Using Github Private Packages and maven in Github Actions
This article will cover all the steps to publish your private repository to GitHub packages and installing them in other private repositories.
Publishing a package
Using Apache Maven registry to publish packages to GitHub Packages and to use packages stored on GitHub Packages as dependencies in a Java project. By default, GitHub publishes the package to an existing repository with the same name as the package.
For example, GitHub will publish a package named com.example:test in a repository called OWNER/test.
If you would like to publish multiple packages to the same repository, you can include the URL of the repository in the <distributionManagement> element of the pom.xml file.
GitHub will match the repository based on that field. Since the repository name is also part of the distributionManagement element, there are no additional steps to publish multiple packages to the same repository.
1. Edit the pom.xml
Edit the distributionManagement element of the pom.xml file located in your package directory, replacing OWNER with the name of the user or organization account that owns the repository and REPOSITORY with the name of the repository containing your project (E.g. tutorial-core ).
2. Configure Github Action
Create a github action configuration file under $PROJECT_ROOT/.github/workflows/. You can name the file as you prefer (E.g. maven-publish.yml).
Use maven to publish packages to GitHub Packages when you push to master. You can change the trigger depending on your needs.
GitHub provides a token that you can use to authenticate on behalf of GitHub Actions: GITHUB_TOKEN.
GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow and you can use it to authenticate in a workflow run.
An action can access the GITHUB_TOKEN through the
github.tokencontext even if the workflow does not explicitly pass the GITHUB_TOKEN to the action. As a good security practice, you should always make sure that actions only have the minimum access they require by limiting the permissions granted to the GITHUB_TOKEN
Now, when any change is pushed to master a new package is created and published to GitHub Packages.
Accessing and Installing the package
If another project needs the package you have created above as a dependency you will need to follow the next steps.
1. Add the project as a dependency in the pom.xml
2. Create a Private Access Token
You need an access token to install the package. You can use a personal access token (PAT) to authenticate to GitHub Packages or the GitHub API. When you create a personal access token, you can assign the token different scopes depending on your needs.
You can generate a new personal access token under Profile/Settings/Developer settings/Personal access tokens.
Select the read:packages scope.
Copy the token value as you will need it in the next step.
3. Add a secret to the repository
In your project repository you need to create a secret using the token generated in the previous step. Go to Settings/Secrets and create a new repository secret.
Set a Name (E.g. GH_PAT_FOR_ACTIONS_TOKEN) and paste the token under Value.
4. Configure Github Action
In your java project, create a github action configuration file under $PROJECT_ROOT/.github/workflows/. You can name the file as you prefer (E.g. maven-run-test.yml).
In this example, you will use maven to run the tests of our project that depends on the tutorial-code package.
Use s4u/maven-settings-action to set up Maven environments for use in GitHub Actions.
You need to add the configuration for accessing the Github server:
- username can be anything as it will not be considered for authentication
- password is set to
GITHUB_TOKEN_REFwhich refers to theGH_PAT_FOR_ACTIONS_TOKENenvironment variable created in step 3.
That’s it! Maven is now able to install the dependency pulling the required package from Github Packages.
