feat: Add support to authentication via GitHub Apps

[Krusty93]

This PR adds logic to perform authentication using a GitHub App rather the PAT token (more secure and scalable approach)

Resolves CES-1021

[Copilot]

Pull request overview

Adds support for authenticating and registering a GitHub Actions self-hosted runner using a GitHub App (JWT → installation access token) as an alternative to the legacy token flow and PAT-based registration.

Changes:

• Switches PAT-based registration into an elif [ -n "$GITHUB_PAT" ] branch.
• Adds a new GitHub App authentication flow that generates a JWT, exchanges it for an installation access token, and then requests a runner registration token.

Comments suppressed due to low confidence (1)

github-runner-entrypoint.sh:78

• In the PAT branch, the script assumes REGISTRATION_TOKEN_API_URL and REPO_URL are set, but they are not derived anywhere in this script. Add explicit checks (and a clear error message) before calling curl/config.sh so misconfiguration fails fast instead of producing hard-to-debug API/config errors.

elif [ -n "$GITHUB_PAT" ]; then

  # Retrieve a short lived runner registration token using the PAT
  REGISTRATION_TOKEN="$(curl -X POST -fsSL \
    -H 'Accept: application/vnd.github.v3+json' \
    -H "Authorization: Bearer $GITHUB_PAT" \
    -H 'X-GitHub-Api-Version: 2022-11-28' \
    "$REGISTRATION_TOKEN_API_URL" \
    | jq -r '.token')"

  #<https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners>
  ./config.sh \
    --url "${REPO_URL}" \
    --token "${REGISTRATION_TOKEN}" \

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🎉 This PR is included in version 3.10.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀