-
Hello, I have repository with java project and configured GitHub Actions workflow, which publishes jar into GitHub Packages maven repository. I would like to use the published JAR package in other project, so I need to add it to
I also need to add maven repository into
This does not work, because when maven attempt to download artifact it failes, because request is unauthorized. GitHub Packages help tells that I need to add my user name and token into This probably fixes an issue. For example, if I clone some project which rely on dependencies hosted on GitHub Packages maven repo I’ll fail to compile it. Will have to investigate what the heck is going on. Figure out that I need to register on GitHub. Then generate token. Store in in On the other hand the dependency JAR could be downloaded manually via https://github.com/me/my-repo/packages, so why on earth authorization is required when downloaded via maven? Is there any hidden setting to turn off requirement? |
Beta Was this translation helpful? Give feedback.
Replies: 45 comments 40 replies
-
Found out topic raising exactly the same issue Download from Github Package Registry without authentication |
Beta Was this translation helpful? Give feedback.
-
Our Maven service doesn’t allow for unauthorized access right now. We plan to offer this in the future but need to improve the service a bit before that. For Actions you can add a PAT to your secrets store or use the |
Beta Was this translation helpful? Give feedback.
-
There are a few thing you can do to make this a little less painful.
If your repository is private, you can place the PAT directly in your You can find an example of this here: jcansdale-test/maven-consumeAn example Maven project that consumes a package. Contribute to jcansdale-test/maven-consume development by creating an account on GitHub. You can now clone and compile like this:
If you have Docker installed, you can generate an XML encoded PAT like by doing:
I hope that helps! |
Beta Was this translation helpful? Give feedback.
-
jcansdale:
This works! Thank you! One small tweak: it’s just encode, not xmlEncode. |
Beta Was this translation helpful? Give feedback.
-
Hi @clarkbw! Any news regarding allowing public access to Maven packages? |
Beta Was this translation helpful? Give feedback.
-
Still in the future column on the roadmap. Hopefully in the fall this year. |
Beta Was this translation helpful? Give feedback.
-
Hey @clarkbw, thanks for the update! I’d like to bring to attention that JCenter is being shut down globally on 1st may this year. JCenter is currently one of the biggest maven repositories in the world in amount of artifacts. There are several projects currently looking for a new home and while github package registry looks awesome, this one particular (missing) feature is preventing several projects I know from choosing github packages over self-hosting. It’s pretty rare for a developer to have a github PAT on their maven (or gradle) configuration (much less on both) and it’s quite a barrier to entry for new developers (needing to create a github account → learning which of the 40 options to create a PAT → learning how to configure maven (or/and gradle) and their IDE). It would be very interesting if this could be prioritized before the JCenter sunsetting deadline and could bring several people to use github packages (it’s A LOT easier than central). |
Beta Was this translation helpful? Give feedback.
-
Having this available for pretty much everyone to use would be a great option.
I also wanted to use this once, but never got it to work. The publication gave an error with a 4xx code (I believe it was 403) yet (parts of) the package where apparently distributed to the upstream repo. |
Beta Was this translation helpful? Give feedback.
-
I also would love to see this delivered. As of now GitHub packages are useful to provide packages to our clients, but for our open-source work they cannot be used, as I cannot expect users to register to GitHub and set up the CI to obtain a token just for these packages |
Beta Was this translation helpful? Give feedback.
-
I wonder if in the meantime one could create a proxy service that access the Maven repo on GitHub and just exposes it without authentication needed. Not ideal and a bit of extra work but it does not seem predictable when we will get this feature from GitHub. Maybe never |
Beta Was this translation helpful? Give feedback.
-
@clarkbw Any update on the topic? You mentioned fall last year, was it pushed back? |
Beta Was this translation helpful? Give feedback.
-
@clarkbw any news on this? |
Beta Was this translation helpful? Give feedback.
-
Yep. It would be great if github solves this. |
Beta Was this translation helpful? Give feedback.
-
As I manage some open source Java projects on Github, I can’t ask people to authenticate before using the repo, so I switched to https://jitpack.io as a Maven repo. |
Beta Was this translation helpful? Give feedback.
-
Is there anything we the community can do to help get this feature implemented faster? I won't presume to know the reasoning behind this requirement, but as others have said, it's extremely restrictive. |
Beta Was this translation helpful? Give feedback.
-
This is still a very important feature. not having the public repos really makes using maven repos not worth it..... |
Beta Was this translation helpful? Give feedback.
-
Having PAT on public NPM packages makes this feature useless. Not a surprise I wasn't able to find any well known open source web projects using NPM Github Packages (checked angular, react, vuejs, bootstrap etc) |
Beta Was this translation helpful? Give feedback.
-
Agree with the common sentiment here, not very useful unless it behaves like all the other large package repos |
Beta Was this translation helpful? Give feedback.
-
Still nothing after all these years. This is extremely frustrating. I'm curious about the politics behind this, as it can't be that hard, and searching for solutions to this problem just comes up with a very wide range of users expressing the same frustration :-( |
Beta Was this translation helpful? Give feedback.
-
Until GitHub removes the auth requirement, here is a good alternative: https://jitpack.io/ |
Beta Was this translation helpful? Give feedback.
-
Seems like Santa is not coming with this gift this year.
You can find the source code here. Can't wait to kill this project when Github allows unauthenticated requests to packages. |
Beta Was this translation helpful? Give feedback.
-
this is so absurd that it is still not working. are there any plans from github to get that running? @jcansdale and if so? when? :) |
Beta Was this translation helpful? Give feedback.
-
This is disappointing to read after having spent significant time getting familiar with and publishing packages to GitHub Packages. We will switch to Maven Central for publishing open source packages. |
Beta Was this translation helpful? Give feedback.
-
Got a reply from support:
That's one of a questionable moves for sure, as it defeats the purpose of a maven repository and it's a nice 180 degrees turn on their side considering their past statement. |
Beta Was this translation helpful? Give feedback.
-
Yes update is basically: won't happen.
Source: #26634 (comment)
|
Beta Was this translation helpful? Give feedback.
-
An another example for Gradle was even simpler: put your repo link with such code and replace the base64 encoded string with a data encoding your login:token.
|
Beta Was this translation helpful? Give feedback.
-
Created Maven publish action https://github.com/RiV-chain/github-publish-maven-action Example of usage:
|
Beta Was this translation helpful? Give feedback.
-
Microsoft Vendor Lockingif you think we ask or can convince community to join github and generate a PAT to download a jar file you are wrong, it's unnecessary. |
Beta Was this translation helpful? Give feedback.
-
I created a GitHub Action which receives artifact URL, artifact id, group id, destination repo and PAT. Example of usage:
|
Beta Was this translation helpful? Give feedback.
-
I created a GitHub Action which receives artifact local path, artifact sources local path(optional), artifact id, group id, destination repo and PAT Example of usage:
|
Beta Was this translation helpful? Give feedback.
There are a few thing you can do to make this a little less painful.
settings.xml
file at the root of your repository.mvn/maven.config
file that contains-s settings.xml
read:packages
scopeIf your repository is private, you can place the PAT directly in your
settings.xml
file. If your repository is public, you can’t push t…