GitHub Action fails to load snapshot POM from other GitHub package

Hi,
Our organization uses GitHub Packages and has currently three repositories.
For one of the repositories, that has a dependency to a snapshot version of one of the others, the build action fails. But build locally works.

The project is a maven project and a fork of [obsidiandynamics/kafdrop], where I added some runTime dependencies to our own project.

Building locally I can see that it downloads the maven-metadata file and then the pom file using the name including the timestamp ex: Downloading from {repo}: https://maven.pkg.github.com/{organization}/{repo}/{library-package}/1.0.0-SNAPSHOT/{library}-1.0.0-20210121.082948-14.pom
But the log in GitHub Action says:
Downloading from {repo}: https://maven.pkg.github.com/{organization}/{repo}/{library-package}/1.0.0-SNAPSHOT/{library}-1.0.0-SNAPSHOT.pom
And fails, warning of “The POM for {lbrary}:jar:1.0.0-SNAPSHOT is missing, no dependency information available”, and later fails with “Could not resolve dependencies for…”.

So I see different behavior when running on my local Windows box (GitBash or in IntelliJ), and in GitHub Actions, for the same maven project. Tried to search for a any similar support issue, but came up with nothing.

Is this a known issue, and is there any work around? Or maybe any other setup that is more correct?
regards
Björn

Is it HTTP 400 - Bad Request? If it is I’ve got the same problem at the moment :frowning: In one of the google search results I stumbled upon info, that the github token works for upload/download of packages in the same repo and a Personal Access Token should solve the problem. Didn’t work for me, but you could give it a try…

Thanks for the reply. New input to the problem is that even though I can build from my private computer, my colleagues cannot, and neither can I from my company computer. When building locally we all use Personal Access Token.
In tests made by a colleague of mine, he found that he manage to build only specifying one of the repositories, which made me think that maybe the package stores belongs to the organisation and not the repository. Maybe possible to fetch from either repository. This makes be believe that it is a timing issue if maven download the same package from two different addresses at the same time, which maybe only works if they run in sequence instead of in parallell. (My private computer has less number of cores).
This was not critical for the project so we left it at this stage for the moment. So we have not found any solution yet.
Maybe you’re right that we will never manage to get it to work with the github token. But will first find a solution for the multi core computers (If that has anything to do with it), and after that again try to get it to work in the github Action.
/B

Hi @bjornTennander,

This is a little confusing, but the OWNER section of a Maven repository is only significant when publishing packages. When downloading packages, the OWNER section is ignored.

This means you can download packages associated with any if your repos using a URL like this:

https://maven.pkg.github.com/<OWNER>/*

If you’re downloading from a private repository different to your workflow repository, you’ll need to use a PAT with the read:packages scope rather than the built in ${{ github.token }}.

I hope that helps! Please let me know if you have any further questions.