Pursue getting this action certified by GitHub

[ericwb]

Please consider getting this Action certified by GitHub.

carvel-setup-action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

Several organizations have Action usage restricted via these settings:

• Allow actions created by GitHub
• Allow Marketplace actions by verified creators

[jbrunton]

@ericwb: Thanks for the suggestion!

For reference for other readers, it sounds like the organization itself needs to be verified, not the action:

https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/about-marketplace-badges#for-github-actions https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/applying-for-publisher-verification-for-your-organization

And here are docs on the ways in which actions can be restricted: https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#allowing-select-actions-and-reusable-workflows-to-run

[neolit123]

hello, i was pinged on Slack about this ticket. while i lack experience with GH certification, i agree with @jbrunton 's assessment after reading the associated documentation.

one benefit of certifying the wider owner vmware-tanzu is that it can establish the VMware Tanzu team as a trusted action author and we won't have to certify every single action.

these are the relevant steps vmware-tanzu admins must follow: https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/applying-for-publisher-verification-for-your-organization

[ericwb]

The vmware-tanzu org itself is also not verified due to the following. I'm not sure if this is a cache-22, but sure reads like it: There must be 1 or more GitHub/OAuth App registered by the organization to request publisher verification