Develop Reference

How to access Maven dependency from Github Packages on a Github Actions workflow?

My build is working locally by using a User + PAT (personal access token) directly on the pom.xml <repository> element:
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://[USER]:[PAT]#maven.pkg.github.com/myaccount/myrepo</url>
</repository>
Downloaded from github:
https://[USER]:[PAT]#maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml
(796 B at 592 B/s)
I have no settings.xml configured.
However, it is breaking on a Github Actions workflow:
Warning: Could not transfer metadata
org.springframework.flex:spring-flex-core:1.6.1.BUILD-SNAPSHOT/maven-metadata.xml
from/to github (***maven.pkg.github.com/myaccount/myrepo):
Authentication failed for
https://maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml 401 Unauthorized
Failed to collect dependencies at org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT: Failed to read artifact descriptor for org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT
My workflow is like this:
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Cache Maven packages
uses: actions/cache#v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: mvn -B package --file dev/server/pom.xml
Why does it break on Github workflow?

Based on your question I suppose:
You have maven project deployed in GitHub Package, we call it library
You have another maven project which use the library package as a dependency in its pom.xml, we call this project as your app
You want to add automate build workflow using the GitHub Actions in app repository
If your library is a public package even, currently unfortunately the GitHub dose not support unauthorized access from maven for public packages. Therefore, you should do as follow:
First of all, you need to generate a PAT access token with package-read access in your profile setting, in developer setting subsection:
Go to setting section of your app repository, and in the subsection of Secrets create two environment secrets called USER_NAME which the value contains your GitHub username (or username of the owner of library package); and ACCESS_TOKEN point to the value of PAT token which created in previous step.
Now, create a maven-settings.xml in the app repository, for example you can create it, along side your workflow.yml file. the file contains:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<activeProfiles>
<activeProfile>github</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>github</id>
<url>https://maven.pkg.github.com/owner_username/package_name</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
</profile>
</profiles>
<servers>
<server>
<id>github</id>
<username>${env.USER_NAME}</username>
<password>${env.ACCESS_TOKEN}</password>
</server>
</servers>
</settings>
And, finally use these setting file, in the workflow when run the maven command. for example the workflow.yaml file can contain:
name: Java CI with Maven
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 8
uses: actions/setup-java#v2
with:
java-version: '8'
distribution: 'adopt'
- name: Build with Maven
run: mvn -s $GITHUB_WORKSPACE/.github/workflows/maven-settings.xml -B package --file pom.xml
env:
USER_NAME: ${{ secrets.USER_NAME }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}

You need to use the GITHUB_TOKEN for actions.
See here: https://docs.github.com/en/packages/guides/configuring-apache-maven-for-use-with-github-packages#authenticating-to-github-packages
To authenticate using a GitHub Actions workflow: For package registries (PACKAGE-REGISTRY.pkg.github.com), you can use a GITHUB_TOKEN.
name: Java CI with Maven
on:
push:
branches: [ maven ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Build core with Maven
...
- name: Publish package core
run: mvn --batch-mode deploy --file myproject.core/pom.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

GitHub packages: Single Maven repository for GitHub organization

I would like to use GitHub packages to store Maven artifacts for several repositories in a GitHub organization. Currently, it appears that for each project, a separate (Maven) repository configuration entry is required to point to that (GitHub) repository's Maven repository:
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
The corresponding configuration for the Maven project that would be published is:
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/OWNER/REPOSITORY</url>
</repository>
</distributionManagement>
Is there a way to configure the packages to all go to a single REPOSITORY? Setting the REPOSITORY to either a different existing or non-existing (GitHub) repository in the organization fails the build, as does removing the /REPOSITORY entirely

Personal Access Token
secrets.GITHUB_TOKEN is defined by default but it is only sufficient to deploy to the current repository.
To make it work across repositories you'll need to define a new Personal Access Token in:
Settings > Developer Settings > Personal Access Tokens.
Select write:packages for the scope and all the repo scopes should be automatically selected for you.
Repository / Organisation secrets
Next, define a secret in your organisation or each of the repositories you need to publish packages from.
Give it a name (i.e. DEPLOY_GITHUB_TOKEN) and set its value to the Personal Access Token created in the previous step.
Repository secrets are defined in repository Settings > Secrets. There's a similar section for the organisation.
GitHub Action
Finally, make sure you pass your Personal Access Token to the deployment step as an environment variable called GITHUB_TOKEN.
In the example below, it's set to the value of the DEPLOY_GITHUB_TOKEN secret defined in the previous step.
name: Build
on:
release:
types: [created]
jobs:
build:
name: Build & Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Build with Maven
run: mvn --batch-mode --update-snapshots install
- name: Deploy to GitHub
run: mvn --batch-mode -DskipTests -DuseGitHubPackages=true deploy
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_GITHUB_TOKEN }}
Since I used a dedicated Maven profile for the GitHub package repository distribution management, I also activated it with -DuseGitHubPackages=true.
Maven profile
In the profile example below, I configured distribution management to use the external/shared repository vlingo/vlingo-platform just like suggested in #Danny Varod's answer.
<!-- pom.xml -->
<project>
<!-- ... -->
<profiles>
<profile>
<id>github</id>
<activation>
<property>
<name>useGitHubPackages</name>
<value>true</value>
</property>
</activation>
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://maven.pkg.github.com/vlingo/vlingo-platform</url>
</repository>
</distributionManagement>
</profile>
</profiles>
</project>
Cross posted from: https://dev.to/jakub_zalas/how-to-publish-maven-packages-to-a-single-github-repository-3lkc
A working example can be found in vlingo repositories: https://github.com/vlingo/vlingo-platform/packages

For people who are just looking to avoid specifying the <repository> tag multiple times:
Apparently, GitHub DOES NOT care about what repository you set when pulling packages from the Registry. When pulling, the package index is based on the organization level, not the repository level.
You can just do this if you want to pull packages from multiple repositories that are within the same organization:
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/Your-Orgnazation/JUST-ENTER-ANYTHING-HERE</url>
</repository>
NOTE: You still need the Personal Token to pull the packages across repositories. You just don't have to specify the <repository> tag multiple times.

I solved this a while back by creating an empty repository named maven-packages or something like that and publishing all the Maven packages from all the organization's repositories to this one repository.
This enabled configuring a single Maven repository (in addition to Maven-central) locally, on build machine and in deployment environment for pulling Maven-library dependencies.
I don't have this code (was at a previous workplace and now I use Python), however, I recall using the mvn deploy command line for this as documented here:
mvn deploy:deploy-file -DpomFile=<path-to-pom> \
-Dfile=<path-to-file> \
-DrepositoryId=<id-to-map-on-server-section-of-settings.xml> \
-Durl=<url-of-the-repository-to-deploy>
and I modified the pom.xml during the build to insert the correct deploy repository's details, so the publishing could only be done via the build (and to add pre-release details to the pre-releases' version number). This also enabled adding an additional repository for external stable releases (to be published to Maven-central).
See configuration here.

How to push Maven artifact to Nexus through GitLab CI

I am new to GitLab and Nexus. I am trying to create artifact and push it to Nexus repo. I am getting error while running a job. Could anyone please help.
[ERROR] The specified user settings file does not exist: /builds/<project path>.m2/settings.xml
Build is executing successfully. Failing in test stage. Also added Nexus URL, Username and Password in gitlab Variables.
Is there a way to move settings.xml to GitLab?
.gitlab-ci.yml
image: maven:3-jdk-8
variables:
MAVEN_CLI_OPTS: "-s .m2/settings.xml --batch-mode"
MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository"
cache:
paths:
- .m2/repository/
- target/
stages:
- build
- test
- package
- deploy
build:
stage: build
script:
- mvn compile
test:
stage: test
script:
- mvn $MAVEN_CLI_OPTS test
- echo "The code has been tested"
package:
stage: package
script:
- mvn $MAVEN_CLI_OPTS package -Dmaven.test.skip=true
- echo "Packaging the code"
artifacts:
paths:
- target/*.war
only:
- master
deploy:
stage: deploy
script:
- mvn $MAVEN_CLI_OPTS deploy -Dmaven.test.skip=true
- echo "installing the package in local repository"
only:
- master
pom
<distributionManagement>
<repository>
<id>nexus-releases</id>
<url>http://localhost:8081/repository/maven-releases/</url>
</repository>
</distributionManagement>
settings.xml
<server>
<id>nexus-releases</id>
<username>username</username>
<password>pass</password>
</server>
</servers>
<mirrors>
<mirror>
<id>central</id>
<name>central</name>
<url>http://localhost:8081/repository/maven-central/</url>
<mirrorOf>*</mirrorOf>
</mirror>

Maven build with Github Actions - Couldn't not resolve dependencies

I'm struggling a little bit with Github actions.
I'm trying to build a project with Maven using Github actions. The project contains a dependency located in a repo within the same org.
I created a PAT with read/write privileges and wrote the following script:
# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
# Added personal token
name: Maven Deploy
on:
push:
branches: develop
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
server-id: github
- name: Build with Maven
run: mvn -B package --file DynamoDB\ Service/pom.xml
env:
MENADEX_USERNAME: my_username
MENADEX_TOKEN: xxxxxxxxxxxxx
- name: Publish package
run: mvn deploy -f DynamoDB\ Service/pom.xml -s $GITHUB_WORKSPACE/DynamoDB\ Service/settings.xml
env:
MENADEX_USERNAME: my_username
MENADEX_TOKEN: xxxxxxxxxxxxxxxxxxxxxx
Github keeps complaining it couldn't find the artifact related to the dependency.
Settings.xml
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<activeProfiles>
<activeProfile>github</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>Common</id>
<name>GitHub Menadex Apache Maven Packages</name>
<url>https://maven.pkg.github.com/Menadex/Ad360CommonObjects</url>
</repository>
</repositories>
</profile>
</profiles>
<servers>
<server>
<id>github</id>
<username>${env.MENADEX_USERNAME}</username>
<password>${env.MENADEX_TOKEN}</password>
</server>
</servers>
</settings>
This is what I keep receiving:
[ERROR] Failed to execute goal on project dynamodb: Could not resolve dependencies for project com.ad360:dynamodb:jar:1.0.0-SNAPSHOT: Could not find artifact com.ad360:common:jar:1.0.0-SNAPSHOT -> [Help 1]
210
[ERROR]
211
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
212
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
213
[ERROR]
214
[ERROR] For more information about the errors and possible solutions, please read the following articles:
215
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
216
##[error]Process completed with exit code 1.
Also, I see that the newly created PAT was never touched. (In admin sections, it says 'never used').

How to install a package hosted by GitHub Packages with GitHub Actions

I deployed a Maven package to github according to these instructions.
https://help.github.com/en/github/managing-packages-with-github-packages/configuring-apache-maven-for-use-with-github-packages#installing-a-package
This worked.
Now I am installing a second Maven project that depends on the package that I just deployed to the github registry. I keep getting this error.
Error:
The POM for com.xxxxxxx:0.8.6 is missing, no dependency information available github packages
Failure to find com.xxxxxxx.xxxxxxx:jar:7.7 in https://repo.maven.apache.org/maven2
The install should not be searching for the dependency in repo.maven.apache.org. It should be searching in the github repository - where this dependency lives.
According to github's documentation [https://help.github.com/en/github/managing-packages-with-github-packages/using-github-packages-with-github-actions#installing-a-package-using-an-action] there is a way to install packages hosted by GitHub Packages through GitHub Actions that "requires minimal configuration or additional authentication, by using the GITHUB_TOKEN." However, that document does not explain how to achieve this. How do I need to update a github yaml workflow file to use a github package in an action?
Here is my .m2/settings.xml file...
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository />
<interactiveMode />
<usePluginRegistry />
<offline />
<pluginGroups />
<servers>
<server>
<id>github</id>
<username>myGithubUsername</username>
<password>GithubPersonalAccessToken</password>
</server>
</servers>
<mirrors />
<proxies />
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>github</id>
<name>GitHub myGithubUsername Apache Maven Packages</name>
<url>https://maven.pkg.github.com/myGithubUsername /nameOfGithubRepositoryContainingTheMavenPackageIAmIncluding</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
<activeProfiles />
</settings>
And here is where I reference the package in the pom.xml file of the 2nd project I am attempting to install.
<dependency>
<groupId>com.the organization name</groupId>
<artifactId>the package name</artifactId>
<version>0.8.6</version>
</dependency>
Finally, here is my yaml file for the github action.
name: BuildOnWikiEdit
on:
gollum:
branches:
- '*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Run a one-line script
run: echo Hello, world!
- name: Run a multi-line script
run: |
echo Add other actions to build,
echo test, and deploy your project.
- name: Build
run: mvn install

You have to create settings.xml during your workflow. So, either manually create this file or use existing action from Marketplace.
Option 1:
- name: 'Create settings.xml'
run: |
touch ~/.m2/settings.xml
echo '<settings><servers><server><id>github</id><username>${{ secrets.GITHUB_USERNAME }}</username><password>${{ secrets.GITHUB_PASSWORD }}</password></server></servers></settings>' > ~/.m2/settings.xml
- name: Build
run: mvn install
Option 2:
- name: 'Create settings.xml'
uses: whelk-io/maven-settings-xml-action#v4
with:
servers: '[{"id": "github", "username": "${{ secrets.GITHUB_USERNAME }}", "password": "${{ secrets.GITHUB_PASSWORD }}"}]'
- name: Build
run: mvn install
Personally I use option 2 on my project.