Add support for "Bring your own GitHub App"

[MariusStorhaug]

As a team maintaining the Octo STS I want the ability to use my own GitHub App for the STS service. I do not want to give a third party standing permissions on my organizations, where they can create a installation access token and access my organizations without mitigations.

Solution:

• Add variables in the setup of the OCTO STS service, selecting ClientID and PEM that it will use.
• Provide a GitHub App manifest so that team can create an install their own app following OCTO-STS best practice. Create app with manifest flow. The Principal on Minimalism + Security at work ;)

[MariusStorhaug]

Think I might have misunderstood. This is not a "run it yourself" repo?

[cpanato]

did not get your follow up comment

[MariusStorhaug]

I might be incorrectly assuming the intent with open-sourcing the solution. Do you intend organizations to run this them-selves on their own deploys infra using the TF config you have or is the intention to just calm down users of your company's service?

If the intent is the latter, then thats a sad story for enterprises on GHEC DR (domain.ghe.com). If the intent is that we can deploy what you have shared here, we would like to be able to have some docs on how it works in a bit more detail, how to start setting it up, i.e. where do we specify our own GitHub App (instead of installing your app).