0a4f3e7dab
* New article title & reposition article * Update links * Remove "Deleting a container image" article * Reusable shuffle * Add GHES versioned article * more context * Revise main article * Reminder of permissions * Update some copy * Add "deleting a package" to TOC * Add versioning around links * Update restore package procedure * Update permissions statements * Fix GHES link * Apply suggestions from code review Co-authored-by: Martin Lopes <martin389@github.com> * Use "entire" language * GraphQL nuance * New intro + actions * Fix GHES link * Package deletion 2.0 follow up (#17855) * Remove GHES 3.1 versioning * 3.0 or less * Revert "Remove GHES 3.1 versioning" This reverts commit 9bbc0bd57c1c7ba23097f3f4b9a830c13941402c. * Revert "3.0 or less" This reverts commit dfd2f48e4a4da62c2594fbeaeb12eacda5afc6d4. * Revert "Revert "Remove GHES 3.1 versioning"" This reverts commit ef90065eb2883041b15bd2d50f97e4f07cf04768. * Ditch unnecessary package namespace references and rework permissions framing * Add placeholder note so PR tests will pass * Add versioning around package deletion mentions outside of main deletion articles * Add placeholder around link so it will go live * Add `audit_log` entries * Apply suggestions from code review Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Apply Shati's suggestion * Remove duplicate line Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Package deletion 2.0 last updates (#17880) * Update versioning and placeholder note * syntax improvement * Note the 25 downloads caveat * Add more headings * Apply suggestions from code review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Sarah Edwards <skedwards88@github.com> * Apply suggestions from code review * Apply suggestions from code review * Packages REST API page (#17808) * Add draft of packages REST page * Add packages in TOC * Rewrite Packages API introductory info * Fix space * Rewrite conceptual API intro content * Revise this line * Apply suggestions from code review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Mark Phelps <markphelps@github.com> * Add rewrite * Add de dereferenced files * Add the decorated files * ALL of the decorated files * Revert "ALL of the decorated files" This reverts commit 38f13dcd75078f2eacb53dfd0b31c79737966656. * Revert "Add the decorated files" This reverts commit b0c8a2096c8b19e62404585f97298ab42822d3e5. * Revert "Add de dereferenced files" This reverts commit abd377c8eb804e9c69dffa9b0c01ec64fb500727. * Commit the lib/rest/static files to preview changes on staging * Revert "Commit the lib/rest/static files to preview changes on staging" This reverts commit acb121ae9d8bd2e23b00ebb14848e7b83aeddf5b. Co-authored-by: Mark Phelps <markphelps@github.com> * Commit static files to preview endpoints on staging * Update references to API support * remove static rest api files * ditch "as a user" for now * Rearrange based on feedback * Last tidbits * Update OpenAPI Descriptions (#17893) * Update OpenAPI Descriptions * Add decorated OpenAPI schema files * link fix Co-authored-by: Martin Lopes <martin389@github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: Sarah Edwards <skedwards88@github.com> Co-authored-by: Mark Phelps <markphelps@github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
14 KiB
title, intro, product, redirect_from, versions
| title | intro | product | redirect_from | versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| About GitHub Packages | {% data variables.product.prodname_registry %} is a software package hosting service that allows you to host your software packages privately or publicly and use packages as dependencies in your projects. | {% data reusables.gated-features.packages %} |
|
|
{% data reusables.package_registry.packages-ghes-release-stage %}
About {% data variables.product.prodname_registry %}
{% data variables.product.prodname_registry %} is a platform for hosting and managing packages, including containers and other dependencies. {% data variables.product.prodname_registry %} combines your source code and packages in one place to provide integrated permissions management and billing, so you can centralize your software development on {% data variables.product.product_name %}.
You can integrate {% data variables.product.prodname_registry %} with {% data variables.product.product_name %} APIs, {% data variables.product.prodname_actions %}, and webhooks to create an end-to-end DevOps workflow that includes your code, CI, and deployment solutions.
{% data variables.product.prodname_registry %} offers different package registries for commonly used packages, such as for Node, RubyGems, Apache Maven, Gradle, and Nuget.
{% if currentVersion ver_gt "enterprise-server@2.21" %}
{% endif %}
{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_registry %} also offers a {% data variables.product.prodname_container_registry %} designed to support the unique needs of container images. For more information, see "About {% data variables.product.prodname_github_container_registry %}."
{% data reusables.package_registry.container-registry-beta %}
{% endif %}
Viewing packages
You can review the package's README, some metadata like licensing, download statistics, version history, and more on {% data variables.product.product_name %}. For more information, see "Viewing packages."
About package permissions and visibility
| Package registries | |
|---|---|
| Hosting locations | You can host multiple packages in one repository. |
| Permissions | Each package inherits the permissions of the repository where the package is hosted. For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version. |
| Visibility | {% data reusables.package_registry.public-or-private-packages %} |
{% if currentVersion == "free-pro-team@latest" %}
About billing for {% data variables.product.prodname_registry %}
{% data reusables.package_registry.packages-billing %} {% data reusables.package_registry.packages-spending-limit-brief %} For more information, see "About billing for {% data variables.product.prodname_registry %}."
{% data reusables.package_registry.container-registry-beta-billing-note %} {% endif %}
Supported clients and formats
{% data variables.product.prodname_registry %} uses the native package tooling commands you're already familiar with to publish and install package versions.
Support for package registries
{% if currentVersion == "free-pro-team@latest" %}
Package registries use PACKAGE-TYPE.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME as the package host URL, replacing PACKAGE-TYPE with the Package namespace. For example, your Gemfile will be hosted at rubygems.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME.
{% else %}
The package types supported on {% data variables.product.product_location %} may vary since your site administrator can enable or disable support for different package types. For more information, see "Managing GitHub Packages for your enterprise."
If {% data variables.product.product_location %} has subdomain isolation enabled, then package registries will use PACKAGE-TYPE.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME as the package host URL, replacing PACKAGE-TYPE with the Package namespace. For example, your Dockerfile will be hosted at docker.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME.
If {% data variables.product.product_location %} has subdomain isolation disabled, then package registries will use HOSTNAME/_registry/PACKAGE-TYPE/OWNER/REPOSITORY/IMAGE-NAME as the package host URL. For example, your Gemfile will be hosted at HOSTNAME/_registry/rubygems/OWNER/REPOSITORY/IMAGE-NAME, replacing HOSTNAME with the host name of your {% data variables.product.prodname_ghe_server %} instance.
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
| Language | Description | Package format | Package client | Package namespace |
|---|---|---|---|---|
| JavaScript | Node package manager | package.json |
npm |
npm.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| Ruby | RubyGems package manager | Gemfile |
gem |
rubygems.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Apache Maven project management and comprehension tool | pom.xml |
mvn |
maven.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Gradle build automation tool for Java | build.gradle or build.gradle.kts |
gradle |
maven.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| .NET | NuGet package management for .NET | nupkg |
dotnet CLI |
nuget.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
{% else %}
With subdomain isolation enabled on {% data variables.product.product_location %}:
| Language | Description | Package format | Package client | Package namespace |
|---|---|---|---|---|
| JavaScript | Node package manager | package.json |
npm |
npm.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| Ruby | RubyGems package manager | Gemfile |
gem |
rubygems.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Apache Maven project management and comprehension tool | pom.xml |
mvn |
maven.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Gradle build automation tool for Java | build.gradle or build.gradle.kts |
gradle |
maven.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| .NET | NuGet package management for .NET | nupkg |
dotnet CLI |
nuget.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| N/A | Docker container management | Dockerfile |
Docker |
docker.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
With subdomain isolation disabled on {% data variables.product.product_location %}:
| Language | Description | Package format | Package client | Package namespace |
|---|---|---|---|---|
| JavaScript | Node package manager | package.json |
npm |
HOSTNAME/_registry/npm/OWNER/REPOSITORY/IMAGE-NAME |
| Ruby | RubyGems package manager | Gemfile |
gem |
HOSTNAME/_registry/rubygems/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Apache Maven project management and comprehension tool | pom.xml |
mvn |
HOSTNAME/_registry/maven/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Gradle build automation tool for Java | build.gradle or build.gradle.kts |
gradle |
HOSTNAME/_registry/maven/OWNER/REPOSITORY/IMAGE-NAME |
| .NET | NuGet package management for .NET | nupkg |
dotnet CLI |
HOSTNAME/_registry/nuget/OWNER/REPOSITORY/IMAGE-NAME |
{% note %}
Note: Docker is not supported when subdomain isolation is disabled.
{% endnote %}
For more information about subdomain isolation, see "Enabling subdomain isolation."
{% endif %}
For more information about configuring your package client for use with {% data variables.product.prodname_registry %}, see "Package client guides for {% data variables.product.prodname_registry %}."
{% if currentVersion == "free-pro-team@latest" %} For more information about Docker and {% data variables.product.prodname_github_container_registry %}, see "Container guides for {% data variables.product.prodname_registry %}." {% endif %}
Authenticating to {% data variables.product.prodname_registry %}
{% data reusables.package_registry.authenticate-packages %}
About scopes and permissions for package registries
To use or manage a package hosted by a package registry, you must use a token with the appropriate scope, and your user account must have appropriate permissions for that repository.
For example:
- To download and install packages from a repository, your token must have the
read:packagesscope, and your user account must have read permissions for the repository. - {% if currentVersion == "free-pro-team@latest" or if currentVersion ver_gt "enterprise-server@3.0" %}To delete a package on {% data variables.product.product_name %}, your token must at least have the
delete:packagesandread:packagesscope. Thereposcope is also required for repo-scoped packages.{% endif %}{% if currentVersion ver_lt "enterprise-server@3.1" %}To delete a specified version of a private package on {% data variables.product.product_name %}, your token must have thedelete:packagesandreposcope. Public packages cannot be deleted.{% endif %} For more information, see "{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}Deleting and restoring a package{% elsif currentVersion ver_lt "enterprise-server@3.1" %}Deleting a package{% endif %}."
| Scope | Description | Repository permissions |
|---|---|---|
read:packages |
Download and install packages from {% data variables.product.prodname_registry %} | read |
write:packages |
Upload and publish packages to {% data variables.product.prodname_registry %} | write |
delete:packages |
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} Delete packages from {% data variables.product.prodname_registry %} {% endif %}{% if currentVersion ver_lt "enterprise-server@3.1" %} Delete specified versions of private packages from {% data variables.product.prodname_registry %} {% endif %} | admin |
repo |
Upload and delete packages (along with write:packages, or delete:packages) |
write, or admin |
When you create a {% data variables.product.prodname_actions %} workflow, you can use the GITHUB_TOKEN to publish and install packages in {% data variables.product.prodname_registry %} without needing to store and manage a personal access token.
For more information, see:
- "Using {% data variables.product.prodname_registry %} with {% data variables.product.prodname_actions %}"
- "Creating a personal access token"
- "Available scopes"
Managing packages
{% if currentVersion == "free-pro-team@latest" %} You can delete a package in the {% data variables.product.product_name %} user interface or using the REST API. For more information, see the "{% data variables.product.prodname_registry %} API." {% endif %}
{% if currentVersion ver_gt "enterprise-server@3.0" %} You can delete a private or public package in the {% data variables.product.product_name %} user interface. Or for repo-scoped packages, you can delete a version of a private package using GraphQL. {% endif %}
{% if currentVersion ver_lt "enterprise-server@3.1" %} You can delete a version of a private package in the {% data variables.product.product_name %} user interface or using the GraphQL API. {% endif %}
When you use the GraphQL API to query and delete private packages, you must use the same token you use to authenticate to {% data variables.product.prodname_registry %}. For more information, see "{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}Deleting and restoring a package{% elsif currentVersion ver_lt "enterprise-server@3.1" %}Deleting a package{% endif %}" and "Forming calls with GraphQL."
You can configure webhooks to subscribe to package-related events, such as when a package is published or updated. For more information, see the "package webhook event."
Contacting support
{% if currentVersion == "free-pro-team@latest" %} If you have feedback or feature requests for {% data variables.product.prodname_registry %}, use the feedback form for {% data variables.product.prodname_registry %}.
Contact {% data variables.contact.github_support %} about {% data variables.product.prodname_registry %} using our contact form if:
- You experience anything that contradicts the documentation
- You encounter vague or unclear errors
- Your published package contains sensitive data, such as GDPR violations, API Keys, or personally identifying information
{% else %} If you need support for {% data variables.product.prodname_registry %}, please contact your site administrators.
{% endif %}