Their API docs doesn't cover a PHP variant and it took me some time to figure it out. In the end it's pretty straight forward. All you need is the ext-sodium enabled and the following piece of code:

$base64PublicKey = 'YOUR_BASE64_PUBLIC_KEY';
$secret = 'YOUR_SECRET';
$sodiumId = SODIUM_BASE64_VARIANT_ORIGINAL;

$binaryPublicKey = sodium_base642bin($base64PublicKey, $sodiumId);
$encryptedBinaryValue = sodium_crypto_box_seal($secret, $binaryPublicKey);
$base64EncodedEncryptedValue = sodium_bin2base64($encryptedBinaryValue, $sodiumId);

The $base64EncodedEncryptedValue is what you submit along with the public key id to GitHub.

I hope that helps 🥳