Public Github packages used as dependencies in a maven project cant be accessed by LGTM

[Lmnoppy]

Hello,

I am trying to build my app on lgtm however, its failing as it cant access the packages from one of my other repos. With github actions i can add an access token but i cant seem to find away for lgtm to access it.

Has anyone solved this issue and i am just missing the solotion?

Could not transfer artifact com.lmnoppy.api.covid:covid-stats:pom:1.0.1 from/to github (https://maven.pkg.github.com/Lmnoppy/covid-stats): authentication failed for https://maven.pkg.github.com/Lmnoppy/covid-stats/com/lmnoppy/api/covid/covid-stats/1.0.1/covid-stats-1.0.1.pom, status: 401 Unauthorized -> [Help 1]

Thanks for any help/advice

Gary

[aibaars]

The Authenticating to GitHub Packages section in the documentation explains how to configure authentication with a personal access token (PAT). Unfortunately, LGTM does not provide a way to securely include credentials such as a PAT in its configuration files. Including plain text credentials in configuration files would be risky, and I'd recommend against taking that approach.

If you only have one (or very few) dependencies that are (small) open-source projects, then it is probably best to create an .lgtm.yml configuration that git clones the dependencies and mvn installs them in a before_index script defined in an lgtm.yml file. That way mvn should be able to find them without having to download them.

[Lmnoppy]

Yeah, I had reservations about using a PAT, thanks for confirming its a bad move. I will take alook into the lgtm yml file, thanks for the info and apprecaite the quick reply.