Issue
I'm able to push to my Gihub repository just fine with SSH but I'm getting an error when I try to push with the maven release plugin at prepare stage:
Failed to execute goal org.apache.maven.plugins:maven-release-plugin:3.0.0-M1:prepare (default-cli) on project netbeans-visual-diff-standalone: Unable to commit file
Caused by: org.apache.maven.shared.release.scm.ReleaseScmCommandException: Unable to commit files
Provider message:
The git-push command failed.
Command output:
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
I followed all the steps here to create public/private keys, upload the public key to my github account and add private key to ssh agent :
I updated the maven POM with release plugin configuration and scm connection settings :
<scm>
<connection>scm:git:https://github.com/nbauma109/netbeans-visual-diff-standalone.git</connection>
<developerConnection>scm:git:ssh://[email protected]/nbauma109/netbeans-visual-diff-standalone.git</developerConnection>
<url>https://github.com/nbauma109/netbeans-visual-diff-standalone</url>
<tag>HEAD</tag>
</scm>
<distributionManagement>
<repository>
<id>pkg.github.com</id>
<name>GitHub nbauma109 Apache Maven Packages</name>
<url>https://maven.pkg.github.com/nbauma109/mvn-repo</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.0.0-M1</version>
<configuration>
<tagBase>ssh://[email protected]/nbauma109/netbeans-visual-diff-standalone/tags</tagBase>
</configuration>
</plugin>
</plugins>
</build>
<properties>
<project.scm.id>github.com</project.scm.id>
</properties>
In the MAVEN user ~/.m2/settings.xml file, I included the ssh key information with private key location, passphrase and pasted the contents of the public key inside the "contents" tag :
<servers>
<server>
<id>github.com</id>
<username>git</username>
<privateKey>${user.home}/.ssh/id_ed25519</privateKey>
<passphrase>censored</passphrase>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
<configuration>
<knownHostsProvider implementation="org.apache.maven.wagon.providers.ssh.knownhost.SingleKnownHostProvider">
<hostKeyChecking>yes</hostKeyChecking>
<contents>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqdqJcRAZvJvTVWRXBlFB/c+w8pZPFRoWNXKFp6CSTV [email protected]</contents>
</knownHostsProvider>
</configuration>
</server>
<server>
<id>pkg.github.com</id>
<username>nbauma109</username>
<password>github_personal_token</password>
</server>
</servers>
In the knowns_hosts file, I added localhost and my IP. I have 3 files under ~/.ssh :
- id_ed25519 (private key)
- id_ed25519.pub (public key)
- known_hosts
I launch the release the plugin with the following command inside git-bash after having added my key to the ssh agent with an ssh-add ~/.ssh/id_ed25519 :
mvn -X -Dusername=git release:clean release:prepare release:perform
When I'm prompted for version and tag information, I just press enter to choose the defaults.
- release version : 2.0.1
- next development version : 2.0.2-SNAPSHOT
Also, I came across some similar post how to resolve Permission denied (publickey) when maven release used and the OP said he solved the issue by adding the public key to the developerConnection/push section inside the POM file but I've never seen such a thing and I don't think it's the place for that.
EDIT (after @VonC 's answer) : After changing the user from nbauma109 to git, and updating POM and maven settings.xml, I have now two repos, github.com with private key authentication, and pkg.github.com with person token authentication. Now I can push the tag to github.com and I'm able to push the package to Github packages (pkg.github.com) provided my personal token github_personal_token has 'write package' permission.
Now my issue is that I've pushed a package that nobody can have access to without authentication and my release tag is empty of binaries that other projects could use. Do I have no other option than re-upload my binaries manually to the release tag using the Github web GUI ?
Solution
As long as you see [email protected]
, you can be sure an SSH push will fail (from command-line or maven)
A GitHub SSH URL would always use the remote user 'git
': [email protected]:...
, never the actual GitHub user account name: your public key registered to said GitHub account is suppose to authenticate you.
So start testing with:
<username>git</username>
As commented by the OP Sybuser
I have a solution without GitHub packages, which is to:
- configure maven
release
plugin with<goals>install</goals>
, and- use a GitHub action for the maven release (for example
qcastel/github-actions-maven-release
)- and a GitHub action for GitHub release (for example
marvinpinto/action-automatic-releases
).
Answered By - VonC Answer Checked By - Marie Seifert (WPSolving Admin)