I would like to deploy to a GitHub Package Registry from a GitHub Action of a public repo.
I have a yml file for a workflow:
name: My CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Install dependencies
run: lein deps
- name: Run tests
run: lein test
- name: Generate pom
run: lein pom
- name: Deploy
run: mvn deploy
I use Leiningen to build the project and generate a POM file. Then I would like to use Maven to deploy the artifact to the GitHub Package Registry.
This fails on the Deploy
command (I have replaced personal information with ...
):
[WARNING] Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): Not authorized
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 19.343 s
[INFO] Finished at: 2019-08-29T13:08:42Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project ...: Failed to retrieve remote metadata .../maven-metadata.xml: Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): Not authorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
##[error]Process completed with exit code 1.
I see that authentication failed. I have also tried with this step with the same results:
run: mvn deploy -Dserver.username=... -Dserver.password=${{ secrets.GITHUB_TOKEN }} -DskipTests
I do not want to supply username/password or token as this is a public repository. Is there a way to publish anyway?
Thanks!
Connecting a repository to a user-owned package on GitHub In the top right corner of GitHub.com, click your profile photo, then click Your profile. On your profile page, in the top right, click Packages. Under your package versions, click Connect repository. Select a repository, then click Connect repository.
You can install packages as part of your CI flow using GitHub Actions. For example, you could configure a workflow so that anytime a developer pushes code to a pull request, the workflow resolves dependencies by downloading and installing packages hosted by GitHub Packages. Then, the workflow can run CI tests that require the dependencies.
If you want your workflow to authenticate to GitHub Packages to access a package registry other than the Container registry on GitHub.com, then we recommend using the GITHUB_TOKEN that GitHub automatically creates for your repository when you enable GitHub Actions instead of a personal access token for authentication.
GitHub Packages is not available for private repositories owned by accounts using legacy per-repository plans. Also, accounts using legacy per-repository plans cannot access the Container registry since these accounts are billed by repository. For more information, see " GitHub's products ."
With GitHub Actions you can build end-to-end continuous integration (CI) and continuous deployment (CD) capabilities directly in your repository. For more information, see " About GitHub Actions ." You can extend the CI and CD capabilities of your repository by publishing or installing packages as part of your workflow.
To make it work, you need to do two things:
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
</distributionManagement>
source: https://help.github.com/en/articles/configuring-apache-maven-for-use-with-github-package-registry#publishing-a-package
name: Java CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Deploy to Github Package Registry
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir ~/.m2
echo "<settings><servers><server><id>github</id><username>OWNER</username><password>${GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
mvn deploy
Unfortunately, I don't think you can pass the username/password as arguments to Maven and so you need to set up the settings file instead. source: Is it possible to pass a password in Maven Deploy in the command line?
Lastly, I confirm that this only works for non-SNAPSHOT artifacts. When I try deploying a SNAPSHOT version it fails with a 400 error as described.
TL;DR: Just commit the following to .github/workflows/mavenpublish.yml
and create a release via the GitHub web page to trigger the process:
name: Maven Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Deploy to Github Package Registry
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir -p ~/.m2
echo "<settings><servers><server><id>gh</id><username>$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $1}')</username><password>\${env.GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
REPO="gh::default::https://maven.pkg.github.com/${GITHUB_REPOSITORY}"
mvn deploy -DaltReleaseDeploymentRepository="${REPO}" -DaltSnapshotDeploymentRepository="${REPO}"
Some more info:
I have built the same thing before for Jenkins and can tell you that you don't need to create a settings.xml
nor adapt your pom.xml
in your repo.
You can even avoid writing your GitHub Token into the settings.xml
(which is more secure).
Also, you don't need to manually add your repo and username, these can be read from the environment.
If you want it to build on push, just change the lines behind on:
to [push]
.
Here`s a real-life example.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With