Problem / Motivation
When users run FerrFlow in their CI, releases and commits appear under the identity of whoever owns the token in FERRFLOW_TOKEN. Most users will use a PAT, so releases show up under their personal account.
A public GitHub App would let releases appear under ferrflow[bot], giving a cleaner identity and consistent branding across all repos using FerrFlow.
Proposed solution
Create a public GitHub App on the FerrFlow-Org organization:
- Permissions: Contents (Read & Write), Metadata (Read)
- Installation: Any account
- No webhook needed — FerrFlow runs in CI, not as a service
Users would install the app on their repos and use actions/create-github-app-token in their CI to generate a short-lived installation token.
Trade-offs
- Users need to store the App ID and private key in their CI secrets (heavier than a simple PAT)
- The private key is shared across all installations — need to evaluate security implications
- Alternatively, each user could create their own GitHub App if they just want a bot identity
Not blocking
The current PAT-based flow works fine. This is an enhancement for better UX and branding. Both PAT and GitHub App tokens work with FerrFlow without code changes.
Problem / Motivation
When users run FerrFlow in their CI, releases and commits appear under the identity of whoever owns the token in
FERRFLOW_TOKEN. Most users will use a PAT, so releases show up under their personal account.A public GitHub App would let releases appear under
ferrflow[bot], giving a cleaner identity and consistent branding across all repos using FerrFlow.Proposed solution
Create a public GitHub App on the FerrFlow-Org organization:
Users would install the app on their repos and use
actions/create-github-app-tokenin their CI to generate a short-lived installation token.Trade-offs
Not blocking
The current PAT-based flow works fine. This is an enhancement for better UX and branding. Both PAT and GitHub App tokens work with FerrFlow without code changes.