Allow custom token in generate_terraform_docs workflow

[jansdhillon]

Enhancement Proposal

The generate_terraform_docs.yaml reusable workflow hardcodes secrets.GITHUB_TOKEN for the canonical/create-pull-request step:

- name: Create pull request
  uses: canonical/create-pull-request@main
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}

GitHub prevents workflows from being triggered by commits or PRs created using GITHUB_TOKEN. This means that when terraform-docs opens or updates a PR, no CI workflows run against it.

The fix is to add an optional github-token input that defaults to secrets.GITHUB_TOKEN for backwards compatibility, but allows callers to pass a PAT:

on:
  workflow_call:
    inputs:
      github-token:
        type: string
        description: Token used to create the pull request. Use a PAT to allow CI to trigger on the resulting PR.
        default: ""

Then in the step:

github-token: ${{ inputs.github-token || secrets.GITHUB_TOKEN }}

This is a non-breaking change. Existing callers without github-token continue to work as before.

Encountered while setting up generate_terraform_docs.yaml in canonical/landscape-saas-terraform.

Impact

Medium

Impact Rationale

Without this, CI does not run on terraform-docs PRs, which is the primary reason for automating documentation updates in CI.

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/ISD-5275.

This message was autogenerated