1

I'm performing a release of a project on Github using Maven. release:prepare fails with:

[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] remote: Permission to FOO/BAR.git denied to BAZ.
[ERROR] fatal: unable to access 'https://github.com/FOO/BAR.git/': The requested URL returned error: 403

The weird thing is that BAZ is the "wrong" github.com account. It is one of two user names I use on Github, but not one I have ever used with the BAR project. Let's say the right account is FIZZ.

SCM settings don't specify a user name:

<scm>
  <connection>scm:git:https://github.com/FOO/BAR.git</connection>
  <url>scm:git:https://github.com/FOO/BAR.git</url>
  <developerConnection>scm:git:https://github.com/FOO/BAR.git</developerConnection>
  ...
</scm>

(FOO is an organization that I'm part of.) In fact, I can't figure out where on earth BAZ is coming from. It's not in ~/.gitconfig or .git/config. There is no ~/.m2/settings.xml file. My Maven settings.xml file says nothing about Github.

If I use git on the command line it works -- push is fine for example.

Can anyone tell me where else this might be coming from? a hidden config file or directory somewhere, whether Maven- or Git-related?

Or, what's the best practice for recording the Github user to use in a private local file, like a Maven settings.xml or .git/config, such that I need not put my own user into the build file?

I'm using Mac OS X.

Sean Owen
  • 66,182
  • 23
  • 141
  • 173

2 Answers2

1

The simplest thing would be to explicitly use an ssh url, see more details in this answer. 

git remote set-url origin git@github.com:FIZZ/FOO/BAR.git
Community
  • 1
  • 1
mockinterface
  • 14,452
  • 5
  • 28
  • 49
  • Thank you -- the thing is, the HTTPS URL works fine via `git` and this is a Git setting. It's just something to do with Maven. However, you prompted me to think harder about HTTPS and I figured it out. I think that this answer would have also worked in the sense that it just avoided HTTPS, but I'll write down the dumb real answer for HTTPS. – Sean Owen Dec 21 '13 at 11:16
  • 1
    Yes good point about Keychain caching. I was thinking more along the lines of being strict and explicit in the project settings, using the ssh url there if possible with the explicit username. That of course, unless the maven releases are shared by multiple users. But even then one could argue that having a release-dedicated user account would be advantageous. – mockinterface Dec 21 '13 at 11:31
  • That's the thing, many users use this, and I think this would interfere with normal `git` operations if I put my username in there? Not sure. But agree that is a good practice. – Sean Owen Dec 21 '13 at 13:22
  • 1
    Github supports multiple users per repo (see https://help.github.com/articles/how-do-i-add-a-collaborator). So having a release user and a normal user for your command line `git` ops (is this what you mean by a normal flow?) should be fine, but it would be best if you clone the repo orthogonally to the repo maven uses to release. – mockinterface Dec 21 '13 at 13:36
0

Finally figured this out. The problem is that I'm on OS X, and had logged in to my second account BAZ via Safari. This saved the username and password for https://github.com in Keychain. Apparently, the Maven SCM plugin consults this for HTTPS URLs, although git won't. After clearing Keychain, it correctly prompted me for a username and password.

Sean Owen
  • 66,182
  • 23
  • 141
  • 173