5

I've had several attempts at deploying an artifact to https://maven.pkg.github.com from .github/workflows but they all result in a 401 Unauthorised error.

      - name: Setup java for mvn deploy
        uses: actions/setup-java@v1
        with:
          java-version: 8

      - name: Deploy kaldi-linux.zip
        working-directory: kaldi
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          cp ../.github/kaldi/* .
          perl -pi -e 's/^(\s{4}<version>).*(<\/version>)/${1}$ENV{"KALDI_VERSION"}${2}/g' pom.xml
          mvn deploy

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy)
 on project kaldi: Failed to deploy artifacts: Could not transfer artifact org.kaldi:kaldi:pom:da93074
 from/to temp (https://maven.pkg.github.com/nalbion/vosk-api): Transfer failed for 
https://maven.pkg.github.com/nalbion/vosk-api/org/kaldi/kaldi/da93074/kaldi-da93074.pom 401 Unauthorized -> [Help 1]

logs here: https://github.com/nalbion/vosk-api/runs/683615393?check_suite_focus=true

My understanding is that actions/setup-java is supposed to provide settings.xml and environment variables and the deployment should be straight forward. Is there something that needs to be done that I'm not doing?

Nicholas Albion
  • 3,096
  • 7
  • 33
  • 56

2 Answers2

9

I can tell you by first hand experience that it is not easy to deploy packages to github's maven repos. Forget the "simple" step shown in the packages section, the process is more involved than that. However, it is still possible to do it.

For starters, you will need a settings.xml file. Here is my minimal setup:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                          https://maven.apache.org/xsd/settings-1.0.0.xsd">

  <servers>
    <server>
      <id>github</id>
      <configuration>
        <httpHeaders>
          <property>
            <name>Authorization</name>
            <value>Bearer <GITHUB_TOKEN_GOES HERE></value>
          </property>
        </httpHeaders>
      </configuration>
    </server>
  </servers>
</settings>

I guess the java action overwrites the settings.xml, but the above is required. Another option is to use the username/password approach, but that method is quickly becoming antiquated in favour of bearer token as I did above.

Now to deploy a snapshot release with sources, this is the command I had to use:

mvn clean source:jar deploy -DuniqueVersion=false -Dmaven.source.useDefaultManifestFile=true -Dmaven.source.includePom=true -Dmaven.install.skip=true -DdeplyAtEnd=true -DaltDeploymentRepository='github::default::https://maven.pkg.github.com/OWNER/REPOSITORY'

Assuming you had the following in your pom.xml according to the publishing guide:

<distributionManagement>
   <repository>
     <id>github</id>
     <name>GitHub OWNER Apache Maven Packages</name>
     <url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
   </repository>
</distributionManagement>

You can change the command to just:

mvn clean source:jar deploy -DuniqueVersion=false -Dmaven.source.useDefaultManifestFile=true -DdeplyAtEnd=true -Dmaven.source.includePom=true -Dmaven.install.skip=true
smac89
  • 39,374
  • 15
  • 132
  • 179
1

In case someone is using the maven-settings-action (https://github.com/s4u/maven-settings-action):

This action also overwrites the settings.xml and therefore needs the following configuration:

- uses: s4u/maven-settings-action@v2.5.0
        with:
          servers: '[
          {"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]'
Milipp
  • 31
  • 3