diff --git a/.github/sync-with-template-delete.list b/.github/sync-with-template-delete.list
index 5b39f0c5..141e72a6 100644
--- a/.github/sync-with-template-delete.list
+++ b/.github/sync-with-template-delete.list
@@ -1,2 +1,3 @@
 .github/workflows/auto-assign-issue.yml
 .github/workflows/codespell.yml
+.github/workflows/rebase-dependabot-pull-requests.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fa3f859b..5d30b08b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,6 +6,9 @@ on:
     - main
   pull_request: { }
 
+permissions:
+  id-token: write
+
 defaults:
   run:
     shell: bash
@@ -23,10 +26,18 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
+    - name: Get GitHub Token
+      id: get-token
+      uses: remal/github-repository-token-issuer@v1
+      with:
+        scopes: |
+          contents: write
+          workflows: write
+
     - name: Checkout repository
       uses: actions/checkout@v6
       with:
-        token: ${{secrets.PUSH_BACK_TOKEN}}
+        token: ${{steps.get-token.outputs.token}}
         submodules: recursive
         lfs: true
         fetch-depth: 1
diff --git a/.github/workflows/rebase-dependabot-pull-requests.yml b/.github/workflows/rebase-dependabot-pull-requests.yml
deleted file mode 100644
index 773b3814..00000000
--- a/.github/workflows/rebase-dependabot-pull-requests.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Rebase Dependabot pull requests
-
-on:
-  push:
-    paths:
-    - '.github/workflows/rebase-dependabot-pull-requests.yml'
-    branches:
-    - 'main'
-    - 'master'
-  schedule:
-  - cron: '31 0/4 * * *' # sync-with-template: adjust
-  workflow_dispatch: { }
-
-permissions:
-  id-token: write
-
-concurrency:
-  group: rebase-dependabot-pull-requests-${{github.ref}}
-  cancel-in-progress: true
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  rebase-dependabot-pull-requests:
-    name: Rebase Dependabot pull requests
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    steps:
-    - name: Get GitHub Token
-      id: get-token
-      uses: remal/github-repository-token-issuer@v1
-      with:
-        scopes: |
-          pull_requests: write
-          issues: write
-          contents: read
-
-    - name: Rebase Dependabot pull requests
-      uses: remal-github-actions/rebase-dependabot-pull-requests@v1
-      with:
-        githubToken: ${{steps.get-token.outputs.token}}
diff --git a/.mergify/config.yml b/.mergify/config.yml
index 108b5a82..81bb26a9 100644
--- a/.mergify/config.yml
+++ b/.mergify/config.yml
@@ -25,7 +25,7 @@ pull_request_rules:
 
 - name: Sync with template
   conditions:
-  - 'author=remal'
+  - 'author~=^(remal|repository-token-issuer\[bot\])$'
   - 'label=sync-with-template'
   - '#added-files=0'
   - '#removed-files=0'