Open ericwb opened 2 years ago
@ericwb: Thanks for the suggestion!
For reference for other readers, it sounds like the organization itself needs to be verified, not the action:
https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/about-marketplace-badges#for-github-actions https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/applying-for-publisher-verification-for-your-organization
And here are docs on the ways in which actions can be restricted: https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#allowing-select-actions-and-reusable-workflows-to-run
hello, i was pinged on Slack about this ticket. while i lack experience with GH certification, i agree with @jbrunton 's assessment after reading the associated documentation.
one benefit of certifying the wider owner vmware-tanzu is that it can establish the VMware Tanzu team as a trusted action author and we won't have to certify every single action.
these are the relevant steps vmware-tanzu admins must follow: https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/applying-for-publisher-verification-for-your-organization
The vmware-tanzu org itself is also not verified due to the following. I'm not sure if this is a cache-22, but sure reads like it:
There must be 1 or more GitHub/OAuth App registered by the organization to request publisher verification
Please consider getting this Action certified by GitHub.
carvel-setup-action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Several organizations have Action usage restricted via these settings: