Replace GitHub PAT authentication with GitHub App

Personal Access Tokens are bound to a GitHub user, which doesn't work
for teams. And when the workflow fails, that GitHub user gets notified.

Using a GitHub App to authenticate makes it easier for teams to manage
access.

.github/workflows/run-tests.yaml

@@ -10,33 +10,16 @@ jobs:
       fail-fast: true
       matrix:
         os: [ubuntu-latest]
-        laravel: [8.*, 9.*, 10.*, 11.*]
-        php: [8.0, 8.1, 8.2, 8.3]
+        laravel: [10.*, 11.*]
+        php: [8.2, 8.3, 8.4]
         dependency-version: [prefer-stable]
         include:
-          - laravel: 8.*
-            testbench: 6.*
-            phpunit: 9.*
-          - laravel: 9.*
-            testbench: 7.*
-            phpunit: 9.*
           - laravel: 10.*
             testbench: 8.*
             phpunit: 9.*
           - laravel: 11.*
             testbench: 9.*
             phpunit: 10.*
-        exclude:
-          - laravel: 8.*
-            php: 8.2
-          - laravel: 8.*
-            php: 8.3
-          - laravel: 10.*
-            php: 8.0
-          - laravel: 11.*
-            php: 8.0
-          - laravel: 11.*
-            php: 8.1
     name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }}
 
     steps:
@@ -45,6 +28,7 @@ jobs:
       - uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php }}
+          coverage: none
 
       - name: Get Composer Cache Directory
         id: composer-cache

CHANGELOG.md

@@ -1,17 +1,28 @@
 # CHANGELOG
 
-## V2.0.2
+## 3.0.0
+
+- Add support for GitHub Apps
+- Drop support for PHP 8.0 and 8.1
+- Drop support for Laravel 8 and 9
+- Drop support for GitHub Personal Access Tokens
+
+Run `php artisan vendor:publish --tag=publish-config` to publish the new configuration file.
+
+See "GitHub credentials" in README.md for information about creating a GitHub Apps.
+
+## 2.0.2
 
 - Fix cms navigation bug
 
-## V2.0.1
+## 2.0.1
 
 - Add event for when publication was started
 
-## V2.0.0
+## 2.0.0
 
 - Nova 4 added as dependency. The tool is now compatible with Nova 4.
 
-## V1.0.0
+## 1.0.0
 
 - Initial version for Nova 3.

README.md

@@ -24,8 +24,8 @@
 
 [Return To Top](#nova-publish)
 
-- PHP 8.0, 8.1, 8.2
-- Laravel 8, 9, 10
+- PHP 8.2, 8.3, 8.4
+- Laravel 9, 10
 - Nova 4
 
 ## Installation
@@ -66,34 +66,33 @@ Publish configuration
 php artisan vendor:publish --provider="Publish\ToolServiceProvider"
 ```
 
-Configure GitHub credentials, set the path to the workflow file and configure an application version.
+Configure [GitHub credentials](#github-credentials), set the name of workflow file and configure an application version.
 
 =======
 
 ## Local development
 
-Run `npm run dev` to watch for changes in the `resources/js` directory.
+Run `yarn run dev` to watch for changes in the `resources/js` directory.
 
 Use the local checkout in a project that uses this plugin. [The Composer documentation explains how to do this.](https://getcomposer.org/doc/05-repositories.md#path)
 
 ## i18n
 
 To add a language or change an existing translation, please read the [Laravel documentation about overriding package language files](https://laravel.com/docs/10.x/localization#overriding-package-language-files).
 
-## GitHub API credentials
+## GitHub credentials
 
-Personal Access Tokens (PATs) are currently the only way to access the GitHub API. The token is created by a GitHub user. So when this user is removed from the GitHub organization the token must be recreated by another user. Not ideal, so there is room for improvement.
+You need a GitHub Apps to use this tool. The application must have access to the repository where the workflow is located.
 
-Create a Personal Access Token: https://github.com/settings/tokens
+[About creating GitHub Apps](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps).
 
-- Note: the name of the project
-- Expiration: No expiration (or you have to replace the token every time it expires)
-- Scopes: "repo" and "workflow"
-
-Add the created token as environment variable `PUBLISH_GITHUB_PERSONAL_ACCESS_TOKEN`.
-
-You GitHub username must be stored in `PUBLISH_GITHUB_USERNAME`.
+Use the application ID and private key in `config/publish.php`.
 
 ## Contribute
 
 You need a Nova license to run the tests.
+
+## Release new version
+
+- Run `yarn run prod` to build the assets, and commit the changes
+- Add the new version to `CHANGELOG.md`

config/publish.php

@@ -3,18 +3,26 @@
 return [
     /*
     |--------------------------------------------------------------------------
-    | GitHub credentials
+    | GitHub App credentials
     |--------------------------------------------------------------------------
     |
     | Publish uses these credentials to connect to the GitHub API. The token
     | needs the "repo" and "workflow" scope.
     |
     */
 
-    "github_username" => env("PUBLISH_GITHUB_USERNAME"),
-    "github_personal_access_token" => env(
-        "PUBLISH_GITHUB_PERSONAL_ACCESS_TOKEN"
-    ),
+    "application_id" => env("NOVA_PUBLISH_APPLICATION_ID"),
+    "private_key" => env("NOVA_PUBLISH_PRIVATE_KEY"),
+
+    /*
+    |--------------------------------------------------------------------------
+    | GitHub repository information
+    |--------------------------------------------------------------------------
+    |
+    */
+
+    "owner" => env("NOVA_PUBLISH_OWNER", "norday-agency"),
+    "repository" => env("NOVA_PUBLISH_REPOSITORY"),
 
     /*
     |--------------------------------------------------------------------------
@@ -28,7 +36,7 @@
     | https://api.github.com/repos/grrr-amsterdam/nova-publish/actions/workflows/my-workflow_dispatch-workflow.yml
     |
     */
-    "workflow_path" => "https://api.github.com/path/to/workflow.yml",
+    "workflow" => env("NOVA_PUBLISH_WORKFLOW"),
 
     /*
     |--------------------------------------------------------------------------

resources/js/components/Tool.vue

@@ -66,25 +66,25 @@ export default {
       this.publishing = true;
       Nova.request()
         .post("/nova-vendor/publish/publish")
-        .then((response) => {
+        .then(() => {
           this.error = "";
+          this.updateStatus();
         })
         .catch((error) => {
-          this.error = error.message;
+          this.error = error.response.data.message || error.message;
           this.publishing = false;
         });
     },
     updateStatus() {
       Nova.request()
         .get("/nova-vendor/publish/last-publish-run")
         .then((lastRun) => {
-          console.log(lastRun.data);
           this.lastRun = lastRun.data;
           this.publishing = lastRun.data.status !== "completed";
           this.error = "";
         })
         .catch((error) => {
-          this.error = error.message;
+          this.error = error.response.data.message || error.message;
         });
     },
     startStatusRefresh() {