Validate GitHub access tokens on plugin initialization

[Copilot]

• Understand the current token validation approach
• Research Octokit token validation methods
• Create a token validation function (GithubTokenValidator)
• Update init.rb to validate token on startup
• Add comprehensive unit tests for token validation
• Fix test to use mocha stubs (consistent with existing tests)
• Update documentation in README
• Run CodeQL security scan (0 vulnerabilities found)
• Fix token validation to handle test environment properly

Summary

Successfully implemented GitHub access token validation with proper test environment handling:

• Validator now accepts skip_api_check parameter to avoid API calls during test initialization
• In production/development, token is validated via GitHub API
• In test environment, validation is skipped to prevent false failures
• Added tests for skip_api_check behavior
• Total changes: 52 lines across 4 files

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Validate Github access tokens</issue_title>
<issue_description>Currently, the plugin does not check whether the passed Github PAT is still valid or not. I think it would make sense to add a check in

gnosis/init.rb

Lines 6 to 11 in 4406783

	def check_env
	ENV['GITHUB_WEBHOOK_SECRET'].present? ||
	ENV['GITHUB_ACCESS_TOKEN'].present? ||
	ENV['SEMAPHORE_WEBHOOK_SECRET'].present? ||
	ENV['GITHUB_ORGANIZATION_NAME'].present?
	end

and abort if it can't be used to authorize.</issue_description>

<agent_instructions>Read the docs, make sure to add unit tests verifying the behavior.
Avoid code comments, instead explain your thoughts in ruby code.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@CuddlyBunion341 https://renuo.slack.com/archives/CSWBT1WLA/p1733758092424389

Fixes #35

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[cb341]

Maybe the redmine plugin loader is calling init prematuerly @copilot

/home/semaphore/redmine/plugins/gnosis/init.rb:27:in <top (required)>' 00:03 /home/semaphore/redmine/lib/redmine/plugin_loader.rb:31:in load' 00:03

the checker seems to raise when tests are initialized.
Try to find a more robust way of checking the validity of the token regarding env.

[Copilot]

Maybe the redmine plugin loader is calling init prematuerly @copilot

/home/semaphore/redmine/plugins/gnosis/init.rb:27:in `<top (required)>' 00:03
...

Fixed in commit 4a146a2. The validator now accepts a skip_api_check parameter which is set to true in test environment. This prevents the validator from making actual GitHub API calls during test initialization while still allowing the tests to properly validate the token checking logic.