Create a GitHub App for releasing with the Jupyter Releaser

[jtpio]

We should look into following this change in Jupyter Releaser to avoid using the ADMIN_GITHUB_TOKEN: jupyter-server/jupyter_releaser#557

This would mean creating an org wide GitHub app, and updating the releaser workflow and each repo to use the app.

[jtpio]

Since we don't have a way to share secrets between jupyterlab-contrib admins (no password manager), maybe each maintainer could generate its own private key for the GitHub app?

[jtpio]

FYI @fcollonval I was planning to start looking into this and create the GitHub App.

Just checking if you had any preference on how to manage the secret for the app. Do you still have access to the Jupyter 1Password? If so we could maybe store the credentials there.

[fcollonval]

@jtpio I don't have access to the 1Password account. But if most owners of this org have, I'm fine.

Pinging @krassowski and @martinRenou for awareness

[fcollonval]

I added a GitHub App. And yes the best for this org is for owners to generate private keys when migrating a repo to use the app for release.

@jtpio I guess we can close the issue?

[jtpio]

Also thinking more about it, since jupyterlab-contrib is not an official Jupyter subproject, it's not clear whether we should start storing its secrets in the Jupyter 1Password.

I guess the "1 key per owner" approach sounds like the easiest for now. We can always delete, regenerate keys and update the release environment secrets if needed.