Comments (6)
serpro69
commented on August 15, 2024
Looking at the deploy output from local, I can see it does actually try to download the maven metadata:
[DEBUG] Using transporter HttpTransporter with priority 5.0 for https://maven.pkg.github.com/org/maven-packages
[DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://maven.pkg.github.com/org/maven-packages with username=serpro69, password=***
Uploading to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/0.0.1/parent-pom-0.0.1.pom
Uploaded to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/0.0.1/parent-pom-0.0.1.pom (20 kB at 5.3 kB/s)
Downloading from github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml
Downloaded from github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml (224 B at 366 B/s)
[DEBUG] Writing tracking file '/home/sergio/.m2/repository/foo/bar/parent-pom/resolver-status.properties'
Uploading to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml
Uploaded to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml (333 B at 434 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 5.638 s
[INFO] Finished at: 2024-04-09T13:47:20+02:00
I suppose that's what's failing. But why is this failing? Am I missing something in the workflow?
from setup-java.
serpro69
commented on August 15, 2024
Thinking out loud here, this is the servers part of the settings.xml
<server>
<id>
github
</id>
<username>
serpro69
</username>
<password>
***
</password>
</server>
The password comes from GITHUB_TOKEN. Is it assumed that GITHUB_ACTOR (in this case the PR author) can use the action's GITHUB_TOKEN to authenticate to the packages repo?
The strangest thing, it fails on lookup of a package, not upload of it...
I'm completely confused why this isn't working, since according to documentation this should be pretty simple.
Even tried to set all possible permissions to write for the job:
permissions:
actions: write
checks: write
contents: write
deployments: write
id-token: none
issues: write
packages: write
pages: write
pull-requests: write
repository-projects: write
security-events: write
statuses: writeThat still fails when I try to use GITHUB_TOKEN. The only way this works for me so far is if I try to use a secret with my own personal token, which is so far from ideal I can't even see such a workaround being viable.
GITHUB_TOKEN seems to be completely broken for this purpose.
from setup-java.
HarithaVattikuti
commented on August 15, 2024
Hello @serpro69
Thank you for creating this issue. We will investigate it and get back to you as soon as we have some feedback.
from setup-java.
serpro69
commented on August 15, 2024
Thanks @HarithaVattikuti ,
I've spent an entire day yesterday with this, and it does not seem like authentication with github.actor + github.token is possible at the moment for maven packages.
This works perfectly fine when I use a personal token and a username of the token owner, so it's very likely that something is wrong with the GITHUB_TOKEN.
from setup-java.
mahabaleshwars
commented on August 15, 2024
Hi @serpro69, publishing the package only requires the GITHUB_TOKEN, no server configuration needed. However, if you're planning to install packages linked to other private repositories, you'll need a PAT (Personal Access Token). For further details, please check the GitHub Packages Documentation.
from setup-java.
serpro69
commented on August 15, 2024
Hi @mahabaleshwars . I see, thank you for the comment. I suppose you're referring to this part of the docs:
a personal access token (classic) with at least read:packages scope to install packages associated with other private repositories (which GITHUB_TOKEN can't access).
I guess it makes sense, if GITHUB_TOKEN can't access other repos, you won't be able to publish to them using this token either.
I do wish that the docs were a bit more clearer on this. E.g. in Publishing a package docs, it says :
If you would like to publish multiple packages to the same repository, you can include the URL of the repository in the element of the pom.xml file. GitHub will match the repository based on that field. Since the repository name is also part of the distributionManagement element, there are no additional steps to publish multiple packages to the same repository.
Which is what made me think that this should work, since it explicitly says "no other steps are needed" and doesn't mention the token details.
But I suppose documentation updates are beyond the scope of this issue, so I'll close it.
Thanks again for providing the details on how this is supposed to work.
from setup-java.
Related Issues (20)
- setup-java post action caching for v4 is slower than v3 HOT 8
- Pull packages from GitHub private packages, return status: 401 Unauthorized and 'parent.relativePath' points at wrong local POM HOT 7
- Invalid version file after updating to 4.2.0 HOT 14
- Add support for downloading and running JDK builds HOT 2
- Support a server for the dependency-check-plugin HOT 1
- `java-version-file` with `asdf`'s `.tool-versions` fails for Corretto, also non-strict semver versions HOT 5
- Proper way of using a Maven toolchain? HOT 10
- Need to update some @action/cache dependencies HOT 1
- GPG Key import successfully, but "No secret key" when maven deploy HOT 7
- `actions/setup-java` is flaky HOT 2
- Cache is reported as found and restored, but artifacts are still being downloaded HOT 4
- Can't install temurin java 8 for macos HOT 6
- java.lang.IllegalAccessError: superclass access check failed with `setup-java@v4` HOT 4
- `setup-java@v4` setup for sbt failing on macOS with `line 1: sbt: command not found` HOT 9
- Azul distribution support HOT 4
- GPG-Signing of maven artifacts fails on Windows runners with `actions/setup-java@v4` and `maven-gpg-plugin` `v3.2.4` HOT 6
- setup java: Would be nice if there was an option to set the locale via ability to pass system properties to jdk launched
- Support env setting of AGENT_TOOLSDIRECTORY as in the setup-python action HOT 1
- [email protected] redownloading jdk on every run HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-java.