Update README.md

[h3rmanj]

Adds information about required permission and how to trigger other workflows using this action. Tested what's working and not in https://github.com/h3rmanj/changesets-triggers.

The feature that actually makes this possible is the commitMode: github-api introduced in #391. This just documents that it's possible.

Closes #1545, closes #187, closes #70, closes #220

It probably also closes other issues that's caused by this as well.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4a5bb6a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[h3rmanj]

I restructured the readme a bit. I changed the inputs and outputs section to use tables instead, can revert if that's not desirable.

Added an advanced section as well, after examples, with Triggering other workflows and GitHub API commit mode sections. Not sure if I should mention anything else in the github-api section, feel free to add anything there 😄

Full preview here https://github.com/h3rmanj/changesets-action/blob/docs/workflow-permissions/README.md

[s0]

Not sure if I should mention anything else in the github-api section, feel free to add anything there 😄

Probably worthwhile adding a bit about its limitations, namely that it won't commit symlinks, executable files or submodules (as this isn't supported by the API). We should probably add a section to the changesets/ghcommit README too, and link to that from this README

[h3rmanj]

Hm, IIRC some of the restrictions are lifted when using PAT - even with the default commitMode. Do you know what's the breakdown of what becomes possible with PAT using both modes?

Full breakdown from some testing

Variation	push.branches	push.tags	pull_request.opened	pull_request.synchronized	release.published
Built-in token	❌	❌	❌	❌	❌
PAT	❌	❌	✅	❌	✅
PAT + github-api	✅	✅	✅	❌ re-triggers opened instead	✅
PAT + actions/checkout PAT	✅	✅	✅	✅	✅

Not sure if I should document all these possible variations though. Personally I prefer github-api mode for the following reasons:

• Commit signing
• It's built-in to the action itself, so you can achieve desired result by only configuring this action
• Once configured, it enables all event triggers, not just some

@Andarist what would you like see mentioned in the readme?

[s0]

@h3rmanj the https://github.com/changesets/ghcommit README has a section on known limitations now if you want to link to that?

[trueberryless]

I think the docs is a duplicate and it should only be one:

Suggested change

	When using the built-in `GITHUB_TOKEN`, tags, releases and pull requests created by this action won't trigger other workflows. From the [GitHub Docs docs](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
	When using the built-in `GITHUB_TOKEN`, tags, releases and pull requests created by this action won't trigger other workflows. From the [GitHub Docs](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow):