Add a documentation about App authentication

Author: vrigal

docs/github.md

@@ -0,0 +1,29 @@
+# Github
+
+Starting from 2026, the project was expannded to support revisions from sources other than Phabricator, particularly Github [pull requests](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests).
+
+The code review bot automatically publishes a review containing the different comments, interacting with the Github API through the [App feature](https://docs.github.com/en/apps/using-github-apps/about-using-github-apps).
+
+## App setup
+
+First, a Github App must be created and installed to your user or organisation. You can follow Github's [documentation](https://docs.github.com/en/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps#building-a-github-app) for this process.
+
+Once the app is installed, you can manage it from the [installation settings in github](https://github.com/settings/installations). The App must have access to the repositories to which it should be allowed to publish comments.
+It should be granted a **read** and **write** scope access to pull requests to be able to publish reviews. This can be configured through the **App settings** section of your installation.
+On this page, you should be able to find the App **installation ID** required to configure the bot.
+
+## Authentication
+
+Once an App is installed and has the valid access scopes, you can generate a new secret key from the [App settings](https://github.com/settings/apps). In the private key section, click the **Generate a private key** button and save the generated `.pem` file.
+On this page, you should be able to find the App **Client ID** required to configure the bot.
+
+The code review bot YAML configuration should then be updated with the corresponding information:
+
+```yaml
+bot:
+  REPORTERS:
+    - reporter: github
+      app_client_id: xxxxxxxxxxxxxxxxxxxx
+      app_pem_file: /path/to/key.pem
+      app_installation_id: 123456789
+```

docs/phabricator.md

@@ -1,6 +1,6 @@
 # Phabricator
 
-The main goal of the project is to publish issues on Phabricator, so we need a good integration with their API and interface.
+The main goal of the project was to publish issues on Phabricator, so we need a good integration with their API and interface.
 
 ## Structure
 

docs/publication.md

@@ -23,14 +23,14 @@ worker:
 
 Here, the analyzer produces its JSON output as `/builds/worker/clang-tidy.json`, but Taskcluster will expose it on its own public hostname as `https://taskcluster-artifacts.net/<TASK_ID>/<RUN_ID>/public/code-review/clang-tidy.json`
 
-## Publish results on Phabricator
+## Publish results
 
 Once your task is triggered with the `code-review` attribute, its analysis artifact will be retrieved automatically by the bot. All issues found will be filtered using those basic rules:
 
 - if the issue is not in a modifided line of a file in the patch, it will be discarded.
 - if the issue is in a third party path, it will be discarded.
 
-We have [plans](https://bugzilla.mozilla.org/show_bug.cgi?id=1555721) to remove the first filter, by using a two pass approach and comparing the issues found before vs. after applying the patch.
+The bot supports publishing a review to either a Phabricator revision or a Github pull request.
 
 ## Troubleshooting