From 85739c2bdb8a719fa6b865fa48bdf028f59b02a0 Mon Sep 17 00:00:00 2001
From: Ross Williams <rossjrw@gmail.com>
Date: Thu, 2 Nov 2023 19:57:51 +0000
Subject: [PATCH] Clarify how to store a custom token as secret

---
 README.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 1879e4d..adf9025 100644
--- a/README.md
+++ b/README.md
@@ -232,14 +232,17 @@ the `with` parameter.
   Default: The current repository that the pull request was made in.
 
 - `token`: The token to use for the preview deployment. The default value is
-  fine for most purposes, but if you want to deploy the preview to a different
-  repository (see `deploy-repository` above), you will need to create a
-  [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
-  with permission to access it.
-
-  Default: `${{ secrets.GITHUB_TOKEN }}`, which gives the action permission to
-  deploy to the current repository. To customize it, use e.g.
-  `token: ${{ secrets.PREVIEW_TOKEN }}` not just `token: PREVIEW_TOKEN`.
+  fine for deployments to the current repository, but if you want to deploy
+  the preview to a different repository (see `deploy-repository` above), you
+  will need to create a [Personal Access
+  Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
+  with permission to access it, and [store it as a
+  secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions)
+  in your repository. E.g. you might name that secret 'PREVIEW_TOKEN' and
+  use it with `token: ${{ secrets.PREVIEW_TOKEN }}`.
+
+  Default: `${{ github.token }}`, which gives the action permission to
+  deploy to the current repository.
 
 - **(Advanced)** `action`: Determines what this action will do when it is
   executed. Supported values: `deploy`, `remove`, `none`, `auto`.