Legit-Labs
Support for GitHub Apps as an authentication method
TL;DR
Currently legitify requires a personal access token belonging to a user that has admin permissions over the repository. GitHub provides GitHub Apps as a way for automations to talk to the GitHub API, which provides the option to use fine grained permissions to only give the tool the access it needs. This would be a good fit for automated workflows (e.g. the GitHub Action).
Detailed design
Additional information
Once an app is installed on a repository, the https://github.com/actions/create-github-app-token action can be used to create a temporary GitHub token for it, and this token then can be used to interact with the GitHub API. However this token doesn't work with legitify right now, since legitify checks if the token belongs to a user that's admin of the repository here, and this won't be true, so legitify exits with Error: repository <org>/<repo> insufficient permissions.
I'm not sure which exact permissions legitify would need to work, however I know that GitHub Apps can create and manage repository settings (e.g. one can manage repositories with terraform using a GitHub App), so I'd expect most of the information to be accessible by GitHub Apps.
