Migrate MVN repo to GitHub packages?

[emanuelpalm]

https://github.com/arrowhead-f/client-library-java-spring/packages

I just saw that GitHub now has its own system for hosting MVN packages. Perhaps there would be advantages to adopting it?

[emanuelpalm]

https://help.github.com/en/github/managing-packages-with-github-packages/configuring-apache-maven-for-use-with-github-packages

[borditamas]

Hello Emanuel, thanks for the highlight, it's worth to have deeper look indeed.

[borditamas]

done

[emanuelpalm]

@borditamas Does GitHub packages still require that everyone, including people not members of arrowhead-f, uses a GitHub token to download packages?

[borditamas]

Unfortunately yes.

[tsvetlin]

I guess they use it for statistics. Anyway is this a problem?

[emanuelpalm]

@tsvetlin It is a usability problem, and its ugly.

It is a usability problem because specifying what packages you need and what repository you use is not enough. You also have to specify a username and password for that repository. The username must be that of one of the members of the GitHub organization owning the package, and the password must be a token generated for that particular member. The token can be configured to only allow read-access to the repository.

I propose that GitHub packages not be used, that this issue is closed, and that you aim for using the Maven Central repository instead. It took me about a day to get arkalix to Maven Central, so it is certainly doable, even if it is a lot more tedious than using GitHub packages. You are going to have to contact whoever is responsible for managing the arrowhead.eu domain name and tell them to add a TXT record with a certain identifier in it, given to you by Sonatype, the company running Maven Central. You are also going to have to create PGP certificates and some other stuff, but it is certainly doable (see https://central.sonatype.org/pages/ossrh-guide.html).

[borditamas]

According to my understanding for a public package the username is not necessarily have to belong to the owner organization. And the access level of the token refers only to the user account and not to the repository.

I agree it's still not the easiest way as maven central would be, but still useable for all github users if I'm right.

[emanuelpalm]

@borditamas You could be correct. In either case, I'm going to leave it up to you to decide how you would like to proceed with this question. If you want to keep discussing it, you should open a new issue. I opened this one, so now I'm closing it. ;-)