How to make Github packages to the public

I have created a simple maven archetype project : GitHub - hantsy/maven-archetype-jakartaee9: Maven archetype for Jakarta EE 9

And publish it via Github packages.

But read the docs from Github Packages, it requires authentication to install it.

  1. Is it possible to make the repository public to access(without an auth token)?
  2. Is there an approach to sync this repository to the Maven Central repository?
1 Like

Hi @hantsy,

At the moment a token is always required, but it is possible to encode/embed the token in your .pom file.

Here is how you would do it:

  1. Create a PAT with just the read:packages scope
  2. Execute $ docker run ghcr.io/jcansdale/gpr encode <PAT>
  3. This will generate a repositories element you can use in your .pom file

The repositories element will look something like this:

<repositories>
  <repository>
    <id>github-public</id>
    <url>https://public:&#102;xxxxxxx@maven.pkg.github.com/<OWNER>/*</url>
  </repository>
</repositories>

Replace <OWNER> with your user or org name.

Note, the read:packages token will have access to your public and private packages. If you have any private packages you need to project, you might want to create a machine-user account.

There isn’t currently a way to automatically sync with Maven Central.

I hope that helps!

Thanks @jcansdale, it is very helpful. I hope it can be added in the official docs.

I like this workaround because it shows how anyone can set up their Maven or Gradle projects to get access to packages published to GitHub Packages in public GitHub repository. It should be added to the docs because I came here about to report the issue. I didn’t realize that using a PAT with read packages scope was the recommended way. It would have saved me some time to just have those instructions in the docs (Working with the Apache Maven registry - GitHub Docs).

Right now, the docs hint at this by saying:

You must use a personal access token with the appropriate scopes to publish and install packages in GitHub Packages.

and

You can authenticate to GitHub Packages with Apache Maven by editing your ~/.m2/settings.xml file to include your personal access token.

The problem is that as I read this quickstart, not knowing about GitHub Packages in detail, I’m thinking about my previous experience with PATs on GitHub, and I remember that PATs represent my GitHub account, so I’m thinking one would only need a PAT to install a Maven package from a private GitHub repository. I didn’t realize the PATs were also needed for public GitHub repositories.

Also, the docs could use some more examples on how to use the packages once they’re published to GitHub Packages. Being somewhat new to Java, I wasn’t familiar with how to configure my build.gradle file to download from more locations than just Maven Central. I eventually figured out I had to replace repositories in my build.gradle file with:

repositories {
    mavenCentral()
    maven {
        url "https://maven.pkg.github.com/mattwelke/*"
        credentials {
            username "mattwelke"
            password "<redacted>"
        }
    }
}

(and then, later, once I got it all working, I’d auth with the PAT more securely than hard coding it in the build.gradle file)