Spike: GitHub App

[ghickman]

OAuth apps have very blunt scopes (repo in particular).

This spike needs to answer:

• Can we give access to an 1 or more Orgs repos?
• Can we give access to specific repos?
• What, if any, changes do we need to make to our existing GitHub API code?

[ghickman]

TLDR: not worth the dev work to separate OAuth logins (via GitHub OAuth) and what a GitHub App provides over a RO Service account.

GitHub Apps are the expected way to do bot/service-to-service API access with GitHub. A user still has to install the App to an Organisation but other than that (which doesn't seem like an issue) it seems like the ideal route to take.

However it requires more work than I expected to keep User logins working via GitHub OAuth (using Python Social Auth's GitHubOAuth backend) while also integrating with the GitHub App backend for our other interactions.

Since we already had the RO Service Account set up and we need the API for a very small subset of the site (reading repo names, their branch names, and reading project.yamls) it didn't seem worth the time required to implement.