fix: The GITHUB_ prefix was unusable

[snickerjp]

Pull Request

The GITHUB_ prefix is no longer supported in GitHub Actions secrets, so I updated the relevant documentation in docs/authenticating-with-github-app-installation.md.

Proposed Changes

Fixes #436.

• Updated docs/authenticating-with-github-app-installation.md to clarify that the GITHUB_ prefix is no longer supported in GitHub Actions secrets.
• No other files or configurations were modified in this PR.

Validation

• I verified the changes by running workflows in my personal repository, and all Actions completed successfully.

Readiness Checklist

Author/Contributor

• Documentation updates are included in this pull request (docs/authenticating-with-github-app-installation.md)
• Run make lint and fix any issues that you have introduced
• Run make test and ensure you have test coverage for the lines you are introducing
• If publishing new data to the public (scorecards, security scan results, code quality results, live dashboards, etc.), please request review from @jeffrey-luszcz

Reviewer

• Label as documentation to indicate that this change exclusively updates documentation.

[jmeridth]

Nice catch about custom secrets not allowed to have the GITHUB_ prefix. TIL Naming standards/restrictions. The GITHUB_TOKEN is still valid. It is the default token given to a GitHub Action Workflow so it can interact with itself.

This PR would need to include updates to the README.md and source code that uses the environment variables. Do you agree?

This would also be a breaking change and require a major version update for releases. This will need to happen on the other GitHub OSPO Actions. You up for updating this PR (README and code) and getting others out for the other actions or do we divide and conquer? I'm not trying to steal your thunder. 😄

[jmeridth]

I have to admit, I've successfully run all of these actions with the GITHUB_* prefixed custom secrets. I'm curious how this is erroring now. Still, it does violate the naming convention (stated as far back as 1/2023) for custom secrets. Need to fix.

[snickerjp]

@jmeridth
Thank you for pointing that out. Since the GITHUB_TOKEN is still valid, I will revert the changes related to this part.

[jmeridth]

@jmeridth Thank you for pointing that out. Since the GITHUB_TOKEN is still valid, I will revert the changes related to this part.

Thank you. Did you see my other request for this to truly be "fixed" we need changes to README.md and the code?

[snickerjp]

Thank you for your follow-up.

• Changes to README.md:
  I reviewed the section in the README.md file, specifically [GitHub App Installation](https://github.com/github/issue-metrics/blob/65f3690f9856f793223f44a1c4c81462376f1622/README.md#github-app-installation), and it appears to be already updated. Could you clarify if there are specific parts that still need further edits?

• Changes to code:
  I have tested the current code in my personal repository, and it works as expected. I couldn’t identify additional areas requiring updates. If there are particular changes you have in mind, I would appreciate your guidance.
  my personal repository workflow

Thank you for your input!

[jmeridth]

@snickerjp you are correct. we already resolved this in the README and code. 🤦

Thank you for your PR.