using a GitHub Packages hosted repo in a Java/maven action

Hello there,

I tried to look up the search function and the available sections, but couldn’t find a better spot. If there is one please feel free to point me to it.

Topic: I want to develop a client in Java for the mixer.com API. mixer has their package hosted on a GitHub Packages repo instead of pushing it to maven central. After a bit of tinkering I got it to work in NetBeans 11.2 by using the settings.xml in the ~/.m2/ directory so I’m able to build it local on my machine. As I also want to use the simple maven flow I struggle to get it to work. My current setup looks like this (as found in some other topic here):

# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: Java CI with Maven

on:
  push:
    branches: [master]
  pull_request:
    branches: [master]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 13
      uses: actions/setup-java@v1
      with:
        java-version: 13
    - name: Build with Maven
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: mvn -B package --file pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>de.cryptearth</groupId>
	<artifactId>mixerclient</artifactId>
	<version>1.0</version>
	<packaging>jar</packaging>
	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<maven.compiler.source>13</maven.compiler.source>
		<maven.compiler.target>13</maven.compiler.target>
	</properties>
	<repositories>
		<repository>
			<id>central</id>
			<name>central</name>
			<url>https://repo.maven.apache.org/maven2/</url>
		</repository>
		<repository>
			<id>mixer</id>
			<name>mixer</name>
			<url>https://maven.pkg.github.com/mixer/beam-client-java</url>
		</repository>
	</repositories>
	<dependencies>
		<dependency>
			<groupId>com.mixer</groupId>
			<artifactId>api</artifactId>
			<version>6.0.0</version>
		</dependency>
	</dependencies>
</project>

I also had already a few hours staring at the documentation, but I just can’t get it to work. The codeflow always ends up with this issue:

[ERROR] Failed to execute goal on project mixerclient: Could not resolve dependencies for project de.cryptearth:mixerclient:jar:1.0: Failed to collect dependencies at com.mixer:api:jar:6.0.0: Failed to read artifact descriptor for com.mixer:api:jar:6.0.0: Could not transfer artifact com.mixer:api:pom:6.0.0 from/to mixer (https://maven.pkg.github.com/mixer/beam-client-java): Authentication failed for https://maven.pkg.github.com/mixer/beam-client-java/com/mixer/api/6.0.0/api-6.0.0.pom 401 Unauthorized -> [Help 1]

So, my simple question comes down to this: What information do I have to put where to make the simple maven codeflow work correctly to access a repo hosted on GitHub Packages using this special GITHUB-TOKEN thing?

I already put several hours just into this to get it working - but still wasn’t able to get it one single time. Any help appreciated. Thanks.

So I have copied from this one: https://github.community/t5/GitHub-Actions/GitHub-Package-Registry-with-Maven-causes-deployment-issues/m-p/39879

# This workflow will build a Java project with Maven
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven

name: Java CI with Maven

on:
  push:
    branches: [master]
  pull_request:
    branches: [master]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Set up JDK 13
      uses: actions/setup-java@v1
      with:
        java-version: 13
    - name: maven-settings
      uses: s4u/maven-settings-action@v2
      with:
        servers: '[{"id": "mixer", "username": "cryptearth", "password": "${GITHUB_TOKEN}"}]'
    - name: Build with Maven
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: mvn -B package --file pom.xml

But isn’t there any other way than using some actiong someone provides for free - wich may could change at any time?

@cryptearth You could add settings.xml in the root path of your repo, you could refer to this article: 

https://help.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-apache-maven-for-use-with-github-packages#authenticating-with-a-personal-access-token 

You could use ${env.PASSWORD} in the settings.xml. 

<servers>
    <server>
      <id>github</id>
      <username>zhu5201314</username>
      <password>${env.PASSWORD}</password>
    </server>
</servers>

And in your workflow, add environment variable PASSWORD with the value of your personal access token stored in secrets. And add --settings parameter for mvn command. 

- name: Build with Maven
        env:
          PASSWORD: ${{ secrets.PackagePAT }}
        run: mvn -B package --file pom.xml --settings settings.xml

I noticed that you are using GITHUB_TOKEN for the password, in the official document, it is asked to use a PAT. 

@yanjingzhu thank you for your reply.

I noticed that you are using GITHUB_TOKEN for the password, in the official document, it is asked to use a PAT.

Do you have any sources from where you got that? As the doc you linked only links to another page only explaining GITHUB_TOKEN. I didn’t read anything about 

secrets.PackagePAT

Also: Although adding a settings.xml to the repo and specify it in the mvn command in the workflow may is a solution it would also mean that in each clone and fork of the repo it get copied around as well wich may could end up my username spreading around with me losing controll over it. I’d rather not want this to happen. Is there a way to mark a file to not get cloned/forked? In addition to this it will only work in the workflow. So if someone clones it and uses the --settings switch local for what ever reason it would break. I’d prefer to not break other peoples stuff.

@cryptearth Sorry for the mistake I’ve been made. Yes , you could use GITHUB_TOKEN in GitHub Actions workflow.  

For the username issue, it doesn’t matter what’s the value it is. You could use github.actor context . 

- name: Build with Maven
   env:
      USENAME: ${{github.actor}}
      PASSWORD: ${{ secrets.GITHUB_TOKEN }}
   run: mvn -B package --file pom.xml --settings settings.xml

Then change the settings.xml <servers> section to :

<servers>
    <server>
      <id>github</id>
      <username>${env.USERNAME}</username>
      <password>${env.PASSWORD}</password>
    </server>
  </servers>

There is not a way to restrict a file to be cloned/forked. And, you are right, this could only works in workflow. 

If someone clones the repo to their local side and try to build the maven package in local, they need to follow the doc I linked before to change their local settings.xml with their personal access token.  

2 Likes

@yanjingzhu Thank you very much. I just implemented what you recommended and it works fine.

NetBeans seem to have some shadowing issues as it blends in the ~/.m2/settings.xml instead of the project local settings.xml - but that doesn’t cause any issues with the git commit and push. The workflow goes green. This should be somewhere noted in the official doc.