By extending the scope of the per run temporaray default GitHub action token GITHUB_TOKEN the need of using ssh keys for cloning/pushing updates is eliminated.
So no need to manage an extra ssh anymore and this is also a security improvement as ssh keys could be leaked, while the token is only valid during the workflow runs.
By extending the scope of the per run temporaray default GitHub action token
GITHUB_TOKEN
the need of using ssh keys for cloning/pushing updates is eliminated.So no need to manage an extra ssh anymore and this is also a security improvement as ssh keys could be leaked, while the token is only valid during the workflow runs.
This got possible via the changes announced here a while ago: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/