Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to GitHub Packages in the plugin #3769

Closed
olavtar opened this issue Sep 29, 2023 · 6 comments
Closed

Access to GitHub Packages in the plugin #3769

olavtar opened this issue Sep 29, 2023 · 6 comments
Labels
ci.jenkins.io github plugins.jenkins.io
Milestone
infra-team-sync-2...

Comments

@olavtar
Copy link

olavtar commented Sep 29, 2023

Service(s)

ci.jenkins.io, GitHub, plugins.jenkins.io

Summary

We use dependencies that are hosted on GitHub Packages in our plugin.
Access to GitHub Packages works only through a personal access token

Our plugin: https://github.com/jenkinsci/redhat-dependency-analytics-plugin

We would like https://github.com/jenkinsci/redhat-dependency-analytics-plugin/blob/f4b606b8b509795917edc2f2915c6a3322a85e4d/pom.xml#L212-L215 to access https://github.com/RHEcosystemAppEng/exhort-java-api

Can you recommend anything for our case?

We also thought about publishing exhort-java-api to Jenkins Artifactory.

  1. Does this not contradict any rules for using Jenkins Artifactory?
  2. Should we publish the artifact as a plugin component if we use this approach? Based on https://github.com/jenkins-infra/repository-permissions-updater/#managing-permissions

Thank you.

Reproduction steps

No response
@olavtar olavtar added the triage Incoming issues that need review label Sep 29, 2023
@lemeurherve
Copy link
Member

jenkinsci-dev mailing list initial discussion for reference: https://groups.google.com/g/jenkinsci-dev/c/aK4_a3zntgU

@timja
Copy link
Member

timja commented Sep 29, 2023

Hmm unsure if we would want to take the jar to our artifactory if we aren't hosting the project too.

Can't you publish to something like Maven Central or JitPack.

You've hit the good reason no one really uses GitHub packages (except Docker) for Open Source libraries:
https://github.com/orgs/community/discussions/26634#discussioncomment-7061086

@dduportal
Copy link
Contributor

For what it's worth, we've seen plugins using jars from the SCM itself and the pom.xml points to the local JAR using a repository with a file:// URL.
Example on https://github.com/jenkinsci/qualys-cs-plugin:

@dduportal dduportal added this to the infra-team-sync-2023-10-03 milestone Sep 30, 2023
@dduportal dduportal removed the triage Incoming issues that need review label Sep 30, 2023
@olavtar
Copy link
Author

olavtar commented Oct 9, 2023

@dduportal Thank you.

@dduportal
Copy link
Contributor

@dduportal Thank you.

Let us know if my hacki-sh method unblocks you

@dduportal
Copy link
Contributor

At the same time, I'm closing this issue as no more actions are required for the Jenkins infra team.

Feel free to reopen if any problem arise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ci.jenkins.io github plugins.jenkins.io
Projects
None yet
Milestone
infra-team-sync-2023-10-10
Development

No branches or pull requests
4 participants
@dduportal @timja @lemeurherve @olavtar