On Fri, Feb 5, 2021 at 3:29 PM Eric Bresie <[email protected]> wrote: > > Regarding the authentication... > > As I recall during build for somethings, the builds still had to be > certified in some way before fully usable. Is this any different then > authentication with Github? See > https://docs.github.com/en/packages/learn-github-packages/about-github-packages#authenticating-to-github-packages > > Not an expert here but it sounds like the action can be setup to give > certain roles (i.e. read only vs write). So in this case would the main > folks in control of the apache/netbeans setup the roles and access so that > those building would have "write" / "publish" access while others would > have "read" access to the interim build jars. >
Regarding GitHub Packages authentication. Authorization isn't the issue. Authentication is. The documentation link you reference - official one from GitHub - isn't clear on the fact the GitHub Packages requires authentication even if you are just consuming. The confusion is partly due to GitHub's (at least for me) strange use of the word "install". Here it actually means that you are consuming something *from* the GitHub Packages registry and 'installing' it locally. Putting something into GitHub Packages is called "publishing". The latter terminology is logical to me, the former is not. What it boils down to: *any* use of GitHub Packages, reading or writing, requires a PAT (Personal Access Token). It doesn't matter if the project itself is private or public. This PAT would be cumbersome for NetBeans distro users to configure. Every user who wishes to do "ant" on NetBeans distro would have to do this. It is discussed at length here [1]. Note the amount of people who feel tricked by GitHub's unclear terminology. GitHub employee Jamie Cansdale (jcandale) has proposed a workaround [2] for this problem but I don't particularly like it. But it would mean we could hardwire a shared PAT into the NetBeans Ant build properties. Note that "Shared" in relation to Personal Access Token is an obvious contradiction. :-) [1] https://github.community/t/download-from-github-package-registry-without-authentication/14407 [2] https://github.community/t/download-from-github-package-registry-without-authentication/14407/44 /Lars --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
