diff --git a/.github/workflows/generate_prs.yml b/.github/workflows/generate_prs.yml
index aaa9a517..1b5cb525 100644
--- a/.github/workflows/generate_prs.yml
+++ b/.github/workflows/generate_prs.yml
@@ -1,6 +1,8 @@
 ---
 name: Generate Downstream PRs
 
+run-name: "Generate Downstream PRs (dry-run: ${{ inputs.dry-run }})"
+
 on:
   workflow_dispatch:
     inputs:
diff --git a/README.adoc b/README.adoc
index 7ce6b468..5cf3b4d4 100644
--- a/README.adoc
+++ b/README.adoc
@@ -85,7 +85,8 @@ Consult the section above to learn more about the structure of the template.
 
 === Test changes locally
 
-1. Create the directory `work` and run the `test.sh` script.
+1. Run the `test.sh` script.
+   It will automatically delete and recreate a `work` directory.
 2. The changes can be examined with `git status`.
    When the pull request is later merged into the `main` branch then pull requests with these changes will be created automatically.
 3. Depending on the change, it makes sense to run the integration tests for all changed operators.
diff --git a/config/retired_files.yaml b/config/retired_files.yaml
index 07f577bb..f23aec49 100644
--- a/config/retired_files.yaml
+++ b/config/retired_files.yaml
@@ -5,4 +5,5 @@
 retired_files:
   - python/cargo_version.py
   - python/requirements.txt
-  - flake8 # replaced by ruff
+  - .flake8 # replaced by ruff
+  - .github/workflows/pr_reviewdog.yaml # replaced by pr_pre-commit.yaml
diff --git a/playbook/playbook.yaml b/playbook/playbook.yaml
index 1203a294..49449f63 100644
--- a/playbook/playbook.yaml
+++ b/playbook/playbook.yaml
@@ -15,14 +15,6 @@
         path: "{{ work_dir }}"
         state: directory
 
-    - name: Configure git author mail
-      command:
-        argv: [git, config, --global, user.email, "{{ author_mail }}"]
-
-    - name: Configure git author name
-      command:
-        argv: [git, config, --global, user.name, "{{ author_name }}"]
-
     - name: Login to github
       command:
         argv: [gh, auth, login, --with-token]
diff --git a/playbook/update_repo.yaml b/playbook/update_repo.yaml
index 6fe8d4eb..a8268c4d 100644
--- a/playbook/update_repo.yaml
+++ b/playbook/update_repo.yaml
@@ -111,16 +111,15 @@
       register: git_change
       failed_when: git_change.rc == 0 # fail when there are no changes
 
+    - name: Configure git author mail
+      command:
+        argv: [git, config, user.email, "{{ author_mail }}"]
+        chdir: "{{ work_dir }}/{{ operator.name }}"
 
-# Check if anything was changed, if yes commit changes and create a pull request, otherwise skip rest of this play
-- name: "Operator [{{ operator.name }}] create PR if changes were performed"
-  block:
-    - name: "Operator [{{ operator.name }}] run 'git ls-remotes' to ensure that the branch {{ pr_branch_name  }} doesn't exist"
+    - name: Configure git author name
       command:
-        argv: [git, ls-remote, --exit-code, --heads, "https://{{ gh_access_token }}@github.com/{{ operator.url }}", "{{ pr_branch_name }}"]
+        argv: [git, config, user.name, "{{ author_name }}"]
         chdir: "{{ work_dir }}/{{ operator.name }}"
-      register: branch_exists
-      failed_when: branch_exists.rc != 2 # fail when branch exists
 
     - name: "Operator [{{ operator.name }}] stage all changes"
       command:
@@ -129,9 +128,19 @@
 
     - name: "Operator [{{ operator.name }}] commit changes"
       command:
-        argv: [git, commit, -a, -m, "{{ commit_message }}"]
+        argv: [git, commit, -m, "{{ commit_message }}"]
         chdir: "{{ work_dir }}/{{ operator.name }}"
 
+# Fail if the remote branch exists, otherwise push changes and create a pull request
+- name: "Operator [{{ operator.name }}] create PR if changes were performed"
+  block:
+    - name: "Operator [{{ operator.name }}] run 'git ls-remotes' to ensure that the branch {{ pr_branch_name  }} doesn't exist"
+      command:
+        argv: [git, ls-remote, --exit-code, --heads, "https://{{ gh_access_token }}@github.com/{{ operator.url }}", "{{ pr_branch_name }}"]
+        chdir: "{{ work_dir }}/{{ operator.name }}"
+      register: branch_exists
+      failed_when: branch_exists.rc != 2 # fail when branch exists
+
     - name: "Operator [{{ operator.name }}] push changes to branch {{ pr_branch_name }}"
       command:
         argv: [git, push, --set-upstream, origin, "{{ pr_branch_name }}"]
diff --git a/template/default.nix b/template/default.nix
index cea676d7..4932cb85 100644
--- a/template/default.nix
+++ b/template/default.nix
@@ -16,6 +16,10 @@
       stackable-secret-operator = attrs: {
         buildInputs = [ pkgs.protobuf pkgs.rustfmt ];
       };
+      stackable-opa-user-info-fetcher = attrs: {
+        # TODO: why is this not pulled in via libgssapi-sys?
+        buildInputs = [ pkgs.krb5 ];
+      };
       krb5-sys = attrs: {
         nativeBuildInputs = [ pkgs.pkg-config ];
         buildInputs = [ pkgs.krb5 ];
diff --git a/test.sh b/test.sh
index 53c28167..e350439e 100755
--- a/test.sh
+++ b/test.sh
@@ -1,3 +1,5 @@
 #!/usr/bin/env bash
 
+rm -fr work || true
+mkdir -p work
 ansible-playbook playbook/playbook.yaml --tags "local" --extra-vars "gh_access_token=unneeded base_dir=$(pwd) commit_hash=12345 reason='original message'"