Github apps, OAuth apps or PAT for simple applications and scripts

Hi there :wave: !

Disclaimer

First of all, I am very sorry if this question has been asked / resolved before but I was unable to find an answer that feels corresponding to my expectations :sweat_smile:

So, I have read the official documentation about the differences between these 3 integrations:

Nevertheless, I would like to have some feedback and/or confirmations :innocent:

Context:

In my company we have written a few tools:

  • A Hubot variant
  • An internal app
  • CronJobs or triggered jobs

All of these do query the GitHub REST API to do various things (Get metadata about Repos, get commits info for statistics, and also sometimes commits and pushes).

As of today, for convenience reasons :innocent: , we have created 1 โ€œmachineโ€ user account (Access to GitHub webui) and generated as many PATs (personal access tokens) as needed for each of these use-cases.

+ We have around 30 micro-services + additional tooling and integration repositories.

Issue

As you might already know, GitHub API Ratelimiting (At least on PAT) is by users and not by keys.
So we hit the rate-limiting threshold these few months since we have many repos and many runs of these โ€œappsโ€ mentioned above.

Question

  • We use PAT because it is easy to generate
  • We use only 1 โ€œmachineโ€ user account because it is not (AFAIK) possible to automate such creation and management.

โ†’

  • Apart from creating more โ€œmachineโ€ users, do GitHub apps fit the use-case? (It seems to me)
  • If so, is there some examples/tutos/guides about creating GitHub apps and using their authentication mechanism in such use cases?

Many thanks for those of you who will take time to help me :pray:

1 Like