GitHub package registry as Maven repo - trouble uploading artifact

Thank you, Clark!

We have opened another ticket on user @frode-carlsen. To avoid duplicate work on your part. We have also tried several different configurations, but Carlsen have more information about that too.


We have had the exact same issue ( and finally got it to work when we switched the token from GITHUB_TOKEN (the one provided in a github action) with a personal access token.

I am also experiencing the same issue when building a simple Java project. I also tried with the Github Action GITHUB_TOKEN and also with a Personal Access token. Both did not work. 

Here is the error message:

Thx for suggestions what I should try next.


we had the same issue, and I have tried many possible solution. The solution we are currently on is this:

project.afterEvaluate {
    publishing {
        publications {
            mavenPublish(MavenPublication) {
                groupId ''
                artifactId 'my-artifact-id'
                version = android.defaultConfig.versionName
project.ext {
    mavPublishToRemoteRepo = true
    mavRemoteRepoUser = "myUsername"
    mavRemoteRepoPassword = "my-github-personal-access-token"
    mavRepoRemoteUrl = ""

apply from: ''

Hope this helps!

1 Like

You can try to upload file manually:

curl -X PUT \
"" \
-H "Authorization: token <PERSONAL_ACCESS_TOKEN>" \
--upload-file "/full/path/to/file" -vvv


curl -X PUT \
"" \
-H "Authorization: token <PERSONAL_ACCESS_TOKEN>" \
--upload-file "/full/path/to/groovy-ping-1.0.0.jar" -vvv

Output example:

Error: "groovy-ping-1.0.0.jar" in version 1.0.0 of "com.github.igabaydulin.groovy-ping" has already been published.

Repo example:


I found that I got the 400 error when I set the repository url to


But worked when I set it to


Furthermore, I got it working from a Github Actions by adding a block like this:

name: Java CI

on: [push]


    runs-on: ubuntu-latest

    - uses: actions/checkout@v1
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
        java-version: 1.8
    - name: Deploy to Github Package Registry
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: |
        mkdir ~/.m2
        echo "<settings><servers><server><id>github</id><username>OWNER</username><password>${GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
        mvn deploy

Got it somewhat working.

In addition to the guidelines provided here

I had to do the following (on a private repo)

  1. Since I was using the GITHUB_TOKEN then username had to be “x-access-token” in the settings.xml

  2. Sources jars fails to upload with 400. Not sure if this applies to all jars with classifiers.  But it should be possible to upload javadoc and sources as well for the GPR to be fully useful, so I assume it’s a bug(?)

  3. The checksum files fail to upload (maven gives a warning but seems to be another 400 issue)


I have met the same issue.

In my case, I have deployed a SNAPSHOT version of my simple project. And after updating the project, I’d like to deploy the snapshot version again but Maven returns an error with status code 400 just like this issue. In the other side, all thing works well with RELEASE version of my simple project.

I guess there is something wrong(maybe bugs) with SNAPSHOT in GitHub Package Registry.

PS: to recurrent this issue, just create a simple maven project with a snapshot version(such as 1.0-SNAPSHOT), deploy it to GitHub Package Registry, and then update it and deploy with 1.0-SNAPSHOT again. Hope this helpful.


Further on to this - we did manage to upload multiple jars and poms, but only by ‘brute-forcing’ using the mvn deploy:deploy-file on every artifact (instead of mvn deploy). 

So GPR must be sending something back that the maven (wagon) deployer does not interpret as expected for subsequent uploads (a cookie or time-limited token)?  But since the maven code is 5+ years old, I’m guessing the problem lies with the Github package registry not supporting reuse of connections or sessions on subsequent calls, as the alternative is to patch the maven code. Or perhaps the Github Action could have a better uploader included for maven (could potentially be faster as well).


Writing to GitHub I have got the message that GitHub Package Registry currently does not support mutable packages, whether your package is SNAPSHOT or not. So the only way to update your package is to publish a new package.

Hope GPR supports mutable packags ASAP!


> Writing to GitHub I have got the message that GitHub Package Registry currently does not support mutable packages, whether your package is SNAPSHOT or not. So the only way to update your package is to publish a new package.

This is strange because the docs clearly state that you can deploy multiple packages (though I’m having the same problem - getting a 400 error after getting one deploy to work half-way).

You can deploy mutiple packages, but you cannot deploy mutable packages.

This means that you cannot publish a SNAPSHOT package again, such as publish a 1.0-SNAPSHOT package, and after updating something you cannot publish this package with version 1.0-SNAPSHOT again(This is strange for snapshot packages).

So the only way to update your package is to publish a new version of you package.


Thanks for your post, it was quite helpful. I noticed   mvn deploy fails on my end also, but like you rightly pointed, using deploy-file on one jar file works. Interestingly, you can only have one jar, seems any any attempt to upload multiple jars for a single deployment fails. This is a terrible experience, I spent most of my day troubleshooting this.

This does not work:

mvn deploy:deploy-file \
-DrepositoryId=github \
-Dfile=target/apigateway-feign-0.0.2-SNAPSHOT.M4.jar \
-Dsources=target/apigateway-feign-0.0.2-SNAPSHOT.M4-sources.jar \
-Djavadoc=target/apigateway-feign-0.0.2-SNAPSHOT.M4-javadoc.jar \
-Durl= \

However, this works:

mvn deploy:deploy-file \
-DrepositoryId=github \
-Dfile=target/apigateway-feign-0.0.2-SNAPSHOT.M6.jar \
-Durl= \

I noticed that I was able to deploy to the github registry on my laptop, so I looked at the maven versions used.  The ubuntu-latest runner is using 3.6.1, and I was pretty far behind at 3.0.5.  The earliest    Looking at the maven version on ubuntu-latest in github actions, I was pretty far behind at 3.0.5   After verifying that I coud reproduce using the 3.6.1 maven container, I found the oldest published version on docker hub, and replaced my 

mvn deploy


docker run --rm -v $HOME/.m2:/root/.m2 \
        -v $(pwd):/work -w /work \
        maven:3.3.1-jdk-8 mvn deploy

I’m curious to figure out which version of maven it becomes incompatible, but not curious enough to do the work :slight_smile:

Just a small update,  I can now publish jars with classifiers, using mvn deploy - by turning off the wagon http pool. 

mvn -B -e -Dmaven.wagon.http.pool=false clean deploy


Here’re some fixes which worked for us (multimodule pom). This is mostly the summary of this thread:

  • Disable pooling: -Dmaven.wagon.http.pool=false

  • Switch to maven deploy plugin 3.0.0-M1 which isn’t failing the build, when it’s not able to upload maven-metadata.xml (<-- maybe we can skip the pooling switch. Didn’t try that out anymore)

  • Add scm url with org and common prefix in order to group multiple packages (use the same url as in distributionManagement). This project is a multi-module one, so we do need that:
  • Use personal access token in settings.xml (username=your github account, password=token)

Not of all of this might be necessary, but it’s at least working correctly for us for now. It just might help you to solve your issues. 

Full sample parent pom available at

Project available at


Do you know if this is something being worked on? Snapshots are supposed to be mutable :confused:


I’m trying to deploy an artifact to GitHub package registry. Is has nothing special on it it’s just a library class ( that i need as a dependency to my other projects.

I’ve followed the guide in, with no success.

Can someone explain how can I deploy an artifact during my workflow. Just to check, I need to have:

     <name>GitHub OWNER Apache Maven Packages</name>

on my pom.xml, did that got a 401. What I’m I missing.

A simple hellow world artifact repository example would be a great starting point for everyone i guess.


1 Like

Thanks for this. Only this was working for me from inside a github action. When running mvn deploy it always gave me 401, while it perfectly worked with the same user/token locally and even on TravisCI.

It’s Feb 2020 I am still facing the same issue. Not sure why Github hasn’t fixed the issue