Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 3
Message 1 of 2

github packages maven integration

Solved! Go to Solution.

I am looking into github packages as a replacement for publishing our libraries on maven-central

 

  1. is it valid to expect that github packages is a replacement for maven-central?

 

We expect that other projects that use our open source libraries should be able to specify a maven dependency in their pom and add a github repo in their settings.

 

2. is this a valid assumption?

 

When both questions above get a 'yes', we have a number of questions:

 

3. I would expect that projects would add only one github repo where all published artifacts can be found. But the repo url seems to have the name of our organisation and our github project in it which makes it specific for our artifacts. Should projects add a github repo in their settings file for every library supplier separately? This does not seem to add up...

 

4. On maven central you do not need to authenticate to get artifacts but on github packages you always need to authenticate, even for reading. This means that my CI needs a valid login or token just to read dependencies. Although perfectly possibble to implement this seems like an extra hurdle. What is the reasoning behind this?

 

5. Does (or will) gihub packages support the nexus REST API? We tend to access artifacts through this interface from shell scripts.

 

I hope someone can give us some answers...

 

Tom Brus

1 Reply
Solution
GitHub Partner
Message 2 of 2

Re: github packages maven integration

Sorry for late response, please check the answers below, thanks.

  1. Yes, you can choose to use Package Registry as a replacement for Maven Central. However Package Registry currently is more suited for 'private' packages because of the requirement to authenticate(like below point3).
  2. You can create a single repo to hold all of your packages, or create one repo per package or any combination therein. It‘s entirely up to the organization/user on how they prefer to work.
  3. Correct, you currently are required to authenticate using either a Personal Access Token(PAT) or if you are using GitHub Actions for CI, you can use the provided token as mentioned here.
  4. You can manage packages with GitHub API, please refer to the link for more details, thanks.