feat: support manual github credential setup

[rohan-chaturvedi]

🔍 Overview

Adds the ability to set up GitHub credentials manually by pasting a token, instead of using the OAuth flow. This allows users of GitHub Enterprise Server to set up their credentials to sync secrets from Phase Cloud.
Fixes #659

🖼️ Screenshots or Demo

🎯 Reviewer Focus

Verify that credentials can be set up correctly using:

• Cloud mode
  • GitHub.com OAuth
  • GitHub.com manual setup
  • GitHub Enterprise Server manual setup
• Self hosted mode
  • GitHub.com OAuth
  • GitHub Enterprise Server OAuth
  • GitHub.com manual setup
  • GitHub Enterprise Server manual setup

Verify that syncs work for repos, environments

💚 Did You...

• Ensure linting passes (code style checks)?
  - [ ] Update dependencies and lockfiles (if required)
  - [ ] Update migrations (if required)
  - [ ] Regenerate graphql schema and types (if required)
• Verify the app builds locally?
• Manually test the changes on different browsers/devices?

---

Note

Adds manual GitHub token setup alongside OAuth with UI toggle, updates provider schema, and normalizes GitHub API host handling.

• Backend
  • Providers: Update Providers.GITHUB.auth_scheme to "oauth,token" in backend/api/services.py.
  • GitHub API Host: normalize_api_host now defaults empty/missing host to https://api.github.com and appends /v3 for GHES in backend/api/utils/syncing/github/actions.py.
  • Secrets Sync: Minor URL selection cleanup for repo/environment public keys and deletions in actions.py.
• Frontend
  • Credentials UI: In frontend/components/syncing/CreateProviderCredentials.tsx add OAuth/token tabs (Headless UI) and authMethod state; show token fields and Save only for token, and SetupGhAuth only for OAuth.
  • Secrets vs non-secrets: Treat *url fields as non-secret via isCredentialSecret update in frontend/utils/syncing/general.ts.

^{Written by Cursor Bugbot for commit 6feadba. This will update automatically on new commits. Configure here.}

[Copilot]

Pull Request Overview

Adds the ability to set up GitHub credentials manually by pasting a token, in addition to the existing OAuth flow. This enables users of GitHub Enterprise Server to configure their credentials for syncing secrets from Phase Cloud.

• Added support for both OAuth and token-based authentication methods for GitHub
• Enhanced credential validation to include URL fields in addition to host/addr fields
• Improved code formatting and string handling in GitHub API interactions

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
frontend/utils/syncing/general.ts	Updated credential validation to include URL fields
frontend/components/syncing/CreateProviderCredentials.tsx	Added tab interface for OAuth vs manual token setup
backend/api/utils/syncing/github/actions.py	Enhanced API host normalization and improved code formatting
backend/api/services.py	Updated GitHub provider to support both OAuth and token authentication

Comments suppressed due to low confidence (1)

backend/api/utils/syncing/github/actions.py:280

• Inconsistent string formatting - this multi-line f-string formatting differs from the single-line format used elsewhere in the same function (lines 262, 264, 276). Consider using consistent single-line formatting for similar URL constructions.

                    delete_url = (
                        f"{api_host}/repos/{owner}/{repo}/actions/secrets/{secret_name}"
                    )

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[nimish-ks]

@cursor review