Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

deploy to Github Package Registry from Github Action

I would like to deploy to a GitHub Package Registry from a GitHub Action of a public repo.

I have a yml file for a workflow:

name: My CI

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Install dependencies
      run: lein deps
    - name: Run tests
      run: lein test
    - name: Generate pom
      run: lein pom
    - name: Deploy
      run: mvn deploy

I use Leiningen to build the project and generate a POM file. Then I would like to use Maven to deploy the artifact to the GitHub Package Registry.

This fails on the Deploy command (I have replaced personal information with ...):

[WARNING] Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): Not authorized
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  19.343 s
[INFO] Finished at: 2019-08-29T13:08:42Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project ...: Failed to retrieve remote metadata .../maven-metadata.xml: Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): Not authorized -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
##[error]Process completed with exit code 1.

I see that authentication failed. I have also tried with this step with the same results:

run: mvn deploy -Dserver.username=... -Dserver.password=${{ secrets.GITHUB_TOKEN }} -DskipTests

I do not want to supply username/password or token as this is a public repository. Is there a way to publish anyway?

Thanks!

like image 457
erdos Avatar asked Aug 29 '19 13:08

erdos


People also ask

How do I connect a package to GitHub?

Connecting a repository to a user-owned package on GitHub In the top right corner of GitHub.com, click your profile photo, then click Your profile. On your profile page, in the top right, click Packages. Under your package versions, click Connect repository. Select a repository, then click Connect repository.

How do I install packages using GitHub actions?

You can install packages as part of your CI flow using GitHub Actions. For example, you could configure a workflow so that anytime a developer pushes code to a pull request, the workflow resolves dependencies by downloading and installing packages hosted by GitHub Packages. Then, the workflow can run CI tests that require the dependencies.

How do I authenticate to GitHub packages with a workflow?

If you want your workflow to authenticate to GitHub Packages to access a package registry other than the Container registry on GitHub.com, then we recommend using the GITHUB_TOKEN that GitHub automatically creates for your repository when you enable GitHub Actions instead of a personal access token for authentication.

Why can't I access the container registry for my GitHub repository?

GitHub Packages is not available for private repositories owned by accounts using legacy per-repository plans. Also, accounts using legacy per-repository plans cannot access the Container registry since these accounts are billed by repository. For more information, see " GitHub's products ."

What are GitHub actions and how do they work?

With GitHub Actions you can build end-to-end continuous integration (CI) and continuous deployment (CD) capabilities directly in your repository. For more information, see " About GitHub Actions ." You can extend the CI and CD capabilities of your repository by publishing or installing packages as part of your workflow.


2 Answers

To make it work, you need to do two things:

  1. Add the following to your pom.xml:
<distributionManagement>
   <repository>
     <id>github</id>
     <name>GitHub OWNER Apache Maven Packages</name>
     <url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
   </repository>
</distributionManagement>

source: https://help.github.com/en/articles/configuring-apache-maven-for-use-with-github-package-registry#publishing-a-package

  1. Setup a Maven settings file with the username/password from within your build action. In my case I did something like this:
name: Java CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
    - name: Deploy to Github Package Registry
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: |
        mkdir ~/.m2
        echo "<settings><servers><server><id>github</id><username>OWNER</username><password>${GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
        mvn deploy

Unfortunately, I don't think you can pass the username/password as arguments to Maven and so you need to set up the settings file instead. source: Is it possible to pass a password in Maven Deploy in the command line?

Lastly, I confirm that this only works for non-SNAPSHOT artifacts. When I try deploying a SNAPSHOT version it fails with a 400 error as described.

like image 155
lmsurprenant Avatar answered Oct 14 '22 13:10

lmsurprenant


TL;DR: Just commit the following to .github/workflows/mavenpublish.yml and create a release via the GitHub web page to trigger the process:

name: Maven Package

on:
  release:
    types: [created]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK 1.8
        uses: actions/setup-java@v1
        with:
          java-version: 1.8

      - name: Deploy to Github Package Registry
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          mkdir -p ~/.m2
          echo "<settings><servers><server><id>gh</id><username>$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $1}')</username><password>\${env.GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
          REPO="gh::default::https://maven.pkg.github.com/${GITHUB_REPOSITORY}"
          mvn deploy -DaltReleaseDeploymentRepository="${REPO}" -DaltSnapshotDeploymentRepository="${REPO}"

Some more info:

I have built the same thing before for Jenkins and can tell you that you don't need to create a settings.xml nor adapt your pom.xml in your repo.

You can even avoid writing your GitHub Token into the settings.xml (which is more secure).

Also, you don't need to manually add your repo and username, these can be read from the environment.

If you want it to build on push, just change the lines behind on: to [push].

Here`s a real-life example.

like image 41
schnatterer Avatar answered Oct 14 '22 15:10

schnatterer