So I’ve been thinking about what I’d consider “ideal” in this case, as a way to clarify what I’m seeing as an area for improvement in tooling for OSS GitHub Apps. Disclaimer, I’m fully aware the following might be a little beyond what is likely to happen - mostly hoping to get other people’s thoughts, and I usually find it easier to start from something, even if it’s far-fetched.
I’d like to see something that allows a repository to document and define the GitHub App settings the application is meant to operate with in a file (basically, lay out the settings you enter when you add a “GitHub App” in your user or organization settings). This file could live in the “.github” folder, just as the current “CODEOWNERS” file may now.
When a potential contributor forks the repository, GitHub could, as part of the forking process, give the user an option to setup a GitHub App in their account from the settings defined in the file. This would setup the app (set to only be installable on the forking user’s account), and potentially give them an option to download a copy of the private key.
This way, the barrier to contribution to OSS GitHub Apps is reduced - it’s automatically setup for contributing users in a consistent manner. It is also more secure - each “App” for a contributor is different, and is only installable on their account - and the owner of the repository isn’t tempted to ever commit a private key to the repo for users to test with.
So, just to try to summarize, the main thing I’m trying to solve is the current choice between security and low contribution effort. I’d love to see what people like or dislike about the suggestion above, and see if it helps someone come up with something that is better in the short term, and/or doesn’t ask for such significant effort on GitHub’s part.
Also, as a side note - I don’t think there are REST APIs exposed which would allow the above to be done by a GitHub App. If someone knows otherwise, I’d be more than happy to take a crack at writing a GitHub App to streamline development of GitHub Apps