Dependabot-core: Dependabot Java (Gradle) with packages stored on GitHub Package Registry.

Created on 17 Jan 2020  路  3Comments  路  Source: dependabot/dependabot-core

Hey,

I was experimenting recently with using GitHub Package Registry for my Java (maven/ gradle) dependencies. I couldn't make Dependabot see those releases though. Do you have any hints how should I set it up? It looks like GitHub Package Registry ignores maven-metadata.xml - even though deployment says it has been uploaded successfully.
I would be grateful for some sort of step-by-step guide / example on how to use Dependabot Java (Gradle) with packages stored on GitHub Package Registry.

Thanks!

picture artzag
👍1

Most helpful comment

This landed yesterday 馃帀

picture jurre on 10 Mar 2020
2

All 3 comments

@artzag 馃憢 there's currently no way of giving Dependabot access to private Gradle package registries, it's possible in Maven by providing registry credentials to Dependabot from the dashboard under the account (top right) > Config variables.

You can track this PR for Gradle authenticated repository support: https://github.com/dependabot/dependabot-core/pull/1465

feelepxyz picture feelepxyz on 22 Jan 2020
👍1

This landed yesterday 馃帀

jurre picture jurre on 10 Mar 2020
2

... and is working like a charm! Great work! Thanks!

artzag picture artzag on 11 Mar 2020
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rafaelrocha-hotmart picture rafaelrocha-hotmart  路  4Comments
v1sion picture v1sion  路  3Comments
christoferolaison picture christoferolaison  路  3Comments
greysteil picture greysteil  路  4Comments
ZebraFlesh picture ZebraFlesh  路  3Comments