Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Information in Publishing actions in GitHub Marketplace might be wrong #35423

Open
1 task done
jsoref opened this issue Nov 26, 2024 · 0 comments
Open
1 task done

Information in Publishing actions in GitHub Marketplace might be wrong #35423

jsoref opened this issue Nov 26, 2024 · 0 comments
Labels
content This issue or pull request belongs to the Docs Content team triage Do not begin working on this issue until triaged by the team

Comments

@jsoref
Copy link
Contributor

jsoref commented Nov 26, 2024

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace

What part(s) of the article would you like to see updated?

https://docs.github.com/en/actions/sharing-automations/creating-actions/publishing-actions-in-github-marketplace#about-publishing-actions

When you plan to publish your action to GitHub Marketplace, you'll need to ensure that the repository only includes the metadata file, code, and files necessary for the action. Creating a single repository for the action allows you to tag, release, and package the code in a single unit. GitHub also uses the action's metadata on your GitHub Marketplace page.

This should really include advice not to have 300mb of stuff in a release (github/codeql-action currently does this and it means that anyone using the action has to wait 6 seconds for it to download).

Actions are published to GitHub Marketplace immediately and aren't reviewed by GitHub as long as they meet these requirements:

  • The action must be in a public repository.
  • Each repository must contain a single action.

I'm not sure this is a real requirement... At the very least, the GitHub Actions organization violates this:

GitHub codeql-action definitely doesn't conform to this:

At least Endor Labs Scan has multiple action.yml files

I certainly haven't seen anything preventing it.

  • Each repository must not contain any workflow files.

I didn't search (and I can't think of a way to search for this), but I don't think I can think of any repositories that don't have workflow files.

  • The action's metadata file (action.yml or action.yaml) must be in the root directory of the repository.

This is apparently false. While researching an earlier point, I found one action listed on the marketplace without a root level action.yml,
enricomarino/actions https://github.com/search?q=repo%3Aenricomarino%2Factions%20path%3Aaction.yml&type=code

And, it works: https://github.com/Finastra/fds-angular/actions/runs/10681780031/job/29606154031#step:9:1 (there were other theoretical users, but I didn't find any recent workflow runs among them).

...

If the labels in your metadata file contain any problems, you will see an error message. Address them by updating your metadata file. Once complete, you will see an "Everything looks good!" message.

I'm not sure if this still happens. I tried creating a test action and while I tripped over some of the other items, I didn't see "Everything looks good!"

Additional information

No response
@jsoref jsoref added the content This issue or pull request belongs to the Docs Content team label Nov 26, 2024
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
content This issue or pull request belongs to the Docs Content team triage Do not begin working on this issue until triaged by the team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jsoref