Login/Register
How to access github package registry from one repo to other under same organization?
Asked Answered
Solved githubgithub-actionsgithub-package-registry
S

2

5

I'm working under organization Org which has two different repositories repo-1 and repo-2.
I had uploaded some 50 odd Maven dependencies to GitHub Packages registry of repo-1 and now we're migrating to repo-2. pom.xml and all the GitHub Actions workflows are being copied over as is. So I need to access the same set of dependencies in repo-2 for the Maven build workflows. However, repo-2 is unable to download the dependencies from repo-1 Packages registry.

Workflow snippet:

- name: build
  run: mvn clean package '-Dmaven.test.skip=true' '-Dmaven.wagon.http.pool=false' --file pom.xml -B -X
  env:
    GITHUB_TOKEN: ${{ github.token }}
    MAVEN_OPTS: -Xmx3072M -Xss128M -XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=2048M -XX:+CMSClassUnloadingEnabled

Repository config snippet from pom.xml:

<repositories>
    <repository>
        <id>central</id>
        <url>https://repo1.maven.org/maven2</url>
        <releases>
            <enabled>true</enabled>
        </releases>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
    </repository>
    <repository>
        <id>1_maven.apache.org</id>
        <releases>
            <enabled>true</enabled>
        </releases>
        <snapshots>
            <enabled>false</enabled>
        </snapshots>
        <url>https://repo.maven.apache.org/maven2</url>
        <layout>default</layout>
    </repository>
    <repository>
        <id>github</id>
        <url>https://maven.pkg.github.com/Org/repo-1</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
        <releases>
            <enabled>true</enabled>
        </releases>
    </repository>
    <repository>
        <id>jasper</id>
        <url>https://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
        <releases>
            <enabled>true</enabled>
        </releases>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
    </repository>
</repositories>

I've admin access to both the repos and here're a few things that I tried:

  1. Some access control settings from the official documentation, especially this - Connecting a repository to an organization-owned package on GitHub. Connect Repository button doesn't appear in my case.
  2. Used default GitHub token as well as my PAT. (PAT has required access to packages and SSO authorized)
  3. Used -X switch. Surprisingly debug logs don't show why exactly the dependencies couldn't be fetched.
  4. 2nd and 3rd accessibility options on repo-1 as shown in this snap - enter image description here

However, nothing worked so far.

Spur answered 9/2, 2022 at 20:13 Comment(0)
B
8

You should be able to follow this post: https://www.schakko.de/2020/12/19/using-github-workflow-with-maven-dependencies-from-a-private-github-package-registry/

It is important to note that the GITHUB_TOKEN will only work for uploads and downloads within the same repository.

If you want to access a package from another repository, you have to create a personal access token and use username/token as authentication.

So basically your step 2. including your username should work.

Barboza answered 2/6, 2022 at 10:5 Comment(2)
you're right, GITHUB_TOKEN works only within the same repository. In other cases we've to use our PAT and this really worked for me. Thanks for the solution. I'll post my complete implementation in a few days for others to refer.Spur
Note that if you use a reusable workflow and organizational secrets, you'll need to ensure that the calling workflow grants permissions to access secrets e.g. secrets: inherit. See docs.github.com/en/actions/using-workflows/…Mashhad
F
13

As of December 2022 there is a solution.

In your organization, go to packages and select the packages you want access to. Under Package settings on the right you can add other repositories under "Manage Actions access". The other repositories only need read access.

In your YAML workflow file, add permissions for the workflow like so: Permissions example The workflow needs read access to contents and packages

Now you can use GITHUB_TOKEN to download packages in other private repositories

Workflow permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Repository access: https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#github-actions-access-for-organization-owned-container-images

Floury answered 19/1, 2023 at 12:23 Comment(3)
Note that this does not work for maven and gradle packages. See docs.github.com/en/packages/learn-github-packages/…Weisburgh
@Adne Matre welcome to the community! Thanks for your post! And as you rightly noted by you, this doesn't work for Maven and Gradle packages, and so is my case. :)Spur
Understood, sorry for the misunderstanding. I'll just leave it here for anyone struggling with this like me :)Clementineclementis
B
8

You should be able to follow this post: https://www.schakko.de/2020/12/19/using-github-workflow-with-maven-dependencies-from-a-private-github-package-registry/

It is important to note that the GITHUB_TOKEN will only work for uploads and downloads within the same repository.

If you want to access a package from another repository, you have to create a personal access token and use username/token as authentication.

So basically your step 2. including your username should work.

Barboza answered 2/6, 2022 at 10:5 Comment(2)
you're right, GITHUB_TOKEN works only within the same repository. In other cases we've to use our PAT and this really worked for me. Thanks for the solution. I'll post my complete implementation in a few days for others to refer.Spur
Note that if you use a reusable workflow and organizational secrets, you'll need to ensure that the calling workflow grants permissions to access secrets e.g. secrets: inherit. See docs.github.com/en/actions/using-workflows/…Mashhad

© 2022 - 2024 — McMap. All rights reserved.