How to access Maven dependency from Github Packages on a Github Actions workflow?

Question

My build is working locally by using a User + PAT (personal access token) directly on the pom.xml <repository> element:

<repository>
    <id>github</id>
    <name>GitHub Packages</name>
    <url>https://[USER]:[PAT]@maven.pkg.github.com/myaccount/myrepo</url>
</repository>

Downloaded from github: https://[USER]:[PAT]@maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml (796 B at 592 B/s)

I have no settings.xml configured.

However, it is breaking on a Github Actions workflow:

Warning: Could not transfer metadata org.springframework.flex:spring-flex-core:1.6.1.BUILD-SNAPSHOT/maven-metadata.xml from/to github (***maven.pkg.github.com/myaccount/myrepo): Authentication failed for https://maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml 401 Unauthorized

Failed to collect dependencies at org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT: Failed to read artifact descriptor for org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT

My workflow is like this:

steps:
      - uses: actions/checkout@v2
      - name: Set up JDK 1.8
        uses: actions/setup-java@v1
        with:
          java-version: 1.8
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build with Maven
        run: mvn -B package --file dev/server/pom.xml

Why does it break on Github workflow?

Answer 1

The first answer by m.ghoreshi is correct but I want to elaborate on the answer. When creating the USER_NAME and ACCESS_TOKEN to be used by the workflow, make sure to create it under Secrets and Variables / Actions, not Secrets and Variables / Codespaces.

Answer 2

Based on your question I suppose:

• You have maven project deployed in GitHub Package, we call it library
• You have another maven project which use the library package as a dependency in its pom.xml, we call this project as your app
• You want to add automate build workflow using the GitHub Actions in app repository

If your library is a public package even, currently unfortunately the GitHub dose not support unauthorized access from maven for public packages. Therefore, you should do as follow:

1. First of all, you need to generate a PAT access token with package-read access in your profile setting, in developer setting subsection:

2. Go to setting section of your app repository, and in the subsection of Secrets create two environment secrets called USER_NAME which the value contains your GitHub username (or username of the owner of library package); and ACCESS_TOKEN point to the value of PAT token which created in previous step.

3. Now, create a maven-settings.xml in the app repository, for example you can create it, along side your workflow.yml file. the file contains:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <activeProfiles>
        <activeProfile>github</activeProfile>
    </activeProfiles>
    <profiles>
        <profile>
            <id>github</id>
            <repositories>
                <repository>
                    <id>central</id>
                    <url>https://repo1.maven.org/maven2</url>
                </repository>
                <repository>
                    <id>github</id>
                    <url>https://maven.pkg.github.com/owner_username/package_name</url>
                    <snapshots>
                        <enabled>true</enabled>
                    </snapshots>
                    <releases>
                        <enabled>true</enabled>
                  </releases>
                </repository>
            </repositories>
        </profile>
    </profiles>

    <servers>
        <server>
            <id>github</id>
            <username>${env.USER_NAME}</username>
           <password>${env.ACCESS_TOKEN}</password>
        </server>
    </servers>

</settings>

4. And, finally use these setting file, in the workflow when run the maven command. for example the workflow.yaml file can contain:

name: Java CI with Maven

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 8
      uses: actions/setup-java@v2
      with:
        java-version: '8'
        distribution: 'adopt'
        
    - name: Build with Maven
      run: mvn -s $GITHUB_WORKSPACE/.github/workflows/maven-settings.xml -B package --file pom.xml 
      env:
        USER_NAME: ${{ secrets.USER_NAME }}
        ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}

Answer 3

You need to use the GITHUB_TOKEN for actions. See here: https://docs.github.com/en/packages/guides/configuring-apache-maven-for-use-with-github-packages#authenticating-to-github-packages

To authenticate using a GitHub Actions workflow: For package registries (PACKAGE-REGISTRY.pkg.github.com), you can use a GITHUB_TOKEN.

name: Java CI with Maven

on:
  push:
    branches: [ maven ]

jobs:
  build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
  uses: actions/setup-java@v1
  with:
    java-version: 1.8
- name: Build core with Maven

...

- name: Publish package core
  run: mvn --batch-mode deploy --file myproject.core/pom.xml
  env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}