Support for GitHub App authentication

[samrocketman]

GitHub apps are more robust in that they are capable of granting read-only access to an organization.

Authentication should be provided by environment variable:

• GITHUB_APP_KEY - A one-line base64 encoded String of a PKCS1 or PKCS8 PEM formatted RSA private key.
• GITHUB_APP_FILE - The path to a file with contents PKCS1 or PKCS8 PEM formatted RSA private key.

In both cases, the private key is plain and not password protected. The private key will be used for both an encrypted cache to help reduce API requests and to generate time-gated API tokens to interact with GitHub both for cloning code and for querying repositories.

Cloning repositories:

• Username: x-access-token (literal)
• Password: a token generated by the app (varies)

The following is a sample git askpass shell script.

#!/bin/bash
case "$1" in
    Username*)
        exec echo "${GIT_USERNAME:-}"
        ;;
    Password*)
        exec echo "${GIT_PASSWORD:-}"
    ;;
esac

Perhaps cloneable should support a git askpass mode. For example,

mkdir -p ~/.local/share/cloneable
curl -Lo ~/.local/share/cloneable/cloneable.jar https://some-download-url
echo -e '#!/bin/sh\njava -jar "'"$HOME"'"/.local/share/cloneable/cloneable.jar --git-askpass "$@"' > ~/.local/share/cloneable/cloneable.sh
chmod a+rx ~/.local/share/cloneable/cloneable.sh
GIT_ASKPASS="$HOME/.local/share/cloneable/cloneable.sh"
export GIT_ASKPASS

[samrocketman]

There should be a CLI option which prints the password to stdout for GIT_ASKPASS so that the askpass script reuses cached information as needed.