I am thinking about the same thing. It says it in the developer docs, but when you navigate to the package itself it says nothing about authentication with GitHub. I think that needs to be in big bright flashing lights since it is deviating from how npm, maven, and other repos work when you just simply pull the public projects.
Ditto - we will just continue to use other services, like Maven, and NPM. It is difficult enough educating customers on how to use a public SDK, let alone having to teach them how to configure gradle to authenticate with GitHub.
@AndreaGriffiths11 Is there timeline when this issue will fixed?
So I guess this is only usefull for private artifacts. Very unfortunate indeed for opensource.
I am very disapointed with it. It took me hours to actually push packages there using all the fragmented documentation that was provided to find out that people won’t be able to use it… Totally wasted my time, I’ll have to move to an other working packaging system, requiring authentication to download from public repositories is pointless.
Requiring github auth for public repo artifacts makes this pretty useless for Open Source projects.
That’s really disappointing to see from GitHub. I hope this gets fixed soon.
For now, Open Source projects will have to look elsewhere.
Same here. Was almost OK with the extra hassle / need to add repository configs for all different libraries with different repositorioes on github, only to discover that it is actually unusable without authentication. Having a per-user/org repository with the ability to push to it with actions and able to read packages without authentication is something that would be needed for open source.
As GH Package regsitry has been officially released, is there any plan on allowing public packages to be downloaded without authentication?
I think it would be useless for open source projects asking users to authenticate to get packages. This is a manditory requirement which is already there in systems like maven central
Thanks for everything
Any news on this matter, considering the fact NPM was just bought by Microsoft (Github)?
Auth for public packages is an absolute no-go and must be resolved asap.
I also had this authentication problem, I can’t download a package without authentication, I hope it will be resolved!
The need to authenticate is one thing, which maybe can be understood. However if I create a personal access token with read:packages scope, that’s the error that I get:
Error authenticating user: Personal Access Token is invalid. Your token must have the `repo` and read:packages` scopes to login to the GitHub Package Registry.
That’s what I would like to avoid, storing my access token that gives full write access to all repos, releases, etc… in my account, in a plaintext file on my laptop.
Thank you for being here! Currently you need to authenticate to download both public and private packages I’m afraid. We are investigating how, going forwards, beyond the beta we maybe able to offer this functionality, however this could be a way off yet - I’ve added a +1 against this for you, and we’ll let you know as soon as we have an update that we can share surrounding this. Keep an eye on https://github.blog for all updates meanwhile.
Today I used the registration of packages for Maven for the first time.
The publication process was very simple and the available documentation was sufficient.
My difficulty started when using the registered package.
As my project is open source, being public, I believed it would only be related to dependence and use.
But unfortunately I came across the issue that we must authenticate with user and token to perform the restoration of dependencies. I agree with most of the staff, this requirement does not seem to make sense for public projects.
I would love to keep most of my stack on github, but I am being forced to look for another package record.
I hope, very hopefully, this implementation will make it possible to use it without authentication for public packages.
Thank you for your attention.
This is pretty important to me. I’m publishing a library via Maven/Gradle, and I really like the functionality that Github packages provides for me (as a publisher). However, I’m not willing to use Github packages as my primary distribution method if all of my users are required to not only add a new maven repository to their project (i.e. the specific repository for my project) but to generate an access token and add that to their project.
Is there any plan to support this, or should I look at alternative hosting for my packages?
@andreagriffiths11any updates about this feature?
Dear Github, well, this is at least silly. Please let everyone use the GPR without authentication as well, it just doesn’t make sense!
Is there still no solution for this problem?
Is there any updates on this issue? When it is expected to be fixed?