From 9ff19cf911be14f14e911d5dda5278d34b69ced6 Mon Sep 17 00:00:00 2001
From: Simon Li <orpheus+devel@gmail.com>
Date: Sun, 4 Aug 2024 21:47:54 +0100
Subject: [PATCH] Document GitHub @jupyterhub-bot

---
 docs/resources/shared-infrastructure.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/resources/shared-infrastructure.md b/docs/resources/shared-infrastructure.md
index c672c3a..c73a33d 100644
--- a/docs/resources/shared-infrastructure.md
+++ b/docs/resources/shared-infrastructure.md
@@ -8,6 +8,15 @@ Some of these are useful for our development workflows, while others are used as
 We have [a GitHub organization](https://github.com/jupyterhub/) for hosting all of our code repositories.
 This organization is where we do most of the code-related work for the project, and where we have discussions and coordination.
 
+### @jupyterhub-bot
+
+[@jupyterhub-bot is a GitHub bot account](https://github.com/jupyterhub-bot)
+that can be used to create unprivileged GitHub tokens, for example to
+[open automated PRs](https://github.com/search?q=org%3Ajupyterhub+author%3Ajupyterhub-bot&type=pullrequests)
+without the limitations of the [default `GITHUB_TOKEN`](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow).
+
+If these tokens are stored as a repository secret for a single workflow it should never be necessary to store a copy of them- just delete and create a new token instead, and update the secret.
+
 (shared:pypi-bot)=
 ## PyPI