It would be great if I did not have to store a long-lived OPENSHIFT_TOKEN secret for my GitHub repository or organization.
GitHub provides JWTs from token.actions.githubusercontent.com (docs), so we could use this to log into the (properly-configured) clusters.
