"Unauthorized" error with TokenSource from environment or git config

[keyvan]

I tested my setup locally by dumping my credentials into the SBT file and could publish successfully, however, when I moved the exact same token to my profile or my git configs and referenced them from SBT, I get an Unauthorized error.

[info] Loading settings for project ******-build from plugins.sbt ...
[info] Loading project definition from ******
[info] Loading settings for project root from build.sbt ...
[info] Set current project to root (in build file:******)
[info] Executing in batch mode. For better performance use sbt's shell
[success] Total time: 0 s, completed Dec 29, 2019, 9:56:12 PM
[info] Compiling 3 Scala sources to ******
[success] Total time: 3 s, completed Dec 29, 2019, 9:56:15 PM
[info] Wrote ******
[info] Main Scala API documentation to ******.
model contains 8 documentable templates
[info] Main Scala API documentation successful.
[error] Unable to find credentials for [GitHub Package Registry @ maven.pkg.github.com].
[error] Unable to find credentials for [GitHub Package Registry @ maven.pkg.github.com].
[error] java.io.IOException: Access to URL https://maven.pkg.github.com/******/root/root_2.13/0.0.1/root_2.13-0.0.1.pom was refused by the server: Unauthorized
[error] 	at org.apache.ivy.util.url.AbstractURLHandler.validatePutStatusCode(AbstractURLHandler.java:79)
[error] 	at org.apache.ivy.util.url.BasicURLHandler.upload(BasicURLHandler.java:278)
[error] 	at org.apache.ivy.util.url.URLHandlerDispatcher.upload(URLHandlerDispatcher.java:82)
[error] 	at org.apache.ivy.util.FileUtil.copy(FileUtil.java:150)
[error] 	at org.apache.ivy.plugins.repository.url.URLRepository.put(URLRepository.java:84)
[error] 	at sbt.internal.librarymanagement.ConvertResolver$LocalIfFileRepo.put(ConvertResolver.scala:368)
[error] 	at org.apache.ivy.plugins.repository.AbstractRepository.put(AbstractRepository.java:130)
[error] 	at sbt.internal.librarymanagement.ConvertResolver$ChecksumFriendlyURLResolver.put(ConvertResolver.scala:118)
[error] 	at sbt.internal.librarymanagement.ConvertResolver$ChecksumFriendlyURLResolver.put$(ConvertResolver.scala:105)
[error] 	at sbt.internal.librarymanagement.ConvertResolver$$anonfun$defaultConvert$lzycompute$1$PluginCapableResolver$1.put(ConvertResolver.scala:165)
[error] 	at org.apache.ivy.plugins.resolver.RepositoryResolver.publish(RepositoryResolver.java:216)
[error] 	at sbt.internal.librarymanagement.IvyActions$.$anonfun$publish$5(IvyActions.scala:501)
[error] 	at sbt.internal.librarymanagement.IvyActions$.$anonfun$publish$5$adapted(IvyActions.scala:500)
[error] 	at scala.collection.TraversableLike$WithFilter.$anonfun$foreach$1(TraversableLike.scala:877)
[error] 	at scala.collection.Iterator.foreach(Iterator.scala:941)
[error] 	at scala.collection.Iterator.foreach$(Iterator.scala:941)
[error] 	at scala.collection.AbstractIterator.foreach(Iterator.scala:1429)
[error] 	at scala.collection.IterableLike.foreach(IterableLike.scala:74)
[error] 	at scala.collection.IterableLike.foreach$(IterableLike.scala:73)
[error] 	at scala.collection.AbstractIterable.foreach(Iterable.scala:56)
[error] 	at scala.collection.TraversableLike$WithFilter.foreach(TraversableLike.scala:876)
[error] 	at sbt.internal.librarymanagement.IvyActions$.publish(IvyActions.scala:500)
[error] 	at sbt.internal.librarymanagement.IvyActions$.$anonfun$publish$3(IvyActions.scala:142)
[error] 	at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
[error] 	at sbt.internal.librarymanagement.IvyActions$.withChecksums(IvyActions.scala:156)
[error] 	at sbt.internal.librarymanagement.IvyActions$.withChecksums(IvyActions.scala:149)
[error] 	at sbt.internal.librarymanagement.IvyActions$.$anonfun$publish$1(IvyActions.scala:142)
[error] 	at sbt.internal.librarymanagement.IvyActions$.$anonfun$publish$1$adapted(IvyActions.scala:132)
[error] 	at sbt.internal.librarymanagement.IvySbt$Module.$anonfun$withModule$1(Ivy.scala:251)
[error] 	at sbt.internal.librarymanagement.IvySbt.$anonfun$withIvy$1(Ivy.scala:215)
[error] 	at sbt.internal.librarymanagement.IvySbt.sbt$internal$librarymanagement$IvySbt$$action$1(Ivy.scala:77)
[error] 	at sbt.internal.librarymanagement.IvySbt$$anon$1.call(Ivy.scala:87)
[error] 	at xsbt.boot.Locks$GlobalLock.withChannel$1(Locks.scala:95)
[error] 	at xsbt.boot.Locks$GlobalLock.xsbt$boot$Locks$GlobalLock$$withChannelRetries$1(Locks.scala:80)
[error] 	at xsbt.boot.Locks$GlobalLock$$anonfun$withFileLock$1.apply(Locks.scala:99)
[error] 	at xsbt.boot.Using$.withResource(Using.scala:10)
[error] 	at xsbt.boot.Using$.apply(Using.scala:9)
[error] 	at xsbt.boot.Locks$GlobalLock.ignoringDeadlockAvoided(Locks.scala:60)
[error] 	at xsbt.boot.Locks$GlobalLock.withLock(Locks.scala:50)
[error] 	at xsbt.boot.Locks$.apply0(Locks.scala:31)
[error] 	at xsbt.boot.Locks$.apply(Locks.scala:28)
[error] 	at sbt.internal.librarymanagement.IvySbt.withDefaultLogger(Ivy.scala:87)
[error] 	at sbt.internal.librarymanagement.IvySbt.withIvy(Ivy.scala:209)
[error] 	at sbt.internal.librarymanagement.IvySbt.withIvy(Ivy.scala:206)
[error] 	at sbt.internal.librarymanagement.IvySbt$Module.withModule(Ivy.scala:250)
[error] 	at sbt.internal.librarymanagement.IvyActions$.publish(IvyActions.scala:132)
[error] 	at sbt.Classpaths$.$anonfun$publishTask$4(Defaults.scala:2811)
[error] 	at sbt.Classpaths$.$anonfun$publishTask$4$adapted(Defaults.scala:2811)
[error] 	at scala.Function1.$anonfun$compose$1(Function1.scala:49)
[error] 	at sbt.internal.util.$tilde$greater.$anonfun$$u2219$1(TypeFunctions.scala:62)
[error] 	at sbt.std.Transform$$anon$4.work(Transform.scala:67)
[error] 	at sbt.Execute.$anonfun$submit$2(Execute.scala:281)
[error] 	at sbt.internal.util.ErrorHandling$.wideConvert(ErrorHandling.scala:19)
[error] 	at sbt.Execute.work(Execute.scala:290)
[error] 	at sbt.Execute.$anonfun$submit$1(Execute.scala:281)
[error] 	at sbt.ConcurrentRestrictions$$anon$4.$anonfun$submitValid$1(ConcurrentRestrictions.scala:178)
[error] 	at sbt.CompletionService$$anon$2.call(CompletionService.scala:37)
[error] 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[error] 	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
[error] 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
[error] 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[error] 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[error] 	at java.base/java.lang.Thread.run(Thread.java:830)
[error] (publish) java.io.IOException: Access to URL https://maven.pkg.github.com/******/root/root_2.13/0.0.1/root_2.13-0.0.1.pom was refused by the server: Unauthorized
[error] Total time: 2 s, completed Dec 29, 2019, 9:56:16 PM

From the line:

[error] Unable to find credentials for [GitHub Package Registry @ maven.pkg.github.com].

It looks like it can't grab the token from somewhere but it does seem to be there.

I configured in two ways:

ThisBuild / githubOwner := githubOrganization
ThisBuild / githubRepository := githubRepositoryName
ThisBuild / githubTokenSource := Some(TokenSource.GitConfig("token"))

and also

ThisBuild / githubOwner := githubOrganization
ThisBuild / githubRepository := githubRepositoryName
ThisBuild / githubTokenSource := Some(TokenSource.Environment("GITHUB_TOKEN"))

And it fails in both cases. I did make sure that the correct token is stored in ~/.gitconfig correctly as:

[github]
	token = ***

And I also stored the token in ~/.zprofile and ~/.profile both (I use zsh) and could echo the correct value successfully:

export GITHUB_TOKEN=***

Any thoughts on what may be wrong? I have a feeling I may be missing something but going through your documentation and source code, I couldn't find a smoking gun.

[Poorva17]

Hi @keyvan , I could publish using sbt-github-packages. I provided token via environment variable. export GITHUB_TOKEN="**************". I observed that key name should be exactly same and it should be GITHUB_TOKEN. while exporting environment variable I have just replaced ************** with actual token leaving double quotes as it is. Also can you please check that token that you are using has write:packages permission.

Optional - if you want to use github actions,
I have also added publish step in my github workflow for release. There you need to add GITHUB_TOKEN in secrets of your github repository. Pass it as environment variable and then run publisher/publish task.

I hope this helps.

[keyvan]

Thanks @Poorva17. Yes, I've followed all those points already and am able to echo back the value successfully. The token has the right permissions also (I can use the same token through hard-coding it in my SBT build for local testing successfully).

I haven't tried this on Github actions yet. Trying to get this to work locally first.

[keyvan]

Some additional info here that would help:

I simply replaced the following line:

ThisBuild / githubTokenSource := Some(TokenSource.Environment("GITHUB_TOKEN"))

with

credentials +=
  Credentials(
    "GitHub Package Registry",
    "maven.pkg.github.com",
    "my_user_which_is_keyvan",
    sys.env.getOrElse("GITHUB_TOKEN", "N/A")
  )

So that I read the environment variable directly and this just works. This was just an experiment and I did NOT change anything else.

[djspiewak]

This is very interesting because I actually tested the plugin with the environment variable approach. In fact, that's how I have my local setup configured!

Regarding the GitConfig source, the problem there is likely the name you're using. So you nested your configuration under the [github] top level key, which means you actually need to use github.token in the configuration, where you just used token.

I honestly have no explanation for what you're seeing with the environment variables. :-(

[keyvan]

Thanks for the input. Yeah, it's weird but I think I can work around it using gitHub.token approach.

Btw, thanks for the library. Very valuable.