I like this workaround because it shows how anyone can set up their Maven or Gradle projects to get access to packages published to GitHub Packages in public GitHub repository. It should be added to the docs because I came here about to report the issue. I didn’t realize that using a PAT with read packages scope was the recommended way. It would have saved me some time to just have those instructions in the docs (Working with the Apache Maven registry - GitHub Docs).

Right now, the docs hint at this by saying:

You must use a personal access token with the appropriate scopes to publish and install packages in GitHub Packages.

and

You can authenticate to GitHub Packages with Apache Maven by editing your ~/.m2/settings.xml file to include your personal access token.

The problem is that as I read this quickstart, not knowing about GitHub Packages in detail, I’m thinking about my previous experience with PATs on GitHub, and I remember that PATs represent my GitHub account, so I’m thinking one would only need a PAT to install a Maven package from a private GitHub repository. I didn’t realize the PATs were also needed for public GitHub repositories.

Also, the docs could use some more examples on how to use the packages once they’re published to GitHub Packages. Being somewhat new to Java, I wasn’t familiar with how to configure my build.gradle file to download from more locations than just Maven Central. I eventually figured out I had to replace repositories in my build.gradle file with:

repositories {
    mavenCentral()
    maven {
        url "https://maven.pkg.github.com/mattwelke/*"
        credentials {
            username "mattwelke"
            password "<redacted>"
        }
    }
}

(and then, later, once I got it all working, I’d auth with the PAT more securely than hard coding it in the build.gradle file)