Replace GitHub PAT authentication with GitHub App

Personal Access Tokens are bound to a GitHub user, which doesn't work
for teams. And when the workflow fails, that GitHub user gets notified.

Using a GitHub App to authenticate makes it easier for teams to manage
access.

The integration test has been removed, because it has to fake the whole
GitHub auth process. But faking that all the tricky and important parts
are faked, so the test doesn't have value.

.github/workflows/run-tests.yaml

@@ -10,33 +10,16 @@ jobs:
       fail-fast: true
       matrix:
         os: [ubuntu-latest]
-        laravel: [8.*, 9.*, 10.*, 11.*]
-        php: [8.0, 8.1, 8.2, 8.3]
+        laravel: [10.*, 11.*]
+        php: [8.2, 8.3, 8.4]
         dependency-version: [prefer-stable]
         include:
-          - laravel: 8.*
-            testbench: 6.*
-            phpunit: 9.*
-          - laravel: 9.*
-            testbench: 7.*
-            phpunit: 9.*
           - laravel: 10.*
             testbench: 8.*
             phpunit: 9.*
           - laravel: 11.*
             testbench: 9.*
             phpunit: 10.*
-        exclude:
-          - laravel: 8.*
-            php: 8.2
-          - laravel: 8.*
-            php: 8.3
-          - laravel: 10.*
-            php: 8.0
-          - laravel: 11.*
-            php: 8.0
-          - laravel: 11.*
-            php: 8.1
     name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }}
 
     steps:
@@ -45,6 +28,7 @@ jobs:
       - uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php }}
+          coverage: none
 
       - name: Get Composer Cache Directory
         id: composer-cache

CHANGELOG.md

@@ -1,17 +1,28 @@
 # CHANGELOG
 
-## V2.0.2
+## 3.0.0
+
+- Add support for GitHub Apps
+- Drop support for PHP 8.0 and 8.1
+- Drop support for Laravel 8 and 9
+- Drop support for GitHub Personal Access Tokens
+
+Run `php artisan vendor:publish --tag=publish-config` to publish the new configuration file.
+
+See "GitHub credentials" in README.md for information about creating a GitHub Apps.
+
+## 2.0.2
 
 - Fix cms navigation bug
 
-## V2.0.1
+## 2.0.1
 
 - Add event for when publication was started
 
-## V2.0.0
+## 2.0.0
 
 - Nova 4 added as dependency. The tool is now compatible with Nova 4.
 
-## V1.0.0
+## 1.0.0
 
 - Initial version for Nova 3.

README.md

@@ -24,8 +24,8 @@
 
 [Return To Top](#nova-publish)
 
-- PHP 8.0, 8.1, 8.2
-- Laravel 8, 9, 10
+- PHP 8.2, 8.3, 8.4
+- Laravel 9, 10
 - Nova 4
 
 ## Installation
@@ -66,34 +66,33 @@ Publish configuration
 php artisan vendor:publish --provider="Publish\ToolServiceProvider"
 ```
 
-Configure GitHub credentials, set the path to the workflow file and configure an application version.
+Configure [GitHub credentials](#github-credentials), set the name of workflow file and configure an application version.
 
 =======
 
 ## Local development
 
-Run `npm run dev` to watch for changes in the `resources/js` directory.
+Run `yarn run dev` to watch for changes in the `resources/js` directory.
 
 Use the local checkout in a project that uses this plugin. [The Composer documentation explains how to do this.](https://getcomposer.org/doc/05-repositories.md#path)
 
 ## i18n
 
 To add a language or change an existing translation, please read the [Laravel documentation about overriding package language files](https://laravel.com/docs/10.x/localization#overriding-package-language-files).
 
-## GitHub API credentials
+## GitHub credentials
 
-Personal Access Tokens (PATs) are currently the only way to access the GitHub API. The token is created by a GitHub user. So when this user is removed from the GitHub organization the token must be recreated by another user. Not ideal, so there is room for improvement.
+You need a GitHub Apps to use this tool. The application must have access to the repository where the workflow is located.
 
-Create a Personal Access Token: https://github.com/settings/tokens
+[About creating GitHub Apps](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps).
 
-- Note: the name of the project
-- Expiration: No expiration (or you have to replace the token every time it expires)
-- Scopes: "repo" and "workflow"
-
-Add the created token as environment variable `PUBLISH_GITHUB_PERSONAL_ACCESS_TOKEN`.
-
-You GitHub username must be stored in `PUBLISH_GITHUB_USERNAME`.
+Use the application ID and private key in `config/publish.php`.
 
 ## Contribute
 
 You need a Nova license to run the tests.
+
+## Release new version
+
+- Run `yarn run prod` to build the assets, and commit the changes
+- Add the new version to `CHANGELOG.md`

composer.json

@@ -13,7 +13,8 @@
   ],
   "license": "MIT",
   "require": {
-    "php": "^8.0|^8.1|^8.2|^8.3",
+    "php": "^8.2|^8.3|^8.4",
+    "ext-openssl": "*",
     "guzzlehttp/guzzle": "^7.3",
     "laravel/nova": "^4.0"
   },

config/publish.php

@@ -3,18 +3,26 @@
 return [
     /*
     |--------------------------------------------------------------------------
-    | GitHub credentials
+    | GitHub App credentials
     |--------------------------------------------------------------------------
     |
     | Publish uses these credentials to connect to the GitHub API. The token
     | needs the "repo" and "workflow" scope.
     |
     */
 
-    "github_username" => env("PUBLISH_GITHUB_USERNAME"),
-    "github_personal_access_token" => env(
-        "PUBLISH_GITHUB_PERSONAL_ACCESS_TOKEN"
-    ),
+    "application_id" => env("NOVA_PUBLISH_APPLICATION_ID"),
+    "private_key" => env("NOVA_PUBLISH_PRIVATE_KEY"),
+
+    /*
+    |--------------------------------------------------------------------------
+    | GitHub repository information
+    |--------------------------------------------------------------------------
+    |
+    */
+
+    "owner" => env("NOVA_PUBLISH_OWNER", "norday-agency"),
+    "repository" => env("NOVA_PUBLISH_REPOSITORY"),
 
     /*
     |--------------------------------------------------------------------------
@@ -28,7 +36,7 @@
     | https://api.github.com/repos/grrr-amsterdam/nova-publish/actions/workflows/my-workflow_dispatch-workflow.yml
     |
     */
-    "workflow_path" => "https://api.github.com/path/to/workflow.yml",
+    "workflow" => env("NOVA_PUBLISH_WORKFLOW"),
 
     /*
     |--------------------------------------------------------------------------

resources/js/components/Tool.vue

@@ -66,25 +66,25 @@ export default {
       this.publishing = true;
       Nova.request()
         .post("/nova-vendor/publish/publish")
-        .then((response) => {
+        .then(() => {
           this.error = "";
+          this.updateStatus();
         })
         .catch((error) => {
-          this.error = error.message;
+          this.error = error.response.data.message || error.message;
           this.publishing = false;
         });
     },
     updateStatus() {
       Nova.request()
         .get("/nova-vendor/publish/last-publish-run")
         .then((lastRun) => {
-          console.log(lastRun.data);
           this.lastRun = lastRun.data;
           this.publishing = lastRun.data.status !== "completed";
           this.error = "";
         })
         .catch((error) => {
-          this.error = error.message;
+          this.error = error.response.data.message || error.message;
         });
     },
     startStatusRefresh() {