Skip to main content

Working with the Apache Maven registry

You can configure Apache Maven to publish packages to GitHub Packages and to use packages stored on GitHub Packages as dependencies in a Java project.

注意: GitHub Packages 目前正在测试用于 GitHub AE。

Authenticating to GitHub Packages

You need an access token to publish, install, and delete private, internal, and public packages.

You can use a personal access token to authenticate to GitHub Packages or the GitHub AE API. When you create a personal access token, you can assign the token different scopes depending on your needs. For more information about packages-related scopes for a personal access token, see "About permissions for GitHub Packages."

To authenticate to a GitHub Packages registry within a GitHub Actions workflow, you can use:

  • GITHUB_TOKEN to publish packages associated with the workflow repository.
  • a personal access token with at least packages:read scope to install packages associated with other private repositories (which GITHUB_TOKEN can't access).

有关 GitHub Actions 工作流中使用的 GITHUB_TOKEN 的详细信息,请参阅“工作流中的身份验证”。

Authenticating with a personal access token

You must use a personal access token with the appropriate scopes to publish and install packages in GitHub Packages. For more information, see "About GitHub Packages."

You can authenticate to GitHub Packages with Apache Maven by editing your ~/.m2/settings.xml file to include your personal access token. Create a new ~/.m2/settings.xml file if one doesn't exist.

In the servers tag, add a child server tag with an id, replacing USERNAME with your GitHub username, and TOKEN with your personal access token.

In the repositories tag, configure a repository by mapping the id of the repository to the id you added in the server tag containing your credentials. Replace HOSTNAME with the host name of your enterprise, and OWNER with the name of the user or organization account that owns the repository. Because uppercase letters aren't supported, you must use lowercase letters for the repository owner even if the GitHub user or organization name contains uppercase letters.

If you want to interact with multiple repositories, you can add each repository to separate repository children in the repositories tag, mapping the id of each to the credentials in the servers tag.

GitHub Packages 支持 Apache Maven 的 SNAPSHOT 版本。 要使用 GitHub Packages 存储库下载 SNAPSHOT 工件,请在所用项目的 POM 或 ~/.m2/settings.xml 文件中启用 SNAPSHOTS。

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">

  <activeProfiles>
    <activeProfile>github</activeProfile>
  </activeProfiles>

  <profiles>
    <profile>
      <id>github</id>
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
        </repository>
        <repository>
          <id>github</id>
          <url>https://maven.HOSTNAME/OWNER/REPOSITORY</url>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
        </repository>
      </repositories>
    </profile>
  </profiles>

  <servers>
    <server>
      <id>github</id>
      <username>USERNAME</username>
      <password>TOKEN</password>
    </server>
  </servers>
</settings>

Publishing a package

默认情况下,GitHub 将包发布到名称与包相同的现有仓库中。 For example, GitHub will publish a package named com.example:test in a repository called OWNER/test.

If you would like to publish multiple packages to the same repository, you can include the URL of the repository in the <distributionManagement> element of the pom.xml file. GitHub will match the repository based on that field. Since the repository name is also part of the distributionManagement element, there are no additional steps to publish multiple packages to the same repository.

For more information on creating a package, see the maven.apache.org documentation.

  1. Edit the distributionManagement element of the pom.xml file located in your package directory, replacing HOSTNAME with the host name of your enterprise, OWNER with the name of the user or organization account that owns the repository and REPOSITORY with the name of the repository containing your project.

    <distributionManagement>
       <repository>
         <id>github</id>
         <name>GitHub OWNER Apache Maven Packages</name>
         <url>https://maven.HOSTNAME/OWNER/REPOSITORY</url>
       </repository>
    </distributionManagement>
    
  2. 在 pom.xml 文件的 plugins 元素中,添加 checksum-maven-plugin 插件,并配置该插件以发送至少 SHA-256 的校验和。

    <plugins>
        <plugin>
            <groupId>net.nicoulaj.maven.plugins</groupId>
            <artifactId>checksum-maven-plugin</artifactId>
            <version>1.9</version>
            <executions>
                <execution>
                <goals>
                    <goal>artifacts</goal>
                </goals>
                </execution>
            </executions>
            <configuration>
            <algorithms>
                <algorithm>SHA-256</algorithm>
            </algorithms>
            </configuration>
        </plugin>
    </plugins>
    
  3. Publish the package.

    $ mvn deploy

在发布包后,您可以在 GitHub 上查看该包。 有关详细信息,请参阅“查看包”。

Installing a package

To install an Apache Maven package from GitHub Packages, edit the pom.xml file to include the package as a dependency. If you want to install packages from more than one repository, add a repository tag for each. For more information on using a pom.xml file in your project, see "Introduction to the POM" in the Apache Maven documentation.

  1. 向 GitHub Packages 验证。 有关详细信息,请参阅“向 GitHub Packages 进行身份验证”。

  2. Add the package dependencies to the dependencies element of your project pom.xml file, replacing com.example:test with your package.

    <dependencies>
      <dependency>
        <groupId>com.example</groupId>
        <artifactId>test</artifactId>
        <version>1.0.0-SNAPSHOT</version>
      </dependency>
    </dependencies>
    
  3. 在 pom.xml 文件的 plugins 元素中,添加 checksum-maven-plugin 插件,并配置该插件以发送至少 SHA-256 的校验和。

    <plugins>
        <plugin>
            <groupId>net.nicoulaj.maven.plugins</groupId>
            <artifactId>checksum-maven-plugin</artifactId>
            <version>1.9</version>
            <executions>
                <execution>
                <goals>
                    <goal>artifacts</goal>
                </goals>
                </execution>
            </executions>
            <configuration>
            <algorithms>
                <algorithm>SHA-256</algorithm>
            </algorithms>
            </configuration>
        </plugin>
    </plugins>
    
  4. Install the package.

    $ mvn install

Further reading