New component: GitHub App Authentication Extension

[adrielp]

The purpose and use-cases of the new component

This component provides authentication to GitHub's REST and GraphQL APIs by using a GitHub application for token exchange. It's essentially, (though I'm struggling to find the reference && possibly remember correctly) 3 legged OAuth flow. It requires a private key, and installation ID, and an App ID. I created a component a while back to do this which is referenced in GitHub receiver API Limitations doc. There two main benefits to using this Authentication extension for the GitHub receiver is 1) rate limit increase & 2) security permissions.

I was reached out in the #otel-cicd slack channel about using this with the contrib distribution so I thought it was time to propose adding it as a component.

There is another option, which (again if I'm remembering correctly) the OAuth2 extension could be updated to support more than just client crews flow. But That's not a small lift and changes the scope of that component, while adding GitHub specific oddities.

The flip side is that this component would only really be used by the GitHub receiver for the VCS metrics it scrapes, and it's easy enough to build your own distro.

Regardless, I'm happy to contribute & maintain it. This has been used in production for a year.

Example configuration for the component

extensions:
  githubappauth:
    app_id: 1234
    installation_id: 1234
    private_key_file: "path/to/key.pem"

receivers:
  gitprovider:
    initial_delay: 1s
    collection_interval: 60s
    scrapers:
      scraper:
        metrics:
          git.repository.contributor.count:
            enabled: true
          git.repository.cve.count:
            enabled: true
        github_org: myfancyorg
        #optional query override, defaults to "{org,user}:<github_org>"
        search_query: "org:myfancyorg topic:o11yalltheway"
        endpoint: "https://selfmanagedenterpriseserver.com"
        auth:
          authenticator: githubappauth
service:
  extensions: [githubappauth]
  pipelines:
    metrics:
      receivers: [..., gitprovider]
      processors: []
      exporters: [...]

Telemetry data types supported

metrics

Code Owner(s)

adrielp

Sponsor (optional)

No response

Additional context

No response

[atoulme]

I can sponsor.

[github-actions]

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.