Uhpenry

Connecting Github

Here is a detailed section that covers tokens, GitHub app installation, and permissions.

Connecting your GitHub account is essential for sellers who want to list and sell projects. By linking your repositories securely, you can:

  • Streamline project management directly from GitHub.
  • Control how users access your source code.
  • Track updates and automate notifications for repository changes.

This guide explains the step-by-step process, including how we handle your GitHub tokens, permissions, and the GitHub App installation.

Step 1: Understanding How We Use GitHub

To ensure transparency, here's what happens when you connect your GitHub account:

  1. OAuth Authentication: We use GitHub's secure OAuth protocol to connect your account.
  2. Access Tokens: After authentication, we generate an access token that allows limited access to your repositories based on permissions you approve.
    • Tokens are encrypted and stored securely.
    • You can revoke access at any time via GitHub.
  3. Permissions: Our GitHub App requests specific permissions to function properly, but we only access what's necessary to facilitate your projects.

Step 2: Installing the GitHub App

To connect your repositories, you'll need to install the platform's GitHub App on your personal account or organization:

  1. Navigate to Your Dashboard:

    • Create a booth.
    • Go to Settings > Connect.
    • And click on the Github tab.

  2. Click “Install App”:

    • You'll be redirected to GitHub's OAuth page.

  3. Authorize the App:

    • Review the requested permissions.
    • Click “Authorize” to proceed.

  4. Install the App on Your GitHub Account:

    • You'll be prompted to install the GitHub App on your account or organization.
    • Choose whether to grant access to:
      • All repositories (default option for convenience).
      • Specific repositories (recommended for finer control).

  5. Confirm Installation:

    • Once installed, you'll be redirected back to your dashboard with a success message.

Step 3: Permissions Explained

The GitHub App requires specific permissions to integrate seamlessly with your workflow. Here's a breakdown of the permissions we request and why:

PermissionPurpose
Read access to repositoriesAllows the platform to fetch project files and display repository details for users.
Read access to webhooksEnables us to track changes (commits, branches, updates) in your repositories.
Read access to user emailHelps us verify your GitHub account and link it to your booth profile.
Read access to organizationNecessary if you're listing repositories owned by GitHub organizations you belong to.

Note: We never make changes to your code, push commits, or access private information unrelated to the integration.

Step 4: Managing Your Connected Repositories

After installing the GitHub App, you'll be able to manage your connected repositories:

  1. Select Repositories:

    • In your dashboard, select your booth.
    • Go to Projects > More options > View project.
    • Choose the repository you want to associate with a project and list.

  2. Set Project Details:

    • Assign categories (Starter, Advanced, Component).
    • Define pricing, licensing, and access options.
    • More on (creating your project)[].

  3. Repository Updates:

    • The platform will automatically track changes (e.g., commits, new branches) using webhooks.
    • Users who purchase your project will be notified of updates (optional).

Step 5: Revoking Access or Permissions

You can manage or revoke the platform's access to your GitHub account at any time:

  1. Via GitHub:

    • Go to GitHub Settings > Applications > Installed Apps.
    • Find the Uhpenry GitHub App and click “Uninstall” or modify repository access.

  2. Via our platform Dashboard:

    • Select the booth, and go to Connect > GitHub.
    • Click “Manage App, and continue to Github.

Note: Revoking access will disable project, and users will no longer be able to buy from the marketplace.

Why This Method?

We've chosen this approach for the following reasons:

  1. Security and Control:

    • By using GitHub's OAuth and App installation process, sellers maintain full control over their repositories and permissions.
    • Tokens are securely encrypted, and you can revoke access at any time.

  2. Transparency:

    • We only request the minimum permissions required to manage and sell projects effectively.
    • Sellers can decide which repositories to share and update.

  3. Convenience:

    • Automatic tracking of repository changes saves time for sellers and keeps users informed.
    • Managing permissions directly via GitHub ensures a familiar and secure workflow.

  4. Seller Control:

    • Sellers retain complete ownership of their source code.
    • Users can access code securely without requiring manual file sharing.

Troubleshooting GitHub Integration

If you encounter issues while connecting GitHub:

  1. Check Permissions:

    • Ensure you've authorized the correct repositories.
    • Verify permissions in GitHub > Settings > Applications.

  2. Reinstall the App:

    • Go to your dashboard and disconnect GitHub.
    • Reconnect and reinstall the app to refresh permissions.

  3. Browser or Network Issues:

    • Clear your browser cache or try a different browser.
    • Ensure your network isn't blocking GitHub connections.

  4. Contact Support:

Next Steps

Once GitHub is connected:

  • For Sellers: Start creating projects by selecting repositories and adding details.
  • For Users: Browse and purchase projects with confidence, knowing they're managed securely.

On this page

Step 1: Understanding How We Use GitHubStep 2: Installing the GitHub AppStep 3: Permissions ExplainedStep 4: Managing Your Connected RepositoriesStep 5: Revoking Access or PermissionsWhy This Method?Troubleshooting GitHub IntegrationNext Steps