Menu
I am the maintainer of a public GitHub repo. I have set up GitHub Actions to build a publish to GitHub Packages. You can see the package has been created here:
https://github.com/paulschwarz/spring-dotenv/packages/135114
The first thing I notice is that GitHub only gives a Maven installation snippet. I used this code to add the dependency to another project and it appeared to work.
Now I want to import this package into a Gradle project. I added
dependencies {
implementation ('me.paulschwarz:spring-dotenv:0.0.3')
}
and gradle tells me
Could not find me.paulschwarz:spring-dotenv:0.0.3.
Searched in the following locations:
- https://jcenter.bintray.com/me/paulschwarz/spring-dotenv/0.0.3/spring-dotenv-0.0.3.pom
- https://repo.maven.apache.org/maven2/me/paulschwarz/spring-dotenv/0.0.3/spring-dotenv-0.0.3.pom
This is already strange because my Maven project appeared to have no problem resolving the dependency. I must say I'm curious how that worked? Surely GitHub Packages isn't integrated with JCenter or Maven Central?
Anyway, next step, add the repository
repositories {
jcenter()
mavenCentral()
maven { url = uri('https://maven.pkg.github.com/paulschwarz/spring-dotenv') }
}
At this point, Gradle should understand where to find the package. However, I get this
> Could not resolve me.paulschwarz:spring-dotenv:0.0.3.
> Could not get resource 'https://maven.pkg.github.com/paulschwarz/spring-dotenv/me/paulschwarz/spring-dotenv/0.0.3/spring-dotenv-0.0.3.pom'.
> Could not GET 'https://maven.pkg.github.com/paulschwarz/spring-dotenv/me/paulschwarz/spring-dotenv/0.0.3/spring-dotenv-0.0.3.pom'. Received status code 401 from server: Unauthorized
Is this really a 401 unauthorized? or is the URL wrong and it's trying to hit an authorized endpoint?
If it's genuine, then why? This is a public repo with public packages. I can download the package directly from the GitHub page anonymously. What am I doing wrong in Gradle?
422
As you have observed, GitHub doesn't support unauthorized package access right now (but planned in future) as explained by one of their staff (May 27 '20):
Our Maven service doesn’t allow for unauthorized access right now. We plan to offer this in the future but need to improve the service a bit before that.
For Actions you can add a PAT to your secrets store or use the GITHUB_TOKEN to authenticate. In your settings.xml we suggest using the environment variable approach (see setup-java 4) so you don’t store the tokens in the file.
54
As mentioned above you need to authenticate to GitHub Packages.
ext {
GITHUB_TOKEN = System.getenv("GITHUB_TOKEN")
}
maven {
url "https://maven.pkg.github.com/paulschwarz/spring-dotenv"
credentials {
username GITHUB_USER
password GITHUB_TOKEN
}
}
Where GITHUB_USER is defined in your gradle.properties and GITHUB_TOKEN is defined as an environment variable. GITHUB_TOKEN is available inside your GitHub Actions workflow file as ${{ secrets.GITHUB_TOKEN }}
You will have to define it yourself when running locally.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
