Thanks for the detailed answer We also thought about publishing *exhort-java-api* to Jenkins Artifactory. 1. Does this not contradict any rules for using Jenkins Artifactory? 2. Should we publish the artifact as a plugin component if we use this approach? Based on https://github.com/jenkins-infra/repository-permissions-updater/#managing-permissions
On Thursday, September 28, 2023 at 4:02:36 PM UTC+3 jgl...@cloudbees.com wrote: > On Thu, Sep 28, 2023 at 4:37 AM Vladimir Belousov <vbel...@redhat.com> > wrote: > >> We use dependencies that are hosted on GitHub Packages in our plugin. > > > I guess you mean > https://github.com/jenkinsci/redhat-dependency-analytics-plugin/blob/f4b606b8b509795917edc2f2915c6a3322a85e4d/pom.xml#L212-L215 > > to access https://github.com/RHEcosystemAppEng/exhort-java-api > > This is not standard practice and is likely to cause issues. Normally any > dependencies you need should be published either to Jenkins Artifactory, if > they are specific to Jenkins, or Maven Central if not. > > I am well aware that > https://github.com/RHEcosystemAppEng/exhort-java-api/blob/ed0cb76f5ccd1d0d74bdbc6d36a4c04b2900d51c/.github/workflows/release.yml#L56-L61 > > is vastly simpler to manage than deploying to OSSRH. At some point > https://sigstore.github.io/sigstore-maven-plugin/ should make it possible > to deploy to Central using GHA OIDC tokens, but it is not ready yet and > AFAIK there is no published timeline. > > If you really want to access GH Packages, you can probably do so with > `GITHUB_TOKEN` in GHA without needing a PAT. This would work for the CD > action, probably with custom modifications, but would not work for > ci.jenkins.io so Jenkinsfile would be useless; you would need to set up > your own CI. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/b42a0a43-0118-4efc-9e5a-857fa68959dfn%40googlegroups.com.
