如何在 Github Actions 工作流中从 Github Packages 访问 Maven 依赖项?
How to access Maven dependency from Github Packages on a Github Actions workflow?
我的构建通过直接在 pom.xml <repository> 元素上使用用户 + PAT(个人访问令牌)在本地工作:
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://[USER]:[PAT]@maven.pkg.github.com/myaccount/myrepo</url>
</repository>
Downloaded from github:
https://[USER]:[PAT]@maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml
(796 B at 592 B/s)
我没有settings.xml配置。
但是,它打破了 Github 操作工作流程:
Warning: Could not transfer metadata
org.springframework.flex:spring-flex-core:1.6.1.BUILD-SNAPSHOT/maven-metadata.xml
from/to github (***maven.pkg.github.com/myaccount/myrepo):
Authentication failed for
https://maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml 401 Unauthorized
Failed to collect dependencies at org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT: Failed to read artifact descriptor for org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT
我的工作流程是这样的:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: mvn -B package --file dev/server/pom.xml
为什么它会中断 Github 工作流程?
您需要使用 GITHUB_TOKEN 进行操作。
看这里:https://docs.github.com/en/packages/guides/configuring-apache-maven-for-use-with-github-packages#authenticating-to-github-packages
To authenticate using a GitHub Actions workflow: For package registries (PACKAGE-REGISTRY.pkg.github.com), you can use a GITHUB_TOKEN.
name: Java CI with Maven
on:
push:
branches: [ maven ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build core with Maven
...
- name: Publish package core
run: mvn --batch-mode deploy --file myproject.core/pom.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
根据你的问题我想:
- 您在
GitHub Package 中部署了 maven 项目,我们称之为 library
- 您有另一个 Maven 项目,它使用
library 包作为其 pom.xml 的依赖项,我们将此项目称为您的 app
- 您想使用
app 存储库 中的 GitHub Actions 添加自动化构建工作流程
即使您的 library 是 public 包,目前不幸的是 GitHub 不支持从 maven 未经授权访问 public 包。因此,你应该这样做:
首先,您需要在配置文件设置中的 developer setting 小节中生成具有包读取访问权限的 PAT 访问令牌:
转到 app 存储库的设置部分,并在 Secrets 的小节中创建两个名为 USER_NAME 的环境机密,其值包含您的 GitHub 用户名(或 library 包所有者的用户名);并且 ACCESS_TOKEN 指向在上一步中创建的 PAT 令牌的值。
现在,在 app 存储库中创建一个 maven-settings.xml,例如,您可以在 workflow.yml 文件旁边创建它。该文件包含:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<activeProfiles>
<activeProfile>github</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>github</id>
<url>https://maven.pkg.github.com/owner_username/package_name</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
</profile>
</profiles>
<servers>
<server>
<id>github</id>
<username>${env.USER_NAME}</username>
<password>${env.ACCESS_TOKEN}</password>
</server>
</servers>
</settings>
- 并且,最后使用这些设置文件,在运行maven命令的工作流程中。例如
workflow.yaml 文件可以包含:
name: Java CI with Maven
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 8
uses: actions/setup-java@v2
with:
java-version: '8'
distribution: 'adopt'
- name: Build with Maven
run: mvn -s $GITHUB_WORKSPACE/.github/workflows/maven-settings.xml -B package --file pom.xml
env:
USER_NAME: ${{ secrets.USER_NAME }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
我的构建通过直接在 pom.xml <repository> 元素上使用用户 + PAT(个人访问令牌)在本地工作:
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://[USER]:[PAT]@maven.pkg.github.com/myaccount/myrepo</url>
</repository>
Downloaded from github: https://[USER]:[PAT]@maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml (796 B at 592 B/s)
我没有settings.xml配置。
但是,它打破了 Github 操作工作流程:
Warning: Could not transfer metadata org.springframework.flex:spring-flex-core:1.6.1.BUILD-SNAPSHOT/maven-metadata.xml from/to github (***maven.pkg.github.com/myaccount/myrepo): Authentication failed for https://maven.pkg.github.com/myaccount/myrepo/org/springframework/flex/spring-flex-core/1.6.1.BUILD-SNAPSHOT/maven-metadata.xml 401 Unauthorized
Failed to collect dependencies at org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT: Failed to read artifact descriptor for org.springframework.flex:spring-flex-core:jar:1.6.1.BUILD-SNAPSHOT
我的工作流程是这样的:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build with Maven
run: mvn -B package --file dev/server/pom.xml
为什么它会中断 Github 工作流程?
您需要使用 GITHUB_TOKEN 进行操作。 看这里:https://docs.github.com/en/packages/guides/configuring-apache-maven-for-use-with-github-packages#authenticating-to-github-packages
To authenticate using a GitHub Actions workflow: For package registries (PACKAGE-REGISTRY.pkg.github.com), you can use a GITHUB_TOKEN.
name: Java CI with Maven
on:
push:
branches: [ maven ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
with:
java-version: 1.8
- name: Build core with Maven
...
- name: Publish package core
run: mvn --batch-mode deploy --file myproject.core/pom.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
根据你的问题我想:
- 您在
GitHub Package中部署了 maven 项目,我们称之为library - 您有另一个 Maven 项目,它使用
library包作为其 pom.xml 的依赖项,我们将此项目称为您的app - 您想使用
app存储库 中的
GitHub Actions 添加自动化构建工作流程
即使您的 library 是 public 包,目前不幸的是 GitHub 不支持从 maven 未经授权访问 public 包。因此,你应该这样做:
首先,您需要在配置文件设置中的
developer setting小节中生成具有包读取访问权限的 PAT 访问令牌:转到
app存储库的设置部分,并在Secrets的小节中创建两个名为USER_NAME的环境机密,其值包含您的 GitHub 用户名(或library包所有者的用户名);并且ACCESS_TOKEN指向在上一步中创建的 PAT 令牌的值。现在,在
app存储库中创建一个maven-settings.xml,例如,您可以在workflow.yml文件旁边创建它。该文件包含:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<activeProfiles>
<activeProfile>github</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>github</id>
<repositories>
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>github</id>
<url>https://maven.pkg.github.com/owner_username/package_name</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
</repositories>
</profile>
</profiles>
<servers>
<server>
<id>github</id>
<username>${env.USER_NAME}</username>
<password>${env.ACCESS_TOKEN}</password>
</server>
</servers>
</settings>
- 并且,最后使用这些设置文件,在运行maven命令的工作流程中。例如
workflow.yaml文件可以包含:
name: Java CI with Maven
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 8
uses: actions/setup-java@v2
with:
java-version: '8'
distribution: 'adopt'
- name: Build with Maven
run: mvn -s $GITHUB_WORKSPACE/.github/workflows/maven-settings.xml -B package --file pom.xml
env:
USER_NAME: ${{ secrets.USER_NAME }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}