Introduce support for looking up GH app installation ID

docs/spec/v1/gitrepositories.md

@@ -346,19 +346,14 @@ The `github` provider can be used to authenticate to Git repositories using
 The GitHub App information is specified in `.spec.secretRef` in the format
 specified below:
 
-- Get the App ID from the app settings page at
-  `https://github.com/settings/apps/<app-name>`. 
-- Get the App Installation ID from the app installations page at
-`https://github.com/settings/installations`. Click the installed app, the URL
-will contain the installation ID
-`https://github.com/settings/installations/<installation-id>`. For
-organizations, the first part of the URL may be different, but it follows the
-same pattern.
+- Get the App ID from the app settings page at `https://github.com/settings/apps/<app-name>`.
 - The private key that was generated in the pre-requisites.
 - (Optional) GitHub Enterprise Server users can set the base URL to
   `http(s)://HOSTNAME/api/v3`.
-- (Optional) If GitHub Enterprise Server uses a private CA, include its bundle (root and any intermediates) in `ca.crt`.
-  If the `ca.crt` is specified, then it will be used for TLS verification for all API / Git over `HTTPS` requests to the GitHub Enterprise Server.
+- (Optional) If GitHub Enterprise Server uses a private CA, include its
+  bundle (root and any intermediates) in `ca.crt`.
+  If the `ca.crt` is specified, then it will be used for TLS verification
+  for all API / Git over `HTTPS` requests to the GitHub Enterprise Server.
 
 **NOTE:** If the secret contains `tls.crt`, `tls.key` then [mutual TLS configuration](#https-mutual-tls-authentication) will be automatically enabled. 
 Omit these keys if the GitHub server does not support mutual TLS.
@@ -371,6 +366,7 @@ metadata:
 type: Opaque
 stringData:
   githubAppID: "<app-id>"
+  githubAppInstallationOwner: "<github-org-or-user>"
   githubAppInstallationID: "<app-installation-id>"
   githubAppPrivateKey: |
     -----BEGIN RSA PRIVATE KEY-----
@@ -383,14 +379,19 @@ stringData:
     -----END CERTIFICATE-----
 ```
 
+Exactly one of `githubAppInstallationOwner` or `githubAppInstallationID` must be provided.
+If neither or both are provided, the reconciliation will fail with a misconfiguration error.
+When `githubAppInstallationOwner` is provided, the controller will look for the installation
+ID corresponding to the owner using the GitHub API.
+
 Alternatively, the Flux CLI can be used to automatically create the secret with
 the github app authentication information.
 
 ```sh
 flux create secret githubapp ghapp-secret \
     --app-id=1 \
-    --app-installation-id=3 \
-    --app-private-key=~/private-key.pem    
+    --app-installation-owner=my-org \
+    --app-private-key=~/private-key.pem
 ```
 
 ### Service Account reference

go.mod

@@ -27,7 +27,7 @@ require (
 	github.com/fluxcd/pkg/artifact v0.5.0
 	github.com/fluxcd/pkg/auth v0.33.0
 	github.com/fluxcd/pkg/cache v0.12.0
-	github.com/fluxcd/pkg/git v0.39.0
+	github.com/fluxcd/pkg/git v0.40.0
 	github.com/fluxcd/pkg/gittestserver v0.23.0
 	github.com/fluxcd/pkg/helmtestserver v0.34.0
 	github.com/fluxcd/pkg/http/transport v0.7.0

go.sum

@@ -378,8 +378,8 @@ github.com/fluxcd/pkg/auth v0.33.0 h1:3ccwqpBr8uWEQgl15b7S0PwJ9EgtcKObg4J1jnaof2
 github.com/fluxcd/pkg/auth v0.33.0/go.mod h1:ZAFC8pNZxhe+7RV2cQO1K9X62HM8BbRBnCE118oY/0A=
 github.com/fluxcd/pkg/cache v0.12.0 h1:mabABT3jIfuo84VbIW+qvfqMZ7PbM5tXQgQvA2uo2rc=
 github.com/fluxcd/pkg/cache v0.12.0/go.mod h1:HL/9cgBmwCdKIr3JH57rxrGdb7rOgX5Z1eJlHsaV1vE=
-github.com/fluxcd/pkg/git v0.39.0 h1:QydLWcsOso1BkO/ctE6ELlCFkhnGwpF2dUVa+R4aLp0=
-github.com/fluxcd/pkg/git v0.39.0/go.mod h1:MPhYH/ir7jr7cgQd75kWPHCGuJBu+sg7jzi0JPTSkKA=
+github.com/fluxcd/pkg/git v0.40.0 h1:B23gcdNqHQcVpp9P2BU4mrfFXGA8XFYi9mpy+5RDAQA=
+github.com/fluxcd/pkg/git v0.40.0/go.mod h1:MPhYH/ir7jr7cgQd75kWPHCGuJBu+sg7jzi0JPTSkKA=
 github.com/fluxcd/pkg/gittestserver v0.23.0 h1:o4tb4ic2GHf2xWHTf/07w/wVLFSvbybQ9bdhtWgDnS8=
 github.com/fluxcd/pkg/gittestserver v0.23.0/go.mod h1:b+rbFRu8HTtTFJ7mr437nHIO12pEodYqvQ3QUDHgFIQ=
 github.com/fluxcd/pkg/helmtestserver v0.34.0 h1:a6toTMPO6WfdohrkYCrs6vwOJK4VXpODLKc5311GawY=