How can I authenticate with GitHub Package Registry using app installation token?

Question

I have successfully pushed some Gradle packages to GitHub Package Registry using the built in GITHUB_TOKEN of the given repo in GitHub Actions.

Now I want to download the packages when building with GitHub Actions in another repo. The docs suggest using a Personal Access Token to do this, but I don't want the token to be connected to my account, rather to the organization the code belongs to.

I have previously used an app installation token for such tasks, and given it full write permissions to repositories and packages. It works fine for e.g. Terraform and other git tasks.

When I try to use it with Gradle, it returns a 400 Bad Request:

> Could not GET 'https://maven.pkg.github.com/<my package>.pom'. Received status code 400 from server: Bad Request

Is there any way to make this work?

score 0 · Answer 1 · answered Sep 29 '21 at 07:32

After trying to download the .pom directly in the browser with the same token, I get the following:

Unable to download maven package : "graphql call failed: This credential type is not supported for registry. Please use a Personal Access Token or GitHub Actions token instead."

Looks like there is no way to use app installation tokens for GitHub Package Registry at the moment, unfortunately.

How can I authenticate with GitHub Package Registry using app installation token?

1 Answers1