23

I uploaded a maven artefact to the GitHub Package Registry (Beta) and want to add it as maven dependency. I'm already in the Regestry-Beta and activated it for my sample HalloMaven project. Also the mvn deploy was succesful, so the artifact is public available here: https://github.com/TobseF/HelloMaven/packages
But how to include it as a maven dependency?

I tried to add it in a fresh sample project with this pom.xml:

<groupId>de.tfr.test</groupId>
<artifactId>maven-repo-test</artifactId>
<version>1.0-SNAPSHOT</version>

<repositories>
    <repository>
        <id>github</id>
        <name>GitHub TobseF Apache Maven Packages</name>
        <url>https://github.com/TobseF/HelloMaven/packages</url>
        <!-- also tried:
        <url>https://maven.pkg.github.com/HelloMaven/</url> -->
    </repository>
</repositories>


<dependencies>
    <dependency>
        <groupId>github.tobsef</groupId>
        <artifactId>hello-maven</artifactId>
        <version>1.2.1</version>
    </dependency>
</dependencies>

But the dependency cannot be resolved. It's strange that the artifactId is github.tobsef.hello-maven, which doesn't match the hello-maven specified in the pom. But I have no clue why the github.tobsef gets prepended and if the repository url is correct.

The official GitHub Configuring Apache Maven for use with GitHub Package Registry only shows how to push it with credentials. But my repo is public, authentication is not needed.

Setup for the HalloMaven example:

settings.xml

    <profiles>
        <profile>
            <id>github</id>
            <repositories>
                <repository>
                    <id>github</id>
                    <name>GitHub TobseF Apache Maven Packages</name>
                    <url>https://maven.pkg.github.com/TobseF</url>
                </repository>
            </repositories>
        </profile>
    </profiles>

    <servers>
        <server>
            <id>github</id>
            <username>${env.GITHUB_USERNAME}</username>
            <password>${env.GITHUB_TOKEN}</password>
        </server>
    </servers>

pom.xml

   <groupId>github.tobsef</groupId>
    <artifactId>hello-maven</artifactId>
    <version>1.2.1</version>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
            <plugin>
                <artifactId>maven-deploy-plugin</artifactId>
                <version>2.8.1</version>
            </plugin>
        </plugins>
    </build>

    <properties>
        <github.global.server>github</github.global.server>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>11</java.version>
        <maven.compiler.source>11</maven.compiler.source>
        <maven.compiler.target>11</maven.compiler.target>
    </properties>

    <distributionManagement>
        <repository>
            <id>github</id>
            <name>GitHub TobseF Apache Maven Packages</name>
            <url>https://maven.pkg.github.com/TobseF/HelloMaven</url>
        </repository>
    </distributionManagement>

deploy.yml

name: Maven Deploy

on:
  push:
    branches:
      - master

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v1
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: Maven build
        run: mvn --file pom.xml package

  deploy:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1
    - name: Set up JDK 11
      uses: actions/setup-java@v1
      with:
        java-version: 11
    - name: Deploy to Github Package Registry
      env:
        GITHUB_USERNAME: ${{ secrets.GITHUB_USERNAME }}
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: mvn --settings settings.xml --file pom.xml deploy

The result is a Could not find artifact github.tobsef:hello-maven:pom:1.2.1 in github (https://github.com/TobseF/HelloMaven/packages).

Any Idea how to setup the deployment to deploy the correct artifact and how to add it as dependency?

IgorGanapolsky
  • 26,189
  • 23
  • 116
  • 147
Tobse
  • 1,176
  • 1
  • 9
  • 22
  • 1
    your artefact can be found via search: https://github.com/search?l=&q=hello-maven&type=RegistryPackages - so far so good. The artifact it shows is: ` com.github.tobsef github.tobsef.hello-maven 1.2.1 ` which is a different artifactId than what you seem to use. It also seems the settings.xml repo url is correct, the one you use in the pom does not match the documentation you linked. – wemu Oct 17 '19 at 20:01
  • > which is a different artifactId than what you seem to use. Yes, but also when I try to add this artifactId, i doesn't work. > he one you use in the pom does not match the documentation The dependency `artifactId` I used in the sample project, match with the deployed artifact path. Only the `artifactId` inside the deployed jar doesn't match - which shouldn't prevent it from downloading? – Tobse Oct 18 '19 at 08:49
  • The artifactId listed in github.com/TobseF/HelloMaven/packages/39042 now matches. Whithout any change... mabye an error on GitHubs side (Beta product). So now the only question is how to include it as dependency? – Tobse Oct 18 '19 at 09:16
  • well those repos are not browseable somehow. So try and error. Are you sure its a public repo? Behind: https://maven.pkg.github.com/TobseF/github/tobsef I get 401 errors requiring a login. Something like https://maven.pkg.github.com/TobseF/github/tobsef/hello-maven/1.2.2/hello-maven-1.2.2.jar should be correct. But well authentication required, can't check that. – wemu Oct 18 '19 at 12:31
  • Have you tried testing your deploy locally with `publishToMavenLocal` command? – IgorGanapolsky May 12 '21 at 16:17

1 Answers1

27

OK ✅, I found out how to configure it the right way.

You can see a sample project with the working GitHub Actions CI and the GitHub Package Registry here:
HelloMaven
To see how the dependency can be included check the:
GitHub-plugin-registry-example Template

The trick was to add an authentification to the GitHub API in the global maven settings.xml.

<servers>
    <server>
        <id>github</id>
        <username>YOUR_USERNAME</username>
        <password>YOUR_AUTH_TOKEN</password>
    </server>
</servers>

Replace the YOUR_USERNAME with your GitHub login name.
Replace the YOUR_AUTH_TOKEN with a generated GitHub personal access token:
GitHub > Settings > Developer Settings > Personal access tokens > Generate new token:
The token needs at least the read:packages scope. Otherwise you will get a Not authorized exception.

It wasn't clear that this auth is also needed to read a package. Especially because the jar is available without any login on the package page: https://github.com/TobseF/HelloMaven/packages

So it's a little bit nasty because we have to add the <server><id>github</id>... and hope others will also provide the the repository with the github id. Otherwise we have to add a server config for every github dependency.

Keep in mind that every GitHub repo is its own maven repo. So there is no global registry like the maven central. Every dependency has to provide its own repository link declaration.

But in combination with the GitHub Actions CI, it's a very nice alternative without any third party plugins.

Tobse
  • 1,176
  • 1
  • 9
  • 22
  • 10
    Until today, July 11th, 2020, there is no option for using GitHub Packages without authorization. So in other words, it's not possible to use anonymous access with GitHub Packages. You can follow the discussion in the GitHub forum: https://github.community/t/download-from-github-package-registry-without-authentication/14407/10 – Felipe Desiderati Jul 11 '20 at 14:53
  • 4
    @FelipeDesiderati Friendly suggestion: I think you mean _even_ today, not _until_ today. But thank you for the confirmation. – Steven R. Loomis Sep 08 '20 at 19:19
  • Another tip: Don't blindly dump auth keys into what is very likely a version controlled settings file. Pull them in from environment variables. – Damien Roche Dec 14 '20 at 19:19
  • 2
    You can also use the authentication that Github has built in: `username = System.getenv("GITHUB_ACTOR")` `password = System.getenv("GITHUB_TOKEN")` – IgorGanapolsky May 12 '21 at 16:22
  • FYI packagecloud.io has a free tier for publishing packages that can be accessed anonymously. I'm experimenting with them after finding out this unfortunate restriction. – Antony Stubbs Nov 04 '21 at 16:22
  • Sune 2020 update: packagecloud.io. does NOT have a free tier. – Mike Nakis Jun 07 '22 at 23:28
  • aug 2023 update: still no better resource in the whole internet showing how to publish packages to gh package registry and use it in github CI. outstanding – FARS Aug 11 '23 at 21:57