GitHub package registry as Maven repo - trouble uploading artifact


I have followed the guide on

I create a dedicated machine user and created an access token with scopes “read:packages”, “write:packages” and “repo” and configured my maven settings XML accordingly, as the guide describes.

When I do a mvn deploy it just gives me a 400 bad request error back:

org.apache.maven.wagon.TransferFailedException: Failed to transfer file: Return code is: 400, ReasonPhrase: Bad Request.

I wish it could be a little more verbose and reveal what part of the request that is invalid.

I don’t know how to troubleshoot this further, so I’m hoping that someone here has experienced the same issue and found a solution or someone that can give me hint on how to troubleshoot in a good way. Running mvn in debug mode didn’t give any helpful information either.


Hi @hyst-andreas,

Thank you for being here! 

Do your XML files have an XML declaration? If not, please add this to the top of your XML files and try again:

<?xml version="1.0" encoding="UTF-8"?>
1 Like

Hi, @hyst-andreas 

I’m at the exact same place. Obvious its something wrong, but I even got some packages pushet to my repo. I have no clue what actually is failing. The error message is the same what every I do…

It would be sweet to push our private packages to Github, do you have any more success on this issue?

mvh. Michael

Hi @mijohansen 

We ended up setting up our private repo in Google Cloud instead and we will stick to this at least for now. I hope you’ll found a solution to the problem

Best regards,


I have this same issue. Can’t figure out what is wrong.

I’m also seeing a 400 like this with the XML declaration present while publishing with gradle.

Are there additional required elements in the POM?


We’re looking into this error.  If you could email support at with more details of your logs that include your organization and repository we could look further into the specifics. 

Is this related to a SNAPSHOT? Or general publishing?


~ Bryan

Thank you, Clark!

We have opened another ticket on user @frode-carlsen. To avoid duplicate work on your part. We have also tried several different configurations, but Carlsen have more information about that too.


We have had the exact same issue ( and finally got it to work when we switched the token from GITHUB_TOKEN (the one provided in a github action) with a personal access token.

I am also experiencing the same issue when building a simple Java project. I also tried with the Github Action GITHUB_TOKEN and also with a Personal Access token. Both did not work. 

Here is the error message:

Thx for suggestions what I should try next.


we had the same issue, and I have tried many possible solution. The solution we are currently on is this:

project.afterEvaluate {
    publishing {
        publications {
            mavenPublish(MavenPublication) {
                groupId ''
                artifactId 'my-artifact-id'
                version = android.defaultConfig.versionName
project.ext {
    mavPublishToRemoteRepo = true
    mavRemoteRepoUser = "myUsername"
    mavRemoteRepoPassword = "my-github-personal-access-token"
    mavRepoRemoteUrl = ""

apply from: ''

Hope this helps!

1 Like

You can try to upload file manually:

curl -X PUT \
"" \
-H "Authorization: token <PERSONAL_ACCESS_TOKEN>" \
--upload-file "/full/path/to/file" -vvv


curl -X PUT \
"" \
-H "Authorization: token <PERSONAL_ACCESS_TOKEN>" \
--upload-file "/full/path/to/groovy-ping-1.0.0.jar" -vvv

Output example:

Error: "groovy-ping-1.0.0.jar" in version 1.0.0 of "com.github.igabaydulin.groovy-ping" has already been published.

Repo example:


I found that I got the 400 error when I set the repository url to


But worked when I set it to


Furthermore, I got it working from a Github Actions by adding a block like this:

name: Java CI

on: [push]


    runs-on: ubuntu-latest

    - uses: actions/checkout@v1
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
        java-version: 1.8
    - name: Deploy to Github Package Registry
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: |
        mkdir ~/.m2
        echo "<settings><servers><server><id>github</id><username>OWNER</username><password>${GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
        mvn deploy

Got it somewhat working.

In addition to the guidelines provided here

I had to do the following (on a private repo)

  1. Since I was using the GITHUB_TOKEN then username had to be “x-access-token” in the settings.xml

  2. Sources jars fails to upload with 400. Not sure if this applies to all jars with classifiers.  But it should be possible to upload javadoc and sources as well for the GPR to be fully useful, so I assume it’s a bug(?)

  3. The checksum files fail to upload (maven gives a warning but seems to be another 400 issue)


I have met the same issue.

In my case, I have deployed a SNAPSHOT version of my simple project. And after updating the project, I’d like to deploy the snapshot version again but Maven returns an error with status code 400 just like this issue. In the other side, all thing works well with RELEASE version of my simple project.

I guess there is something wrong(maybe bugs) with SNAPSHOT in GitHub Package Registry.

PS: to recurrent this issue, just create a simple maven project with a snapshot version(such as 1.0-SNAPSHOT), deploy it to GitHub Package Registry, and then update it and deploy with 1.0-SNAPSHOT again. Hope this helpful.


Further on to this - we did manage to upload multiple jars and poms, but only by ‘brute-forcing’ using the mvn deploy:deploy-file on every artifact (instead of mvn deploy). 

So GPR must be sending something back that the maven (wagon) deployer does not interpret as expected for subsequent uploads (a cookie or time-limited token)?  But since the maven code is 5+ years old, I’m guessing the problem lies with the Github package registry not supporting reuse of connections or sessions on subsequent calls, as the alternative is to patch the maven code. Or perhaps the Github Action could have a better uploader included for maven (could potentially be faster as well).


Writing to GitHub I have got the message that GitHub Package Registry currently does not support mutable packages, whether your package is SNAPSHOT or not. So the only way to update your package is to publish a new package.

Hope GPR supports mutable packags ASAP!


> Writing to GitHub I have got the message that GitHub Package Registry currently does not support mutable packages, whether your package is SNAPSHOT or not. So the only way to update your package is to publish a new package.

This is strange because the docs clearly state that you can deploy multiple packages (though I’m having the same problem - getting a 400 error after getting one deploy to work half-way).

You can deploy mutiple packages, but you cannot deploy mutable packages.

This means that you cannot publish a SNAPSHOT package again, such as publish a 1.0-SNAPSHOT package, and after updating something you cannot publish this package with version 1.0-SNAPSHOT again(This is strange for snapshot packages).

So the only way to update your package is to publish a new version of you package.


Thanks for your post, it was quite helpful. I noticed   mvn deploy fails on my end also, but like you rightly pointed, using deploy-file on one jar file works. Interestingly, you can only have one jar, seems any any attempt to upload multiple jars for a single deployment fails. This is a terrible experience, I spent most of my day troubleshooting this.

This does not work:

mvn deploy:deploy-file \
-DrepositoryId=github \
-Dfile=target/apigateway-feign-0.0.2-SNAPSHOT.M4.jar \
-Dsources=target/apigateway-feign-0.0.2-SNAPSHOT.M4-sources.jar \
-Djavadoc=target/apigateway-feign-0.0.2-SNAPSHOT.M4-javadoc.jar \
-Durl= \

However, this works:

mvn deploy:deploy-file \
-DrepositoryId=github \
-Dfile=target/apigateway-feign-0.0.2-SNAPSHOT.M6.jar \
-Durl= \