When using GitHub Apps for auth it looks like we need two copies of app settings

[dsyme]

One thing I noticed is that it seems we would have to configure the GitHub App settings twice - once for tools and once for safe outputs. It feels worth consolidating this so the safe outputs pick up the tools, or some global app: can be used.

Separately app: feels a bit shout and maybe should be github-app-auth:

tools:
  github:
    mode: remote
    toolsets: [repos, issues, pull_requests]
    app:
      app-id: ${{ vars.APP_ID }}
      private-key: ${{ secrets.APP_PRIVATE_KEY }}
      owner: "my-org"
      repositories: ["repo1", "repo2"]

safe-outputs:
  app:
    app-id: ${{ vars.APP_ID }}
    private-key: ${{ secrets.APP_PRIVATE_KEY }}
    owner: "my-org"
    repositories: ["repo1", "repo2"]
  create-issue:
  # ... other safe outputs

[pelikhan]

you need multiple apps because they can potentially be implemented via different apps with different permissions.

[dsyme]

Yes but most people will surely want to use one