feat: add support for separate GitHub app credentials (#649)

* feat: add support for separate GitHub app credentials stored as Kubernetes secrets

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>

* test: added tests for consuming GitHub app credentials from a secret

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>

* fix: added GitHub App placeholder words to expect.txt

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>

* fix: checking for errors when converting GitHub App and Installation IDs

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>

* fix: added more descriptive error messages for string-to-number conversions

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>

---------

Signed-off-by: Dustin Lactin <dustin.lactin@gmail.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/docs/basics/update-methods.md b/docs/basics/update-methods.md
index e64947a..404b5aa 100644
--- a/docs/basics/update-methods.md
+++ b/docs/basics/update-methods.md
@@ -123,7 +123,9 @@ Example:
 argocd-image-updater.argoproj.io/write-back-method: git:secret:argocd-image-updater/git-creds
 ```
 
-If the repository is accessed using HTTPS, the secret must contain two fields:
+If the repository is accessed using HTTPS, the secret must contain either user credentials or GitHub app credentials.
+
+If the repository is accessed using user credentials, the secret requires two fields
 `username` which holds the Git username, and `password` which holds the user's
 password or a private access token (PAT) with write access to the repository.
 You can generate such a secret using `kubectl`, e.g.:
@@ -134,6 +136,16 @@ kubectl -n argocd-image-updater create secret generic git-creds \
   --from-literal=password=somepassword
 ```
 
+If the repository is accessed using GitHub app credentials, the secret requires three fields `githubAppID` which holds the GitHub Application ID, `githubAppInstallationID` which holds the GitHub Organization Installation ID, and `githubAppPrivateKey` which holds the GitHub Application private key. The GitHub Application must be installed into the target repository with write access.
+You can generate such a secret using `kubectl`, e.g.:
+
+```bash
+kubectl -n argocd-image-updater create secret generic git-creds \
+  --from-literal=githubAppID=applicationid \
+  --from-literal=githubAppInstallationID=installationid \
+  --from-literal=githubAppPrivateKey='-----BEGIN RSA PRIVATE KEY-----PRIVATEKEYDATA-----END RSA PRIVATE KEY-----'
+```
+
 If the repository is accessed using SSH, the secret must contain the field
 `sshPrivateKey`, which holds a SSH private key in OpenSSH-compatible PEM
 format. To create such a secret from an existing private key, you can use