search

actions / setup-java

Set up your GitHub Actions workflow with a specific version of Java
MIT License
1.53k stars 734 forks source link

Maven Failed to deploy artifacts: Could not find artifact "self" in github (https://maven.pkg.github.com/ORG/REPO) #620

Closed serpro69 closed 5 months ago

serpro69 commented 5 months ago

Description:

When trying to deploy maven artifact to github packages, mvn deploy fails with an error "Could not find artifact foo.bar:parent-pom:pom:0.0.1 in github"

The weird error is that foo.bar:parent-pom:0.0.1 is the artifact I'm trying to publish in the first place, so why is it trying to download it?

Note: this is the first package version. Don't know if this matters. But I can successfully deploy from local using a token with package:write permissions, so I think this has something to do with the workflow, rather than the fact that the package doesn't exist.

Output from maven:

[INFO] --- maven-deploy-plugin:3.1.1:deploy (default-deploy) @ parent-pom ---
[DEBUG] Dependency collection stats {ConflictMarker.analyzeTime=25087, ConflictMarker.markTime=75963, ConflictMarker.nodeCount=4, ConflictIdSorter.graphTime=10419, ConflictIdSorter.topsortTime=10239, ConflictIdSorter.conflictIdCount=4, ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=146674, ConflictResolver.conflictItemCount=4, DefaultDependencyCollector.collectTime=3470090, DefaultDependencyCollector.transformTime=287869}
[DEBUG] org.apache.maven.plugins:maven-deploy-plugin:jar:3.1.1
[DEBUG]    org.codehaus.plexus:plexus-utils:jar:3.5.0:compile
[DEBUG]    org.eclipse.aether:aether-util:jar:1.0.0.v20140518:compile
[DEBUG]       org.eclipse.aether:aether-api:jar:1.0.0.v20140518:compile
[DEBUG] Created new class realm plugin>org.apache.maven.plugins:maven-deploy-plugin:3.1.1
[DEBUG] Importing foreign packages into class realm plugin>org.apache.maven.plugins:maven-deploy-plugin:3.1.1
[DEBUG]   Imported:  < maven.api
[DEBUG] Populating class realm plugin>org.apache.maven.plugins:maven-deploy-plugin:3.1.1
[DEBUG]   Included: org.apache.maven.plugins:maven-deploy-plugin:jar:3.1.1
[DEBUG]   Included: org.codehaus.plexus:plexus-utils:jar:3.5.0
[DEBUG]   Included: org.eclipse.aether:aether-util:jar:1.0.0.v20140518
[DEBUG] Loading mojo org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy from plugin realm ClassRealm[plugin>org.apache.maven.plugins:maven-deploy-plugin:3.1.1, parent: jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc]
[DEBUG] Configuring mojo execution 'org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy:default-deploy' with basic configurator -->
[DEBUG]   (f) allowIncompleteProjects = false
[DEBUG]   (f) deployAtEnd = false
[DEBUG]   (f) offline = false
[DEBUG]   (f) pluginDescriptor = Component Descriptor: role: 'org.apache.maven.plugin.Mojo', implementation: 'org.apache.maven.plugins.deploy.DeployMojo', role hint: 'org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy'
role: 'org.apache.maven.plugin.Mojo', implementation: 'org.apache.maven.plugins.deploy.DeployFileMojo', role hint: 'org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy-file'
role: 'org.apache.maven.plugin.Mojo', implementation: 'org.apache.maven.plugins.maven_deploy_plugin.HelpMojo', role hint: 'org.apache.maven.plugins:maven-deploy-plugin:3.1.1:help'
---
[DEBUG]   (f) project = MavenProject: foo.bar:parent-pom:0.0.1 @ /home/runner/work/parent-pom/parent-pom/pom.xml
[DEBUG]   (f) reactorProjects = [MavenProject: foo.bar:parent-pom:0.0.1 @ /home/runner/work/parent-pom/parent-pom/pom.xml]
[DEBUG]   (f) retryFailedDeploymentCount = 1
[DEBUG]   (f) session = org.apache.maven.execution.MavenSession@3c8a7e38
[DEBUG]   (f) skip = false
[DEBUG] -- end configuration --
[DEBUG] Using transporter WagonTransporter with priority -1.0 for https://maven.pkg.github.com/org/maven-packages
[DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://maven.pkg.github.com/org/maven-packages with username=serpro69, ***
Uploading to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/0.0.1/parent-pom-0.0.1.pom
Progress (1): parent-pom-0.0.1.pom (4.1/20 kB)
Progress (1): parent-pom-0.0.1.pom (8.2/20 kB)
Progress (1): parent-pom-0.0.1.pom (12/20 kB)
Progress (1): parent-pom-0.0.1.pom (16/20 kB)
Progress (1): parent-pom-0.0.1.pom (20 kB)

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  36.411 s
[INFO] Finished at: 2024-04-09T11:29:34Z
[INFO] ------------------------------------------------------------------------
Error:  Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy (default-deploy) on project parent-pom: Failed to deploy artifacts: Could not find artifact foo.bar:parent-pom:pom:0.0.1 in github (https://maven.pkg.github.com/org/maven-packages) -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy (default-deploy) on project parent-pom: Failed to deploy artifacts: Could not find artifact foo.bar:parent-pom:pom:0.0.1 in github (https://maven.pkg.github.com/org/maven-packages)

Task version:

v4

Platform:

Runner type:

Repro steps:
A description with steps to reproduce the issue. If your have a public example or repo to share, please provide the link.

name: Publish Maven

on:
  pull_request:
    branches:
      - main

permissions:
  contents: read # default
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 11
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '11'
          cache: 'maven'

      - name: Test
        run: cat ~/.m2/settings.xml

      - name: Publish to GitHub Packages Apache Maven
        run: mvn clean deploy -X
        env:
          GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password

Maven pom distribution management:

    <distributionManagement>
        <repository>
            <id>github</id>
            <name>GitHub OWNER Apache Maven Packages</name>
            <url>https://maven.pkg.github.com/org/maven-packages</url>
        </repository>
    </distributionManagement>

Expected behavior:

Package should be published

Actual behavior:

Error:  Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy (default-deploy) on project parent-pom: Failed to deploy artifacts: Could not find artifact foo.bar:parent-pom:pom:0.0.1 in github (https://maven.pkg.github.com/org/maven-packages) -> [Help 1]
serpro69 commented 5 months ago

Looking at the deploy output from local, I can see it does actually try to download the maven metadata:

[DEBUG] Using transporter HttpTransporter with priority 5.0 for https://maven.pkg.github.com/org/maven-packages
[DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://maven.pkg.github.com/org/maven-packages with username=serpro69, password=***
Uploading to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/0.0.1/parent-pom-0.0.1.pom
Uploaded to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/0.0.1/parent-pom-0.0.1.pom (20 kB at 5.3 kB/s)
Downloading from github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml
Downloaded from github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml (224 B at 366 B/s)
[DEBUG] Writing tracking file '/home/sergio/.m2/repository/foo/bar/parent-pom/resolver-status.properties'
Uploading to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml
Uploaded to github: https://maven.pkg.github.com/org/maven-packages/foo/bar/parent-pom/maven-metadata.xml (333 B at 434 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  5.638 s
[INFO] Finished at: 2024-04-09T13:47:20+02:00

I suppose that's what's failing. But why is this failing? Am I missing something in the workflow?

serpro69 commented 5 months ago

Thinking out loud here, this is the servers part of the settings.xml

<server>
      <id>
        github
      </id>
      <username>
        serpro69
      </username>
      <password>
        ***
      </password>
    </server>

The password comes from GITHUB_TOKEN. Is it assumed that GITHUB_ACTOR (in this case the PR author) can use the action's GITHUB_TOKEN to authenticate to the packages repo? The strangest thing, it fails on lookup of a package, not upload of it... I'm completely confused why this isn't working, since according to documentation this should be pretty simple.

Even tried to set all possible permissions to write for the job:

    permissions:
      actions: write
      checks: write
      contents: write
      deployments: write
      id-token: none
      issues: write
      packages: write
      pages: write
      pull-requests: write
      repository-projects: write
      security-events: write
      statuses: write

That still fails when I try to use GITHUB_TOKEN. The only way this works for me so far is if I try to use a secret with my own personal token, which is so far from ideal I can't even see such a workaround being viable. GITHUB_TOKEN seems to be completely broken for this purpose.

HarithaVattikuti commented 5 months ago

Hello @serpro69 Thank you for creating this issue. We will investigate it and get back to you as soon as we have some feedback.

serpro69 commented 5 months ago

Thanks @HarithaVattikuti , I've spent an entire day yesterday with this, and it does not seem like authentication with github.actor + github.token is possible at the moment for maven packages. This works perfectly fine when I use a personal token and a username of the token owner, so it's very likely that something is wrong with the GITHUB_TOKEN.

mahabaleshwars commented 5 months ago

Hi @serpro69, publishing the package only requires the GITHUB_TOKEN, no server configuration needed. However, if you're planning to install packages linked to other private repositories, you'll need a PAT (Personal Access Token). For further details, please check the GitHub Packages Documentation.

serpro69 commented 5 months ago

Hi @mahabaleshwars . I see, thank you for the comment. I suppose you're referring to this part of the docs:

a personal access token (classic) with at least read:packages scope to install packages associated with other private repositories (which GITHUB_TOKEN can't access).

I guess it makes sense, if GITHUB_TOKEN can't access other repos, you won't be able to publish to them using this token either.

I do wish that the docs were a bit more clearer on this. E.g. in Publishing a package docs, it says :

If you would like to publish multiple packages to the same repository, you can include the URL of the repository in the element of the pom.xml file. GitHub will match the repository based on that field. Since the repository name is also part of the distributionManagement element, there are no additional steps to publish multiple packages to the same repository.

Which is what made me think that this should work, since it explicitly says "no other steps are needed" and doesn't mention the token details.

But I suppose documentation updates are beyond the scope of this issue, so I'll close it.

Thanks again for providing the details on how this is supposed to work.