So Github now has security warnings, this means updates are due? Update instructions on Ghost.org doesn't really help a Heroku hosted option. Took me a while to figure out how to update everything.

Download and extract the new version over the old ones

#Download the newer version (1.26.0 as of writing)
wget https://github.com/TryGhost/Ghost/releases/download/1.26.0/Ghost-1.26.0.zip
cd $APP_DIR

#Overwrite all the old files. Additional node modules installed needs to be added later
unzip ../Ghost-1.26.0.zip

#Reinstall the storage adapter
yarn add ghost-github
#Also fix the submodule with the configs
git submodule foreach git pull origin master

At this point, there will be a bunch of updated files in node_modules. Make sure to ignore this in the git commit.

Small edits required for free databases

The free JawsDB database that we configured previously has a limit of 10 connections. The defaults used by the database migrator seems to exceed this limit. This limit can be set by setting a config variable:

heroku config:set database__pool__max=2

However, it seems like we this value will get interpreted as a string. To fix this, edit core/server/config/index.js (around line 30):

nconf.env({
    seperator: '__',
    parseValues: True,
});

Now we should be ready to commit and push everything

git add .
git commit -m "Update to 1.26.0"
git push heroku master

#Migrate database 
heroku run knex-migrator migrate db

Some security issues still show up on Github.. EOL for 1.x is Jan 2020. Hopefully upgrading to 2.x or 3.x won't be too difficult. But that's for a later time.

Github Storage Adapter Fixes

Updated repo can be found here

index.js was copied from node_modules after yarn add ghost-github. Processing of heroku environment variables were added to the constructor.