use Personal Access Token (PAT) for creating PR in the update-readme workflow (#3829)

Currently, the PR made by the update-readme workflow does not trigger the CI to run, because GitHub does not trigger workflows for pull requests made by a GitHub Actions token (GITHUB_TOKEN) by default.

To fix the above issue, with this PR, the workflow will now retrieve and use a Personal Access Token (PAT) for creating the PR.

.github/workflows/update-readme.yml

@@ -7,6 +7,7 @@ on:
 permissions:
   contents: write
   pull-requests: write
+  id-token: write
 
 jobs:
   update-readme:
@@ -49,12 +50,21 @@ jobs:
         git checkout -b "$BRANCH"
         git commit -a -m "update README with latest"
         git push origin "$BRANCH"
+
+    # GitHub does not trigger workflows for pull requests made by a GitHub Actions token (GITHUB_TOKEN) by default.
+    # Therefore, we need to retrieve a Personal Access Token (PAT)
+    - name: Retrieve token from vault
+      uses: rancher-eio/read-vault-secrets@main
+      with:
+        secrets: |
+          secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ;
+
     - name: Create Pull Request
       if: ${{ env.changes_exist == 'true' }}
       id: cpr
       env:
         SOURCE_BRANCH: ${{ steps.branch.outputs.branch }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GH_TOKEN: ${{ env.PAT_TOKEN }}
       run: |
         PR_TITLE="[${GITHUB_REF_NAME}] update README with latest"
         PR_BODY="Auto-generated by GitHub Actions"