Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A valid Github token shouldn't always be mandatory #28

Open
ldeluigi opened this issue Oct 19, 2020 · 3 comments
Open

A valid Github token shouldn't always be mandatory #28

ldeluigi opened this issue Oct 19, 2020 · 3 comments

Comments

@ldeluigi
Copy link

ldeluigi commented Oct 19, 2020
edited
Loading

If my project uses the plugin just for publication, without needing to resolve any Github Package dependency, it should not pretend to have a valid GITHUB_TOKEN defined, so that the project could be built without specifying one.

Possible solutions:

  • A boolean flag to suppress errors and turn them into warnings.
  • Detect if there is any GitHub Packages dependency, and, if not, ignore the absence of a valid token. (Could be impossible to do, I didn't explore that much this possibility).
@ldeluigi
Copy link
Author

Probably related to #27.

@huntc huntc mentioned this issue Feb 4, 2021
Open
@djspiewak
Copy link
Owner

As noted in #34, this isn't really my decision. :-( GitHub requires a token even for read-only access to packages.

@jonstacks
Copy link

@djspiewak, thank you for making this great plugin. It is really helping make github packages easier to use with Scala.

I ran into the same issue as described above and was able to work around it with:

githubTokenSource := TokenSource.Or(
    TokenSource.Environment("GITHUB_TOKEN"), // Injected during a github workflow for publishing
    TokenSource.Environment("SHELL"),  // safe to assume this will be set in all our devs environments, usually /bin/bash, doesn't matter what it is to prevent local errors
  ),

The scenario we have is that we have one repo that is a multi-project build, where we build common jars that we want to publish internally. It does not use Resolver.githubPackages and only downloads from public sources. When we create tags in this repo, we are wanting to publish our artifacts internally, which we can do by injecting {{ secrets.GITHUB_TOKEN}} as the environment variable GITHUB_TOKEN. The idea being that those that want to contribute to the common libraries do not need to set up a PAT for publishing, we just review their PR, merge, and eventually tag it to release and the automation takes care of the rest.

In our other private repos, we do configure it to use the Resolver.githubPackages and anyone developing in those will need to create a personal access token with read packages scope in order to be able to build and we will have them set it up in their gitconfig.

@tomrijntjes tomrijntjes mentioned this issue Aug 13, 2021
Open
colindean added a commit to target/data-validator that referenced this issue Jan 6, 2022
@colindean
Sets up sbt-github-packages for artifact deployment to GHPkgs
680bd00 
With caveat because of djspiewak/sbt-github-packages#28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@djspiewak @jonstacks @ldeluigi