I have seen couple of Github profiles having "Developer Program Member". I searched on Google a lot but not able to find how people get that in their profile.
This is for developers registered to the GitHub Developer Program (like this GitHub profile, for instance)
Membership is open to individual developers and companies who have:
A paid GitHub.com personal or organization plan
(since 2019, you don't need a paid membership anymore)
An integration in production or development using the GitHub API
An email address where GitHub users can contact you for support
That allows for:
Staying in the know:
Be the first to know about API changes and try out new features before they launch.
Scratching an itch
Build your own tools that seamlessly integrate with the place you push code every day.
Taking on the enterprise
Obtain developer licenses to build and test your application against GitHub Enterprise.
By joining this Developer Program,
1) You'll receive ongoing notifications about changes to Github API.
2) You can request a development license for GitHub Enterprise.
3) You can also submit your work for consideration on the integrations page.
Go to this link:
https://developer.github.com/program/
Related
What is the difference between a GitHub App and the REST API for GitHub? Why would you need a GitHub App if you can just use the REST API, without setting any environment up?
The REST API should just be a collection of endpoints that accept a POST along with access tokens. But the GitHub App requires cloning an entire repo written in Ruby, that has nothing to do with my app.
I am not looking for users to integrate with my repo, I want them to be able to connect their own repo to the application.
But the GitHub App requires cloning an entire repo written in Ruby, that has nothing to do with my app.
I don't believe this is true.
GitHub Apps make the process of integrating 3rd party tools into your GitHub repositories smoother.
GitHub Apps are installed by organizations and granted access to specific repositories via GitHub. For example, CodeClimate is a tool which performs checks on pull requests. Rather than granting them OAuth access to my repositories, I can install the CodeClimate GitHub App on my organization and configure which repositories they have access to. I can see all the apps installed and what their permissions are.
Note that "installing" a GitHub App does not install any code. "Installing" gives the app permissions for the service to access your organization and repos. A GitHub App is a wrapper around an existing service.
If you want users to connect their repos to your application, consider a GitHub App.
This is covered in About apps.
An OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an organization or on repositories within an organization.
GitHub Apps are the officially recommended way to integrate with GitHub because they offer much more granular permissions to access data, but GitHub supports both OAuth Apps and GitHub Apps.
GitHub Apps are first-class actors within GitHub. A GitHub App acts on its own behalf, taking actions via the API directly using its own identity, which means you don't need to maintain a bot or service account as a separate user.
GitHub Apps can be installed directly on organizations and user accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions. When you set up your GitHub App, you can select the repositories you want it to access. For example, you can set up an app called MyGitHub that writes issues in the octocat repository and only the octocat repository. To install a GitHub App, you must be an organization owner or have admin permissions in a repository.
GitHub Apps are applications that need to be hosted somewhere. For step-by-step instructions that cover servers and hosting, see "Building Your First GitHub App."
Differences between GitHub Apps and OAuth Apps has a complete breakdown.
i am interested in building a github app. reading through github Setting up your development environment to create a GitHub App documentation it explains that a github app is based on a http server which will handle webhooks.
yet, on every github app i installed, the app\installation did not require anything that involves hosting and/or creation of http server in order to deploy the app to my github accout.
for such github apps, which are installed directly through the github marketplace (you can take probot stale and rennovate as examples for such apps)
where do these application run? (e.g.; does github deploys the app on a dedicate (virtual) server?).
what are the resources limitations for such apps (amount of memory, cpu, etc.?)
how can the github app logs be accessed by the github account owner who installed such app?
links for reference and an answer will be great.
GitHub App is just another app that you create. GitHub apps are treated as first-class citizens when it comes to integrating with GitHub. One can use Nodejs , Ruby, etc to build the App. Once the app is ready it can be hosted on a Server just like any other server hosted apps. You register your app on GitHub by providing relevant details.
So, coming to your questions.
The Apps can run on any hosting service of your choice. It can be a Windows Server, Heroku, etc.
I believe it is only limited by the resource of your server or the hosting service provider that you chose. However you might be ineterset in erading more about the Rate Limit More on Rate limits here.
GitHub app logs are something which only the developer will be able to see. To the end user ,i.e. the repo owner who installed the GitHUb app on his repos, all that will be available are the checks , statuses and any other details that the developer of app decided to display.
A very handy guide on Deployment and other details : Probot Documentation. This documentation is great if you are planning to use the probot framework for developing your github apps, but most of the instructions still stand true in case you decide to pick up a different tech stack.
The most important thing to realise about a (so-called?) Github App is that the App itself does not run anywhere - or at least that is what I would argue. Basically Github Apps are two linked mechanisms, both a bit of infrastructure. The first of these mechanisms is access control, essentially replacing use of user PATs - you can give relatively fine grained access to repos that the App is installed in, rather than just giving access to all repos the user can access. The second mechanism is that of webhooks - generating events as requested.
What Github Apps do not directly provide is the bit between this - handling the webhooks and generating API calls using the App for access. Basically you are on your own and need to do it yourself. The plus, #asif-kamran-malick mentioned, is that you have freedom to implement it how you see fit.
One alternative possibility is that the App itself, rather than setting to handle ongoing Webhooks, runs on installation and looks to add Actions into the repo. Never done it, but some of the github examples seem to work this way. Of course, Actions are run within Github environments and are potentially subject to resource limits. Apart from this though, Actions are a completely separate "beast" and should not be confused.
Is it possible to tell if a release which is published on a GitHub repo was made by someone who logged in with 2FA?
The reason for asking is that we have a tool that integrates GitHub releases (from repos made by other people, ie not part of our GitHub organisation) into an application, and is capable of auto-updating to the latest release.
Although it's user friendly to auto-update, if someone were to steal the credentials of that GitHub user (because they do not use 2FA) then the auto-update could end up installing maliciously crafted code. This scenario has happened to npmjs.
It would be useful to be able to identify that the release was made by someone who does not use 2FA and warn that the release might be "unsafe".
Our application is part of Qooxdoo http://www.qooxdoo.org, which is an open source Javascript development framework.
The new user setup their account at the tail end of last week and today we added them via the documented invite mechanism to join our dev team using the Microsoft account email address.
they have received the email and clicked the accept link in it and logged in to the portal # {mycorp}.visualstudio.com and confirmed they can see the dashboards, boards, ect.
Having put them in the same team as the rest of us which is a member of the contributors default group for the project in question I was then expecting to open up VS and pull the latest from the repo root.
The user can see everything but the repo it seems so I hit a wall.
How do I fix this because as far as I can tell they have all the permissions that the rest of the team has?
Ok figured it out ... he was setup as using a VS sub but the VS sub was not found.
So I've been reading GitHub developer docs and about webhooks they have the following statement:
Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com. When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. You're only limited by your imagination.
However, about Apps they've also got this statement:
Apps on GitHub extend and improve existing workflows. People can
purchase apps from GitHub Marketplace or browse useful tools and
services that integrate with GitHub in Works with GitHub.
If you're building or adding integrations, this documentation will
help get you up and running.
For support requests, bug reports, and discussions related to GitHub
Apps (not OAuth Apps), use the GitHub Platform Forum. The forum allows
you to collaborate with other integrators as well as engineers and
product managers from GitHub.
If your request is about OAuth Apps, or if you need to discuss a
private concern, please contact support directly.
This seems that Webhooks can only be used with GitHub Apps? The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?
Edit
Can Webhooks be used with a GitHub OAuth App?
Yes.
Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com.
This is an incorrect statement. This should be 'an integration with GitHub' rather than 'GitHub Apps'.
This seems that Webhooks can only be used with GitHub Apps?
No. GitHub Apps include implicit support for Webhooks. OAuth Applications request tokens with a scope for write:repo_hook or admin:org_hook to register a Webhook on the Repository or Organization.
There is a guide for creating webhooks that suggests to use the repo hooks or org hooks API endpoints.
The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?
There is documentation that describes some differences between GitHub Apps and OAuth Apps.
TLDR advantages of GitHub Apps:
Granular Permissions
Option to use short-lived Tokens
GitHub Apps do not need to add a Webhook to a Repository or Organization
Avoids having Machine/Service Account users
Original
Webhooks allow your server/application to get notified whenever a specific event happens - regardless of whether you are using OAuth or GitHub App. Your application will then need to process an event and act accordingly.
Separately, your application will need to interact with GitHub's API to create, read, edit, or delete information. GitHub will usually require credentials to access or update specific information. Authentication to GitHub's API can use multiple methods:
None
Basic Authentication (username/password)
OAuth2 Token
Personal Access Token (PAT)
Installation Access Token
There are additional differences between legacy GitHub integrations and GitHub Apps.
Older integrations were based on Oauth2 and use a Token associated with a user's account. Integrations would interact with GitHub's API on behalf of a user - which is why some organizations would set up a machine user. Webhooks also need to be added explicitly.
GitHub Apps will interact with GitHub's API on it's own behalf. You must explicitly grant a GitHub App access to an Organization or Repository which enables both Webhook and API access.