github nuget github-actions github-package-registry github-packages

Push to git packages fails with valid GITHUB_TOKEN

Fully studied the github doc on pushing packages to Git. All the points in the docs are met in the code from the instructor that I'm using.

Looked for typos, etc.

This is the course YAML, it compares exactly to the instructor version:

name: Push to GitHub Packages

on:
  push:
  workflow_dispatch:

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Setup .NET
      uses: actions/setup-dotnet@v1
      with:
        dotnet-version: 5.0.x
    - name: Restore dependencies
      run: dotnet restore
    - name: Build
      run: dotnet build --configuration Release --no-restore 

    - name: Pack
      run: dotnet pack --configuration Release --no-build --output .
      
    - name: Push
      run: |
        dotnet nuget add source --username *** --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/***/index.json"
        dotnet nuget push ./*.nupkg --skip-duplicate --source "github" --api-key ${GITHUB_TOKEN}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Here is the error I get when pushing my package to Git, sensitive info redacted. The Push section of the job run says the package was successfully added.

I'm using the GITHUB_TOKEN with the valid organization / username.

Run dotnet nuget add source --username *** -*** --store-password-in-clear-text --name github "https://nuget.pkg.github.com/***/index.json"
  dotnet nuget add source --username *** -*** --store-password-in-clear-text --name github "https://nuget.pkg.github.com/***/index.json"
  dotnet nuget push ./*.nupkg --skip-duplicate --source "github" --api-key ${GITHUB_TOKEN}
  shell: /usr/bin/bash -e {0}
  env:
    DOTNET_ROOT: /home/runner/.dotnet
    GITHUB_TOKEN: ***
Package source with Name: github added successfully.
Pushing MyCoolClassLibrary.1.0.1.nupkg to 'https://nuget.pkg.github.com/***'...
  PUT https://nuget.pkg.github.com/***/
warn : Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
  Forbidden https://nuget.pkg.github.com/***/ 224ms
error: Response status code does not indicate success: 403 (Forbidden).

As the old saying goes, this isn't rocket science but it does have a few moving parts.

This code has been parsed over many times. I have to be missing something, just don't see what that is.

Solution

First, add a

permissions:
  packages: write
  contents: read

See:

https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-with-granular-permissions

The defaults for your repository might be set to read-only (Repository - ⚙️ Settings - ▶️ Actions - General):

And be sure to link the package to the repository

If you are using a GitHub Actions workflow to manage your packages, you can grant an access role to the repository the workflow is stored in by using the Add Repository button under "Manage Actions access" in the package's settings. For more information, see "Configuring a package's access control and visibility."

On your package's landing page, on the right-hand side, click ⚙️ Package settings.

To ensure your workflow has access to your package, you must add the repository where the workflow is stored. Under "Manage Actions access", click Add repository and search for the repository you want to add.

Use the Role drop-down menu to select the default access level that you'd like the repository to have to your package.