docs: emphasize the need for a personal access token (#842)

Leland · chingor13 · web-flow · commit 1ddb669c677d · 2023-11-06T22:38:11.000-08:00
It isn't made explicit that the default token is one that doesn't allow
GitHub Actions CI jobs to run.

Updated the section to make that even more clear.

Signed-off-by: Leland Clemmons &lt;leland.clemmons@gmail.com&gt;
Co-authored-by: Jeff Ching &lt;chingor@google.com&gt;
diff --git a/README.md b/README.md
@@ -98,20 +98,28 @@ Automate releases with Conventional Commit Messages.
 
 ## GitHub credentials
 
-`release-please` requires a GitHub token to access the GitHub API. You configure this token via the
-`token` configuration option. You can use the built-in `GITHUB_TOKEN` secret, however, note that any resources
-created by `release-please` (release tag or release pull request) will not trigger future GitHub actions
-workflows.
+`release-please` requires a GitHub token to access the GitHub API. You configure this token via
+the `token` configuration option.
+
+> [!WARNING]  
+> If using GitHub Actions, you will need to specify a `token` for your workflows to run on
+> Release Please's releases and PRs.
 
-From the [docs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
-> When you use the repository's `GITHUB_TOKEN` to perform tasks, events triggered by the `GITHUB_TOKEN` will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
+By default, Release Please uses the built-in `GITHUB_TOKEN` secret. However, all resources created
+by `release-please` (release tag or release pull request) will not trigger future GitHub actions workflows,
+and workflows normally triggered by `release.created` events will also not run.
+From GitHub's
+[docs](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
 
-This means that GitHub actions CI checks will not run on the release pull request and workflows normally triggered by
-`release.created` events will also not run. You will want to configure a GitHub actions secret with a
-[personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
-if you want other workflows to run.
+> When you use the repository's `GITHUB_TOKEN` to perform tasks, events triggered by the `GITHUB_TOKEN`
+> will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
+
+. You will want to configure a GitHub Actions secret with a
+[Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
+if you want GitHub Actions CI checks to run on Release Please PRs.
 
 ### The `command` option
+
 Some additional info regarding the `command` property.
 - `github-release`: creates GitHub releases (as mentioned [here](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases)) based on the most recently merged release PR and the release strategy being used.
 - `release-pr`: uses Conventional Commits to propose a candidate release [pull request](#how-release-please-works). This pull request, once merged, is used by `github-release`/`manifest`
