Thanks for the detailed answer We also thought about publishing *exhort-java-api* to Jenkins Artifactory. 1. Does this not contradict any rules for using Jenkins Artifactory? 2. Should we publish the artifact as a plugin component if we use this approach? Based on https://github.com/jenkins-infra/repository-permissions-updater/#managing-permissions
On Thursday, September 28, 2023 at 4:02:36 PM UTC+3 [email protected] wrote: > On Thu, Sep 28, 2023 at 4:37 AM Vladimir Belousov <[email protected]> > wrote: > >> We use dependencies that are hosted on GitHub Packages in our plugin. > > > I guess you mean > https://github.com/jenkinsci/redhat-dependency-analytics-plugin/blob/f4b606b8b509795917edc2f2915c6a3322a85e4d/pom.xml#L212-L215 > > to access https://github.com/RHEcosystemAppEng/exhort-java-api > > This is not standard practice and is likely to cause issues. Normally any > dependencies you need should be published either to Jenkins Artifactory, if > they are specific to Jenkins, or Maven Central if not. > > I am well aware that > https://github.com/RHEcosystemAppEng/exhort-java-api/blob/ed0cb76f5ccd1d0d74bdbc6d36a4c04b2900d51c/.github/workflows/release.yml#L56-L61 > > is vastly simpler to manage than deploying to OSSRH. At some point > https://sigstore.github.io/sigstore-maven-plugin/ should make it possible > to deploy to Central using GHA OIDC tokens, but it is not ready yet and > AFAIK there is no published timeline. > > If you really want to access GH Packages, you can probably do so with > `GITHUB_TOKEN` in GHA without needing a PAT. This would work for the CD > action, probably with custom modifications, but would not work for > ci.jenkins.io so Jenkinsfile would be useless; you would need to set up > your own CI. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/b42a0a43-0118-4efc-9e5a-857fa68959dfn%40googlegroups.com.
