![[PukiWiki]](./skin/logo.png "[PukiWiki]"){kind=logo}
|
投稿日: 2025-03-28 (金)
|
| 目次▼ |
試しにActionsでPackagesへPublishしようとしているんだけどどうしてかエラーが出る。
> Task :publishMavenJavaPublicationToGitHubPackagesRepository FAILED FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':publishMavenJavaPublicationToGitHubPackagesRepository'. > Failed to publish publication 'mavenJava' to repository 'GitHubPackages' > Could not PUT 'https://maven.pkg.github.com/(以下略)'. Received status code 401 from server: Unauthorized * Try: > Run with --stacktrace option to get the stack trace. > Run with --info or --debug option to get more log output. > Run with --scan to get full insights. > Get more help at https://help.gradle.org. [Incubating] Problems report is available at: file:///home/runner/work/storagebox-fabric/storagebox-fabric/build/reports/problems/problems-report.html Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0. You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins. For more on this, please refer to https://docs.gradle.org/8.12/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation. BUILD FAILED in 1m 42s 9 actionable tasks: 9 executed Error: Process completed with exit code 1.
> Task :publishMavenJavaPublicationToGitHubPackagesRepository FAILED FAILURE: Build failed with an exception. [Incubating] Problems report is available at: file:///home/runner/work/storagebox-fabric/storagebox-fabric/build/reports/problems/problems-report.html * What went wrong: Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0. Execution failed for task ':publishMavenJavaPublicationToGitHubPackagesRepository'. > Failed to publish publication 'mavenJava' to repository 'GitHubPackages' You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins. > Could not PUT 'https://maven.pkg.github.com/(以下略)'. Received status code 403 from server: Forbidden For more on this, please refer to https://docs.gradle.org/8.12/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation. * Try: 9 actionable tasks: 9 executed > Run with --stacktrace option to get the stack trace. > Run with --info or --debug option to get more log output. > Run with --scan to get full insights. > Get more help at https://help.gradle.org. BUILD FAILED in 1m 13s Error: Process completed with exit code 1.
以下のように変更してみた。
ちなみにこれはbuildしてPackagesにpublishするworkflowだ。
# Build and Publish
name: Gradle CI
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Java 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'temurin'
- name: Change gradlew permissions
run: chmod +x ./gradlew
- name: Build with Gradle
uses: gradle/gradle-build-action@v2
with:
arguments: build
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: Artifacts
path: build/libs/
publish:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v3
- name: Set up Java 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'temurin'
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: Artifacts
path: build/libs/
- name: Change gradlew permissions
run: chmod +x ./gradlew
- name: Publish to GitHub Packages
env:
GITHUB_TOKEN: ${{ secrets.PAT_KEY }}
run: ./gradlew assemble publish
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
にしていたが、どうやらGITHUB_TOKENは権限不足で使えないようだ。
たとえ、permissions: でpackages: writeにしてもセキュリティ上の理由でpublicリポジトリでは不可能なようである。
なので次のようにシークレットを指定する。
名前は任意だがここではPAT_KEYというシークレットをつくった。
シークレットキーはリポジトリの上バー「Settings」->左のサイドバー「Secrets and variables」->左のサイドバーに展開された「Actions」から作成できる。
Repository secretsの「New repository secret」をクリックして任意だがここでは「PAT_KEY」とし、Personal access tokens (classic)のトークンを貼り付けてシークレットを作成する。
そしてのenvには以下のように変更する
GITHUB_TOKEN: ${{ secrets.PAT_KEY }}
おそらくだが、Actionsからセキュリティ上の理由でPublicなリポジトリではデフォのGITHUB_TOKENではPackagesにPublishできないような仕様なんだと思う。
PRをマージして悪意のあるコードが入ったまま、Publishしてしまうというインシデントを考えるとまあ妥当なのだろうか。
しかし、Docsにもそれについて言及されていないとは参った。Private Repoなら成功する模様。
キーワード: 情報技術, GitHub Packages, Publish, GitHub Actions, CI/CD, 自動化, エラー, Failed, 権限不足, PAT, Token, トークン
