Support both custom GitHub App and default authentication

[jerop]

• Refactored all workflow and example YAML files to support authentication using either a custom GitHub App (recommended) or the default GITHUB_TOKEN, providing greater flexibility for different repository setups.
• Updated README.md and documentation to clearly explain both authentication methods, including setup instructions, recommendations, and required permissions.
• Enhanced docs/configuration.md and added detailed guidance in docs/github-app.md for configuring authentication and permissions.
• Improved example workflows to demonstrate both authentication approaches.
• Clarified observability and Google Cloud authentication setup in the documentation.
• General documentation improvements for clarity and ease

[jerop]

@gemini-cli /review

[gemini-cli]

📋 Review Summary

This pull request introduces a significant improvement by adding support for both custom GitHub App and default GITHUB_TOKEN authentication. The changes are well-implemented, with clear documentation and updated examples, making the action more flexible and secure for users.

🔍 General Feedback

• The use of conditional logic in the workflows to handle both authentication methods is clean and efficient.
• The new documentation in docs/github-app.md is comprehensive and provides clear instructions for setting up a GitHub App.
• The updates to the example workflows are valuable for demonstrating the new authentication flexibility.

🎯 Specific Feedback

No specific issues identified in this review.

✅ Highlights

• Flexible Authentication: The fallback mechanism (${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}) is an excellent way to support both authentication methods without complicating the workflow logic.
• Improved Documentation: The new docs/github-app.md file is a great addition that will significantly help users with the setup process.
• Consistent Implementation: The changes are applied consistently across all workflows and examples.

[jerop]

triggered manually to verify

[gemini-cli]

📋 Review Summary

This pull request introduces a significant improvement by adding flexible authentication options. The action can now use either a custom GitHub App or the default GITHUB_TOKEN, making it more adaptable for various repository setups. The changes are well-implemented, and the accompanying documentation is thorough and clear.

🔍 General Feedback

• The core change to allow fallback authentication (... || secrets.GITHUB_TOKEN) is implemented correctly and cleanly across all workflow files.
• The addition of a dedicated documentation page (docs/github-app.md) for authentication is a fantastic improvement. It's comprehensive and easy to follow.
• Moving the APP_ID from a secret to a variable (vars.APP_ID) is a good practice for non-sensitive configuration data.
• The prompts for the triage workflows have been refined for better clarity and effectiveness.

🔵 Low

• File: docs/github-app.md - It would be beneficial to add a note in the "Using the Default GITHUB_TOKEN" section about explicitly setting the permissions block in the workflow file. Users relying on the default token might not have sufficient permissions for the action to work correctly unless they define them in their job configuration. For example:

  permissions:
    contents: read
    issues: write
    pull-requests: write

✅ Highlights

• The conditional execution of the generate_token step (if: ${{ vars.APP_ID }}) is an efficient way to handle the two authentication paths.
• The new documentation in docs/github-app.md is excellent. It clearly explains both methods, guiding the user through app creation, installation, and configuration.
• The updated example workflows serve as clear, practical templates for users to follow.