it might be nice to run updatebot on any github repos without needing write access. Right now UpdateBot generates PRs by creating a temporary branch on each downstream project.
A nicer approach would be to fork the repos into the UpdateBot user's account, generating the temporary branch there and using that for the PR - which would mean the github UpdateBot user credentials would not need any permissions other than regular github roles on its own repos/forks
it might be nice to run updatebot on any github repos without needing write access. Right now UpdateBot generates PRs by creating a temporary branch on each downstream project.
A nicer approach would be to fork the repos into the UpdateBot user's account, generating the temporary branch there and using that for the PR - which would mean the github UpdateBot user credentials would not need any permissions other than regular github roles on its own repos/forks