-
Hello, This answer says that it’s possible to upload/push snapshot packages with the same version (e.g., 0.1-SNAPSHOT). However, it also says that there was a bug that prevents to push artifacts with -javadoc and -sources extension, somehow. Is that still an issue? Because I’m trying to upload/push version 3.0.1-SNAPSHOT, and I get the following error:
When I go to fetch the
What’s the problem? Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 14 comments
-
Hi @gsmachado, Sorry about the delay in getting back to you!
gsmachado:
This issue should now be fixed.
gsmachado:
I am able to fetch your
Any chance you could point me to a GitHub Actions workflow that shows this failing? |
Beta Was this translation helpful? Give feedback.
-
Hello @jcansdale Thanks for your reply, even if took a while. No worries! 😉 So… I can confirm that now I can successfully publish However, I still don’t get it: even if the repo is public (open-source project), users mandatorily need to use a token with I don’t know if you’re familiar with Java/Gradle ecosystem, but, if I set-up a project with the following
The output of a simple
If this is really the case, and I got it right, this is a real problem for the adoption of Maven-related projects! It will certainly bring lots of frustration, and people will not widely use it. People (users of libraries) just want to add the repository URL, add the dependency, and then start using libs/artifacts! That’s it. No generation of tokens. No account on GitHub. No addition configuration. Nothing. It’s open-source software anyway, thus, packages and its metadata (maven-metadata.xml) should be widely accessible. :slight_smile: Let me know if I misinterpreted something… also, maybe there’s a configuration, somewhere, that I missed. Thanks! |
Beta Was this translation helpful? Give feedback.
-
gsmachado:
From what I understand, it’s currently intended more for internal development dependencies than for hosting public packages. Packages can be made accessible to anyone with a GitHub account who is motivated to create a PAT (which isn’t exactly public). It is possible to create a
gsmachado:
I’m still experimenting with Gradle configurations, but what you might be able to do is something like the following:
Use a public read:packages token
### What this PR does
For example: repositories {
maven {
name = "remote"
// Adapt the URL for your remote repository
url = uri("https://maven.pkg.github.com/jcansdale-test/gradle-java-publish")
credentials {
// Use this if the repo requires auth
// see https://docs.gradle.org/6.4/userguide/declaring_repositories.html#sec:supported_transport_protocols
username = "token"
password = "\u003c\u0050\u0041\u0054\u003e...................................................."
}
}
}
```</span></p>
</div>
</article>
<div class="onebox-metadata">
</div>
<div style="clear: both"></div>
</aside>
<ol>
<li>Create a PAT with the <code>read:packages</code> scope from a safe account (e.g. a <a href="https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users" rel="noopener nofollow ugc">machine user</a> account)</li>
<li>Use <code>docker run jcansdale/gpr encode <PAT></code> to encode the token (see <a href="https://github.com/jcansdale/gpr" rel="noopener nofollow ugc">here</a>)</li>
<li>Add a <code>credentials</code> element to the maven details with <code>username</code> and <code>password</code>
</li>
<li>
<code>username</code> can be anything and <code>password</code> the encoded string from example <code>.npmrc</code> file</li>
</ol>
<p>For example:</p>
<pre><code class="lang-auto">repositories {
maven {
name = "remote"
// Adapt the URL for your remote repository
url = uri("https://maven.pkg.github.com/jcansdale-test/gradle-java-publish")
credentials {
// Use this if the repo requires auth
// see https://docs.gradle.org/6.4/userguide/declaring_repositories.html#sec:supported_transport_protocols
username = "token"
password = "\u003c\u0050\u0041\u0054\u003e...................................................."
}
}
}
</code></pre>
<p>I’d be interested to know if something like this would work for you.</p> |
Beta Was this translation helpful? Give feedback.
-
Hey @jcansdale Thanks for the fast reply! Much appreciated! :slight_smile:
jcansdale:
Oh, ok. This is exactly what I meant. However, this is a use case that is interesting for tons of open source projects out there, including neow3j. The advantages of publishing to GitHub Packages instead of JFrog/SonaType/etc are obvious: everything in a single platform, GitHub. It’s faster, and there’s a bunch of opportunities to explore there (including metrics of download, etc) in the entire software delivery lifecycle: development, release, distribution, measure. At the moment, what you propose is not really suitable for widely public packages – because of the necessity of creating a PAT. Where can I submit a Feature Request for this? |
Beta Was this translation helpful? Give feedback.
-
gsmachado:
What if you create a
gsmachado:
This is a known issue and being worked on for the next version of GitHub Packages. I’m afraid I can’t give you a timeline though. |
Beta Was this translation helpful? Give feedback.
-
jcansdale:
Unfortunately, that’s not an option… because I would need to make that
jcansdale:
Great! We really want this feature. Let us know once it comes out. If there’s any link or GitHub issue that I can subscribe to follow the progress of such a feature, let me know! Thanks a lot for your help and directions. 😄 |
Beta Was this translation helpful? Give feedback.
-
gsmachado:
There isn’t I’m afraid. It would be nice it there was a public repository where we could track this kind of thing. What do you think @whitneyimura? |
Beta Was this translation helpful? Give feedback.
-
Hey @jcansdale and @whitneyimura |
Beta Was this translation helpful? Give feedback.
-
gsmachado:
This was discussed just yesterday. I’m cautiously optimistic. 🤔 |
Beta Was this translation helpful? Give feedback.
-
Hey @jcansdale Any more optimistic news about downloading unauthenticated packages? @devhawk would be also interested in this. Maybe, should we create another post specific to this? Or can you point us to where the discussion is happening? |
Beta Was this translation helpful? Give feedback.
-
Hi @gsmachado 👋
gsmachado:
No official news I’m afraid. Say hi to @devhawk from me. :grinning_face_with_smiling_eyes: I’ve just created an example Maven project that depends on a public package. You can simply clone the following repository: gh.l7l.us.kgjcansdale-test/maven-install-publicInstall public Maven package. Contribute to jcansdale-test/maven-install-public development by creating an account on GitHub. Then install and execute the project like this:
If all goes to plan, it should output:
The trick is adding a
Would something like that work for you? I’m sure you know more about Maven than me, so please let me know how the example could be improved! |
Beta Was this translation helpful? Give feedback.
-
Cool, @jcansdale! Yes, @devhawk and I are working in the same community/project (everything is open source). 🚀 We already talked about you being involved in this thread the other day. :grinning_face_with_smiling_eyes: Thanks for the example! I’m actually using Gradle, but it’s the same logic/structure, yes. What bothers me a bit here is to release the PAT publicly (even if it’s just read-only). So, a couple of questions:
Let me know! I really appreciate your time and discussing things around here. Really helpful! Keep up the great work. |
Beta Was this translation helpful? Give feedback.
-
gsmachado:
If you’re using Gradle, @0ffz wrote a plugin which might help. See here:
I made a gradle plugin: GitHub - 0ffz/gpr-for-gradle: Gradle plugin for adding maven repos on Github Packages in one line to aid with this a while back, though I was trying to fix up some not-so-clean Groovy syntax because I’m unfamiliar with Groovy and chose to write it in Kotlin. Either way, it makes adding a package repo a one-liner but you dont get to customize it much if you’re using Groovy. The syntax looks like this: repositories { maven githubPackage.invoke("owner/repo") }
This could lead to the PAT being rate limited. I don’t think it would lead to account suspension.
Unfortunately, only users can generate PATs. What I’d recommend at the moment is create a machine-user account and generate a |
Beta Was this translation helpful? Give feedback.
-
related: gradle/gradle#13330 |
Beta Was this translation helpful? Give feedback.
If you’re using Gradle, @0ffz wrote a plugin which might help. See here: