Develop Reference

How do I deploy to Github packages with maven release plugin an Github workflow?

Some time ago, I posted a question on how to deploy to Github packages with the maven release plugin: How do I push a release to github with the maven release plugin?
I was running the mvn release command locally on my computer and the maven settings.xml file was on my computer and contained :
SSH keys for the maven release plugin to be able to commit and push to the Github repo
Github personal access token with 'write package' permission to push to Github packages
This time I'm trying to implement this with Github workflow. The settings files are not on my computer anymore but hosted and managed internally by Github servers (I don't know exactly how it works).
I've started working with a workflow file .github/workflows/maven.yml using this plugin https://github.com/qcastel/github-actions-maven-release :
name: Java CI with Maven
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 17
uses: actions/setup-java#v2
with:
java-version: '17'
distribution: 'temurin'
cache: maven
server-id: pkg.github.com # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Release
uses: qcastel/github-actions-maven-release#master
env:
JAVA_HOME: /usr/lib/jvm/java-17-openjdk/
GITHUB_TOKEN: ${{ github.token }}
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
The distributionManagement for Github packages is defined in the pom.xml :
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.nbauma109</groupId>
<artifactId>jd-util</artifactId>
<version>1.0.21-SNAPSHOT</version>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
</properties>
<scm>
<connection>scm:git:https://github.com/nbauma109/jd-util.git</connection>
<developerConnection>scm:git:ssh://git#github.com/nbauma109/jd-util.git</developerConnection>
<url>https://github.com/nbauma109/jd-util</url>
<tag>HEAD</tag>
</scm>
<distributionManagement>
<repository>
<id>pkg.github.com</id>
<name>GitHub nbauma109 Apache Maven Packages</name>
<url>https://maven.pkg.github.com/nbauma109/mvn-repo</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.0.0-M1</version>
<configuration>
<tagNameFormat>#{project.version}</tagNameFormat>
</configuration>
</plugin>
</plugins>
</build>
</project>
I know that I don't really need to use Github packages and that they're not really useful for open source as they are private. I can as just as well skip the deploy step of the maven release plugin or set the maven release plugin goals to install (details in this answer https://stackoverflow.com/a/71006822/8315843).
But I'd like to see the Github worklow work and publish successfully to Github packages just to get a better understanding of the Github workflow which is something new for me.

401 unauthorized from maven when publishing to gitlab artifactory

I am facing an issue when trying to publish an artifact in private gitlab repository. I am using maven and I authenticated using personal access token. When I run mvn deploy -s ~/.m2/settings.xml I get the following error Failed to deploy artifacts: Could not transfer artifact ... 401 Unauthorized
My settings.xml file looks like this.
<servers>
<server>
<id>gitlab-maven</id>
<configuration>
<httpHeaders>
<property>
<name>personal-token</name>
<value>mytoken</value>
</property>
</httpHeaders>
</configuration>
</server>
</servers>
I've also tried changing it to
<servers>
<server>
<id>gitlab-maven</id>
<username>username</username>
<password>pass</password>
</server>
</servers>
but that didn't help. And here is my pom publishing part
<repositories>
<repository>
<id>gitlab-maven</id>
<url>https://gitlab.mycompany.com/api/v4/projects/92/packages/maven</url>
</repository>
</repositories>
<distributionManagement>
<repository>
<id>gitlab-maven</id>
<url>https://gitlab.mycompany.com/api/v4/projects/92/packages/maven</url>
</repository>
<snapshotRepository>
<id>gitlab-maven</id>
<url>https://gitlab.mycompany.com/api/v4/projects/92/packages/maven</url>
</snapshotRepository>
</distributionManagement>
Is there anything that I'm missing? Thank you in advance.

Fixed this by changing property in the settings file to Private-Token (I was using actual name of the token previously)

I had the same problem but for a different reason.
my idea (intellij with built in maven plugin) was using different settings file (C:\Users\YOUR_USER_NAME\.m2\settings.xml) from the one i configured the server (local maven installation on a different path).
to fix this go to: File -> Settings (on windows Ctrl + Alt + s) -> Build, Execution, Deployment -> Build Tools -> Maven -> User settings file.
mark the check box for Override and direct to the correct path.
hopefully it will save someone's time...

In case this might help someone:
Once you reach the "mvn deploy" step in the gitlab docs and find yourself struggling with 401 Unauthorized error, running the deploy command with -s or --settings flag like so:
mvn deploy -s settings.xml (the argument to the -s flag is the path to your project settings.xml file)
Solves the issue (at least for me) by using the user specified settings file instead of the default one stored in .m2 folder.
(I found solution in this video)

How to access Maven dependency from Github Packages on a Github Actions workflow?

My build is working locally by using a User + PAT (personal access token) directly on the pom.xml <repository> element:
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://[USER]:[PAT]#maven.pkg.github.com/myaccount/myrepo</url>
</repository>
Downloaded from github:
https://[USER]:[PAT]#maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml
(796 B at 592 B/s)
I have no settings.xml configured.
However, it is breaking on a Github Actions workflow:
Warning: Could not transfer metadata
org.springframework.flex:spring-flex-core:1.6.1.BUILD-SNAPSHOT/maven-metadata.xml
from/to github (***maven.pkg.github.com/myaccount/myrepo):
Authentication failed for
https://maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml 401 Unauthorized
Failed to collect dependencies at org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT: Failed to read artifact descriptor for org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT
My workflow is like this:
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Cache Maven packages
uses: actions/cache#v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: mvn -B package --file dev/server/pom.xml
Why does it break on Github workflow?

Based on your question I suppose:
You have maven project deployed in GitHub Package, we call it library
You have another maven project which use the library package as a dependency in its pom.xml, we call this project as your app
You want to add automate build workflow using the GitHub Actions in app repository
If your library is a public package even, currently unfortunately the GitHub dose not support unauthorized access from maven for public packages. Therefore, you should do as follow:
First of all, you need to generate a PAT access token with package-read access in your profile setting, in developer setting subsection:
Go to setting section of your app repository, and in the subsection of Secrets create two environment secrets called USER_NAME which the value contains your GitHub username (or username of the owner of library package); and ACCESS_TOKEN point to the value of PAT token which created in previous step.
Now, create a maven-settings.xml in the app repository, for example you can create it, along side your workflow.yml file. the file contains:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<activeProfiles>
<activeProfile>github</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>github</id>
<url>https://maven.pkg.github.com/owner_username/package_name</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
</profile>
</profiles>
<servers>
<server>
<id>github</id>
<username>${env.USER_NAME}</username>
<password>${env.ACCESS_TOKEN}</password>
</server>
</servers>
</settings>
And, finally use these setting file, in the workflow when run the maven command. for example the workflow.yaml file can contain:
name: Java CI with Maven
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 8
uses: actions/setup-java#v2
with:
java-version: '8'
distribution: 'adopt'
- name: Build with Maven
run: mvn -s $GITHUB_WORKSPACE/.github/workflows/maven-settings.xml -B package --file pom.xml
env:
USER_NAME: ${{ secrets.USER_NAME }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}

You need to use the GITHUB_TOKEN for actions.
See here: https://docs.github.com/en/packages/guides/configuring-apache-maven-for-use-with-github-packages#authenticating-to-github-packages
To authenticate using a GitHub Actions workflow: For package registries (PACKAGE-REGISTRY.pkg.github.com), you can use a GITHUB_TOKEN.
name: Java CI with Maven
on:
push:
branches: [ maven ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Build core with Maven
...
- name: Publish package core
run: mvn --batch-mode deploy --file myproject.core/pom.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

GitHub packages: Single Maven repository for GitHub organization

I would like to use GitHub packages to store Maven artifacts for several repositories in a GitHub organization. Currently, it appears that for each project, a separate (Maven) repository configuration entry is required to point to that (GitHub) repository's Maven repository:
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
The corresponding configuration for the Maven project that would be published is:
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
</distributionManagement>
Is there a way to configure the packages to all go to a single REPOSITORY? Setting the REPOSITORY to either a different existing or non-existing (GitHub) repository in the organization fails the build, as does removing the /REPOSITORY entirely

Personal Access Token
secrets.GITHUB_TOKEN is defined by default but it is only sufficient to deploy to the current repository.
To make it work across repositories you'll need to define a new Personal Access Token in:
Settings > Developer Settings > Personal Access Tokens.
Select write:packages for the scope and all the repo scopes should be automatically selected for you.
Repository / Organisation secrets
Next, define a secret in your organisation or each of the repositories you need to publish packages from.
Give it a name (i.e. DEPLOY_GITHUB_TOKEN) and set its value to the Personal Access Token created in the previous step.
Repository secrets are defined in repository Settings > Secrets. There's a similar section for the organisation.
GitHub Action
Finally, make sure you pass your Personal Access Token to the deployment step as an environment variable called GITHUB_TOKEN.
In the example below, it's set to the value of the DEPLOY_GITHUB_TOKEN secret defined in the previous step.
name: Build
on:
release:
types: [created]
jobs:
build:
name: Build & Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn --batch-mode --update-snapshots install
- name: Deploy to GitHub
run: mvn --batch-mode -DskipTests -DuseGitHubPackages=true deploy
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_GITHUB_TOKEN }}
Since I used a dedicated Maven profile for the GitHub package repository distribution management, I also activated it with -DuseGitHubPackages=true.
Maven profile
In the profile example below, I configured distribution management to use the external/shared repository vlingo/vlingo-platform just like suggested in #Danny Varod's answer.
<!-- pom.xml -->
<project>
<!-- ... -->
<profiles>
<profile>
<id>github</id>
<activation>
<property>
<name>useGitHubPackages</name>
<value>true</value>
</property>
</activation>
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://maven.pkg.github.com/vlingo/vlingo-platform</url>
</repository>
</distributionManagement>
</profile>
</profiles>
</project>
Cross posted from: https://dev.to/jakub_zalas/how-to-publish-maven-packages-to-a-single-github-repository-3lkc
A working example can be found in vlingo repositories: https://github.com/vlingo/vlingo-platform/packages

For people who are just looking to avoid specifying the <repository> tag multiple times:
Apparently, GitHub DOES NOT care about what repository you set when pulling packages from the Registry. When pulling, the package index is based on the organization level, not the repository level.
You can just do this if you want to pull packages from multiple repositories that are within the same organization:
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/Your-Orgnazation/JUST-ENTER-ANYTHING-HERE</url>
</repository>
NOTE: You still need the Personal Token to pull the packages across repositories. You just don't have to specify the <repository> tag multiple times.

I solved this a while back by creating an empty repository named maven-packages or something like that and publishing all the Maven packages from all the organization's repositories to this one repository.
This enabled configuring a single Maven repository (in addition to Maven-central) locally, on build machine and in deployment environment for pulling Maven-library dependencies.
I don't have this code (was at a previous workplace and now I use Python), however, I recall using the mvn deploy command line for this as documented here:
mvn deploy:deploy-file -DpomFile=<path-to-pom> \
-Dfile=<path-to-file> \
-DrepositoryId=<id-to-map-on-server-section-of-settings.xml> \
-Durl=<url-of-the-repository-to-deploy>
and I modified the pom.xml during the build to insert the correct deploy repository's details, so the publishing could only be done via the build (and to add pre-release details to the pre-releases' version number). This also enabled adding an additional repository for external stable releases (to be published to Maven-central).
See configuration here.

deploy to Github Package Registry from Github Action

I would like to deploy to a GitHub Package Registry from a GitHub Action of a public repo.
I have a yml file for a workflow:
name: My CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Install dependencies
run: lein deps
- name: Run tests
run: lein test
- name: Generate pom
run: lein pom
- name: Deploy
run: mvn deploy
I use Leiningen to build the project and generate a POM file. Then I would like to use Maven to deploy the artifact to the GitHub Package Registry.
This fails on the Deploy command (I have replaced personal information with ...):
[WARNING] Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): Not authorized
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 19.343 s
[INFO] Finished at: 2019-08-29T13:08:42Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project ...: Failed to retrieve remote metadata .../maven-metadata.xml: Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): Not authorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
##[error]Process completed with exit code 1.
I see that authentication failed. I have also tried with this step with the same results:
run: mvn deploy -Dserver.username=... -Dserver.password=${{ secrets.GITHUB_TOKEN }} -DskipTests
I do not want to supply username/password or token as this is a public repository. Is there a way to publish anyway?
Thanks!

To make it work, you need to do two things:
Add the following to your pom.xml:
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
</distributionManagement>
source: https://help.github.com/en/articles/configuring-apache-maven-for-use-with-github-package-registry#publishing-a-package
Setup a Maven settings file with the username/password from within your build action.
In my case I did something like this:
name: Java CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Deploy to Github Package Registry
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir ~/.m2
echo "<settings><servers><server><id>github</id><username>OWNER</username><password>${GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
mvn deploy
Unfortunately, I don't think you can pass the username/password as arguments to Maven and so you need to set up the settings file instead.
source: Is it possible to pass a password in Maven Deploy in the command line?
Lastly, I confirm that this only works for non-SNAPSHOT artifacts. When I try deploying a SNAPSHOT version it fails with a 400 error as described.

TL;DR: Just commit the following to .github/workflows/mavenpublish.yml and create a release via the GitHub web page to trigger the process:
name: Maven Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Deploy to Github Package Registry
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir -p ~/.m2
echo "<settings><servers><server><id>gh</id><username>$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $1}')</username><password>\${env.GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
REPO="gh::default::https://maven.pkg.github.com/${GITHUB_REPOSITORY}"
mvn deploy -DaltReleaseDeploymentRepository="${REPO}" -DaltSnapshotDeploymentRepository="${REPO}"
Some more info:
I have built the same thing before for Jenkins and can tell you that you don't need to create a settings.xml nor adapt your pom.xml in your repo.
You can even avoid writing your GitHub Token into the settings.xml (which is more secure).
Also, you don't need to manually add your repo and username, these can be read from the environment.
If you want it to build on push, just change the lines behind on: to [push].
Here`s a real-life example.

There is an easier way in 2020.
First, add distribution configuration to your pom.xml:
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
</distributionManagement>
The id must be github.
Second, use actions/setup-java#v1 in action
steps:
- uses: actions/checkout#v2
- uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Publish to GitHub Packages
env:
GITHUB_TOKEN: ${{ github.token }}
run: mvn deploy

I had a similar issue for my project.
Every time I ran mvn deploy, it failed with:
Could not transfer metadata ... from/to github (https://maven.pkg.github.com/.../...): 400
However, on a whim, I changed the version number of my project from 0.0.3-SNAPSHOT to 0.0.4 and after that, it worked.
Maybe it will work for you too.

Well, According to:
maven command line how to point to a specific settings.xml for a single command?
GitHub package registry as Maven repo - trouble uploading artifact
I think you could simply do like this:
Add below to your workflow
- name: Deploy to Github Package Registry
env:
GITHUB_USERNAME: x-access-token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run:
mvn --settings settings.xml deploy
And then add settings.xml to your project
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<activeProfiles>
<activeProfile>github</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER </url>
</repository>
</repositories>
</profile>
</profiles>
<servers>
<server>
<id>github</id>
<username>${env.GITHUB_USERNAME}</username>
<password>${env.GITHUB_TOKEN}</password>
</server>
</servers>
</settings>
It works for me, I hope this will help.