Skip to content
Advertisement

Git Hub Actions Authentication with maven to private package registry of other repository

The project setup is as followed:

  1. Project A (Some Java Application)
  2. Project B (Some Java Library)

Both are built with maven. Project B publishes its package to the github package registry of its own repository. Project A has a dependency to the artifact from Project B in the pom.xml which looks somewhat like this:

<dependency>
   <groupId>com.company</groupId>
   <artifactId>library-project-b</artifactId>
   <version>0.0.1-SNAPSHOT</version>
</dependency>

Project A also includes the following repository reference to the package registry of Project B:

<repository>
   <id>github-library-project-b</id>
   <name>Project B Github packages repositories</name>
   <url>https://maven.pkg.github.com/organization/library-project-b</url>
   <releases>
      <enabled>true</enabled>
   </releases>
   <snapshots>
      <enabled>true</enabled>
   </snapshots>
</repository>

For authenticating to the package registry of Porject B, Project A also includes a settings.xml which has the credentials set via environment variables that are provided via secrets from Github actions:

<server>
   <id>github-library-project-b</id>
   <username>${env.USER_PACKAGE_READ}</username>
   <password>${env.TOKEN_PACKAGE_READ}</password>
</server>

Inside the Continuous Integration Workflow in github actions I have the following step which maps the secrets from the repository for the registry access of project B to the environment variables which are used within the settings.xml and starts the build via mvn command:

- name: Build Package
  env:
     USER_PACKAGE_READ: ${{ secrets.USER_PACKAGE_READ }}
     TOKEN_PACKAGE_READ: ${{ secrets.TOKEN_PACKAGE_READ }}
  run: mvn -B --settings settings.xml clean package --file pom.xml -DskipTests

As I have read, that I can’t use the GITHUB_TOKEN to access a package registry of another repository as the one the git hub action is run within, I have created a Personal Access token on my user account. (With package_read permission)


But no matter what I try – within the build stage, I will always end up with the following 401 error on the maven build command error trying to download the artifact:

Error:  Failed to execute goal on project PROjECT-A: Could not resolve dependencies for project com.company:ms-gp-events:jar:0.0.1-SNAPSHOT: Failed to collect dependencies at com.company:library-project-b:0.0.1-SNAPSHOT: Failed to read artifact descriptor for com.company:library-project-b:0.0.1-SNAPSHOT: Could not transfer artifact com.company:library-project-b:0.0.1-SNAPSHOT from/to github-library-project-b (https://maven.pkg.github.com/organization/library-project-b): Authentication failed for https://maven.pkg.github.com/company/library-project-b/com/company/library-project-b/0.0.1-SNAPSHOT/library-project-b-0.0.1-SNAPSHOT.pom 401 Unauthorized -> [Help 1]

Has anyone a working example of a github actions workflow with maven that references a dependency which is stored within a github package registry from another private repository? I’m confused and frustrated that something so simple, takes so much time to setup.

Advertisement

Answer

I’m still not absolutely sure, why my own settings.xml which was placed in the root of Project A did not work (maybe some missing configuration in the setup java step, but I won’t do a root cause analysis there as I have not an infinit amount of time). I found a way around by using maven-settings-action as “normal” step within github action:

 - uses: s4u/maven-settings-action@v2.3.0
        with:
          servers: |
            [{
                "id": "github-library-project-b",
                "username": "${{ secrets.USER_PACKAGE_READ }}",
                "password": "${{ secrets.TOKEN_PACKAGE_READ }}"
            }]

The action step will create the settings.xml within the user home directory:

Prepare maven settings: /home/runner/.m2/settings.xml

This settings.xml will eventually have effect and allow to auhtenticate against the package registry of Project B.

User contributions licensed under: CC BY-SA
9 People found this is helpful
Advertisement