Dependabot-core: Dependabot Java (Gradle) with packages stored on GitHub Package Registry.

Created on 17 Jan 2020  路  3Comments  路  Source: dependabot/dependabot-core

Hey,

I was experimenting recently with using GitHub Package Registry for my Java (maven/ gradle) dependencies. I couldn't make Dependabot see those releases though. Do you have any hints how should I set it up? It looks like GitHub Package Registry ignores maven-metadata.xml - even though deployment says it has been uploaded successfully.
I would be grateful for some sort of step-by-step guide / example on how to use Dependabot Java (Gradle) with packages stored on GitHub Package Registry.

Thanks!

Most helpful comment

This landed yesterday 馃帀

All 3 comments

@artzag 馃憢 there's currently no way of giving Dependabot access to private Gradle package registries, it's possible in Maven by providing registry credentials to Dependabot from the dashboard under the account (top right) > Config variables.

You can track this PR for Gradle authenticated repository support: https://github.com/dependabot/dependabot-core/pull/1465

This landed yesterday 馃帀

... and is working like a charm! Great work! Thanks!

Was this page helpful?
0 / 5 - 0 ratings