May 9, 2025
edited
Loading

I restructured the readme a bit. I changed the inputs and outputs section to use tables instead, can revert if that's not desirable.

Added an advanced section as well, after examples, with Triggering other workflows and GitHub API commit mode sections. Not sure if I should mention anything else in the github-api section, feel free to add anything there 😄

Full preview here https://github.com/h3rmanj/changesets-action/blob/docs/workflow-permissions/README.md

@s0
Copy link
Member

s0 commented May 9, 2025

Not sure if I should mention anything else in the github-api section, feel free to add anything there 😄

Probably worthwhile adding a bit about its limitations, namely that it won't commit symlinks, executable files or submodules (as this isn't supported by the API). We should probably add a section to the changesets/ghcommit README too, and link to that from this README

h3rmanj
h3rmanj commented May 9, 2025
View reviewed changes
README.md
Comment on lines +240 to +248
### Triggering other workflows

When using the built-in `GITHUB_TOKEN`, tags, releases and pull requests created by this action won't trigger other workflows. From the [GitHub Docs docs](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow):

> When you use the repository's `GITHUB_TOKEN` to perform tasks, events triggered by the `GITHUB_TOKEN`, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.

To fix this, you should use a [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) or a [GitHub App token](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow) for this action. You also need to set the `commitMode` input to `github-api`.

This is useful when using this action for [managing applications or non-npm packages](https://github.com/changesets/changesets/blob/main/docs/versioning-apps.md), and using tag or release triggers for custom release workflows.
Copy link
Contributor Author

@h3rmanj h3rmanj May 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, IIRC some of the restrictions are lifted when using PAT - even with the default commitMode. Do you know what's the breakdown of what becomes possible with PAT using both modes?

Full breakdown from some testing

Variation push.branches push.tags pull_request.opened pull_request.synchronized release.published
Built-in token
PAT
PAT + github-api ❌ re-triggers opened instead
PAT + actions/checkout PAT

Not sure if I should document all these possible variations though. Personally I prefer github-api mode for the following reasons:

  • Commit signing
  • It's built-in to the action itself, so you can achieve desired result by only configuring this action
  • Once configured, it enables all event triggers, not just some

@Andarist what would you like see mentioned in the readme?

@s0
Copy link
Member

s0 commented May 10, 2025

@h3rmanj the https://github.com/changesets/ghcommit README has a section on known limitations now if you want to link to that?

trueberryless
trueberryless reviewed Oct 28, 2025
View reviewed changes
README.md

### Triggering other workflows

When using the built-in `GITHUB_TOKEN`, tags, releases and pull requests created by this action won't trigger other workflows. From the [GitHub Docs docs](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
Copy link

@trueberryless trueberryless Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the docs is a duplicate and it should only be one:

Suggested change
When using the built-in `GITHUB_TOKEN`, tags, releases and pull requests created by this action won't trigger other workflows. From the [GitHub Docs docs](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
When using the built-in `GITHUB_TOKEN`, tags, releases and pull requests created by this action won't trigger other workflows. From the [GitHub Docs](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow):

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Andarist Andarist Andarist left review comments

+2 more reviewers

@s0 s0 s0 left review comments

@trueberryless trueberryless trueberryless left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

4 participants

@h3rmanj @s0 @Andarist @trueberryless