5

Goal

I want to have two repositories:

  • Repository A: Publishes a JAR to Github Registry

  • Repository B: Downloads the JAR from A and publishes a Docker Image containing the JAR.

I.e. I'm searching for an API which looks like:

wget https://github.com/repoOwner/repoName/packages/1.2.3/my.jar

Question

Is there a Github Action or API which allows me to download an artifact from a Github Package Registry for a specific version?

Problem

I know there is a Github API for the artifacts but I don't see how I can request the artifact URL for a specific version.

hb0
  • 3,350
  • 3
  • 30
  • 48
  • 1
    The artifact URL is `https://github.com///releases/download//` - e.g. https://github.com/textbook/salary-stats/releases/download/v0.3.1/dist-v0.3.1.tar.gz – jonrsharpe Nov 23 '20 at 13:44
  • @jonrsharpe Thanks for the super-fast response. The artifacts (JAR, Docker-Image, ...) I publish into the Github Package Registry is not listed as `asset` below the Release, there is only `Source code (zip)` and `Source code (tar.gz)`. I guess I could add `actions/upload-release-asset@v1` with my JAR to my Publish-JAR Workflow. Thanks for that tip! – hb0 Nov 23 '20 at 13:51
  • If you look at the artifact links from GPR I'd guess they have a predictable structure too. – jonrsharpe Nov 23 '20 at 13:52
  • @jonrsharpe Unfortunately not really. The URL contains a HASH. But I could live with the solution mentioned above I guess. Just thought there is a Github Action for retrieving Artifacts of a specific version from the GPR which I just don't see. – hb0 Nov 23 '20 at 14:02

2 Answers2

6

To Download the JAR from the Github Package Registry use this URL:

https://maven.pkg.github.com/OWNER/REPO/PACKAGE/VERSION/ARTIFACT.jar
  • Authenticate with your personal developer token and account name
    • For public repositories the token does not need special permissions
    • For private repositories the token only needs package:read permission
  • Replace OWNER with the Github account name of the repository owner
  • Replace REPO with the repository name
  • Replace PACKAGE with the group id you published
  • Replace VERSION with the artifact version you published
  • Replace ARTIFACT with the artifact id you published

E.g. for this Package, were only a pom file is published:

https://maven.pkg.github.com/abrensch/brouter/org/btools/brouter/1.6.1/brouter-1.6.1.pom
hb0
  • 3,350
  • 3
  • 30
  • 48
  • I found this link structure only by accident while receiving an error during `gradle publish`: `could not write to resource *URL*`, not in the documentation. – hb0 Nov 30 '20 at 10:31
  • Does it still work for anybody else? I get "ERROR 404: Not Found" – heringer Dec 08 '21 at 12:32
  • @heringer Yes. I tested the link posted above (public repo) to the `pom` file in the browser and used a Github account and a Personal Access Token. If you want to download from a private repository your account needs to have `package:read` permissions and access to that repo as explained above. – hb0 Dec 08 '21 at 14:20
  • Thanks, @hb0, I confirmed that. I don't know what I did wrong previously. – heringer Dec 08 '21 at 16:53
1

@hb0 answer is great and helped me a lot.

I will just add my experience, maybe it can help someone else.

I was trying to download the jar file with this command:

curl -O --header "Authorization: Bearer $MYSECRETTOKEN" https://maven.pkg.github.com/myorg/myrepo/com/org/mypackage/1.0.0/mypackage-1.0.0.jar

But it was returning:

Moved Permanently

Then I had to change the command to:

curl -O -L https://_:$MYSECRETTOKEN@maven.pkg.github.com/myorg/myrepo/com/org/mypackage/1.0.0/mypackage-1.0.0.jar

where $MYSECRETTOKEN is an environment var with github token as you probably guessed.

heringer
  • 2,698
  • 1
  • 20
  • 33