I have a project residing in two GH repositories. There is library in common, and the application is using that library.

I have a successfully published package of the library in GitHub Packages.

I have setup the application project in a way that if I build it locally, it will download the library using a personal access token.

build.gradle:

repositories {
    mavenLocal()
    mavenCentral()
    maven {
        name = "GitHubPackages-common"
        url = "https://maven.pkg.github.com/OWNER/rr-common"
        credentials {
            username = System.getenv("GITHUB_USERNAME")
            password = System.getenv("GITHUB_TOKEN")
        }
    }
}

In the GH action for building the application, I use the GITHUB_TOKEN, and when I print that out in the build script, it seems to be passed along correctly.

build.yml:

- name: Build with Gradle
      env:
        GITHUB_USERNAME: "OWNER"
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: ./gradlew --stacktrace --warning-mode all --info clean test bootJar

However, the build fails because the library cannot be downloaded. First trying at maven central (unsuccessfully as expected) and then trying at github, and also failing.

Resource missing. [HTTP GET: https://repo.maven.apache.org/maven2/de/OWNER/common/1.0.3/common-1.0.3.pom]
Resource missing. [HTTP HEAD: https://repo.maven.apache.org/maven2/de/OWNER/rr-common/1.0.3/common-1.0.3.jar]
Resource missing. [HTTP GET: https://maven.pkg.github.com/OWNER/common/de/OWNER/common/1.0.3/common-1.0.3.pom]
Resource missing. [HTTP HEAD: https://maven.pkg.github.com/OWNER/common/de/OWNER/rr-common/1.0.3/common-1.0.3.jar]

The failing URLs work fine when entered into a browser (after authentication).

A working workaround for me was now to create a user-specific API Token, put that into the projects secrets and use that from within the build action. And that works! But isn’t that exactly what GITHUB_TOKEN should be used for?