The GitHub Marketplace (https://github.com/marketplace) is a directory of tools and apps grouped in the following categories:
» Chat
» Code quality
» Code review
» Continuous integration
» Dependency management
» Deployment » Learning
» Localization » Mobile
» Monitoring
» Project management
» Publishing
» Recently added
» Security
» Support
» Testing
» Utilities
The Marketplace is a great way to find an app for every situation on GitHub. Purchasing or installing apps through the Marketplace has two key benefits: ease of billing and installation and the vetting process.
1. Billing made easy
For apps in the GitHub Marketplace that require payment, installing the app through the Marketplace is a streamlined flow because you can use your GitHub payment info. That way, you’re not dealing with five different payment providers when purchasing five different apps to use with GitHub.
If you have a free GitHub account, you may not have setup your payment information in GitHub. To set up a payment method, click your avatar in the top right corner of GitHub.com and click Settings. From this page, click Billing from the list on the left side. Here you can click the Add payment method, as shown in Figure 15-1.
2. The Marketplace vetting process
One of the benefits of installing an application from the Marketplace is that these apps must meet certain requirements before GitHub will list them in the Marketplace. The requirements help ensure a higher standard of quality and security with the apps; helping ensure that these apps are useful (no Fart apps) and are secure.
At the moment, a GitHub Action doesn’t require any review to be listed in the GitHub Marketplace, which means installing an action from someone you don’t know may be a bit riskier.
An app must meet four main categories of requirements before being listed in the Marketplace(https://developer.github.com/marketplace/getting-started/ requirements-for-listing-an-app-on-github-marketplace):
» User experience: This brief set of nine requirements includes things like the app must have a certain number of users and installs already. It also includes some requirements around the behavior of the app, such as the app must include links to documentation, it can’t actively persuade users away from GitHub, and it must provide value to customers.
» Brand and listing: This set of guidelines and recommendations center around the branding of your app and your app’s listing. Every app must include its own logo. If the app makes use of GitHub’s logo, it must follow GitHub’s Logos and Usages guidelines. The brand and listing section on the Requirements page has links to further logo and description guidelines. As you can see, GitHub takes listing apps in the Marketplace seriously.
» Security: GitHub will conduct a security review of apps before listing them in the marketplace. A separate document with security best practices and more details on the security review is at https://developer.github.com/ marketplace/getting-started/security-review-process.
» Billing flows: Every app in the Marketplace must integrate billing flows using the GitHub Marketplace webhook event. This requirement ensures that people can purchase a subscription to your app and cancel that subscription with the payment info they already have on file with GitHub. It also ensures that any changes made through GitHub are reflected immediately on the app’s own website.
Source: Guthals Sarah, Haack Phil (2019), GitHub for Dummies, Wiley.