91d3857341
* Update README * [Universe] Dark mode (#16545) * Dark mode updates (#16696) * [Universe] Corporate sponsors (#16457) * Dependency review beta (#16563) * Add placeholder topic file * Revert change I didn't make I'm not sure where this change came from or why it's showing up in my PR here but I didn't make this change and it's not part of Dependency Review so I'm reverting it. * Un-revert previous change OK I see what happened there. I was comparing the PR to main rather than the Universe megabranch, hence it showed a change I didn't make. This commit undoes the change I do not want to revert on the megabranch. * Update image to add the Checks tab * Finish updating topic to mention DR * Fix check errors * Fix another versioning error * Add a sentence about supported ecosystems * Add review changes * Remove Further reading topics in same category As suggested by James, I've removed the links to topics that are in the same `/collaborating-with-issues-and-pull-requests/` category as this topic. * Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md * Updates in the light of Maya's review * Remove use of "exploit" in description * Change 'dependency review summary' to 'dependency review' See PR review comment from Maya. * Mention that the age of the dependency is given * Update screenshots to latest GUI * Add details of dependency ordering within a DR * Update content/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * Update content/github/visualizing-repository-data-with-graphs/about-the-dependency-graph.md Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> * [Universe 2020] New audit log REST API endpoint (#16699) * Minimal updates for preview * ✨ API previews ✨ * Update beta note * ✨ Update API previews ✨ * ✨ Update previews ✨ * Add draft section for git events * Clean API previews * More fixes + API previews * Address review comments + update API previews * Mention cursor-based pagination * Update content/rest/overview/resources-in-the-rest-api.md Co-authored-by: Jeff Saracco <jeffsaracco@github.com> * Temporarily revert API previews * Small tweaks from review comments + API previews * revert json schemas * Updating OpenAPI descriptions (#16776) * Updating OpenAPI descriptions * Add decorated OpenAPI schema files Co-authored-by: Jeff Saracco <jeffsaracco@github.com> Co-authored-by: skedwards88 <skedwards88@github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com> * [Universe 2020] GitHub Actions: Workflow visualization (#16629) * initial empty commit * replace image used only for dotcom * add new image and version usage * add new image and version usage * add new image and version usage * add new image and version usage, delete unneeded image * add new image and version usage, fix incorrect image * add new image and version usage * add new image and version usage * add new image and version usage * add new image and version usage * update screenshot update * add new image and version usage * add new image and version usage * update text * update images and fix list numbering * add step with graph * Add missing versioning * add overview of visualization * fix title to match filename * add beta note * update wording * Restructuring packages (#16731) * restructuring packages * moving more content * moving more content * fixing the toc for guides * removing CR from the landing page * adjusting qs * updating npm * enhancing guides * Update updating-github-insights.md * fixing link problems * fixing link problems * redirecting the redirects * another change * fixing the guides landing page * add packages quickstart * moving CR content * adding some descriptive text * add packages landing page * adding guide content back * update popular articles based on data * fix caps on product name * try removing product from front matter * Update content/packages/quickstart.md Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Update content/packages/quickstart.md Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * add node package instructions to quickstart * fixing links and adding redirect * fixing redirects * renaming to container guides * renaming to container guides and fixing reusables * adding context and about section to CR * removign landign page extra titles and descriptions * reverting the packages * updating link * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * updating * update test to reflect redesigned product landing page * Add private vs public clarification * Fix borked test * filter out standalone category files from test Co-authored-by: Cynthia Rich <crichID@github.com> Co-authored-by: Cynthia Rich <crichID@users.noreply.github.com> Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: Jason Etcovitch <jasonetco@github.com> * Add discussions video See https://github.com/github/docs-internal/pull/16759 * Remove typos * update article name in test Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: hubwriter <hubwriter@github.com> Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: Jeff Saracco <jeffsaracco@github.com> Co-authored-by: skedwards88 <skedwards88@github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com> Co-authored-by: Meg Bird <megbird@github.com> Co-authored-by: Leona B. Campbell <3880403+runleonarun@users.noreply.github.com> Co-authored-by: Cynthia Rich <crichID@github.com> Co-authored-by: Cynthia Rich <crichID@users.noreply.github.com> Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: Jason Etcovitch <jasonetco@github.com>
12 KiB
title, intro, product, redirect_from, versions
| title | intro | product | redirect_from | versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| About GitHub Packages | {% data variables.product.prodname_registry %} is a software package hosting service that allows you to host your software packages privately or publicly and use packages as dependencies in your projects. | {% data reusables.gated-features.packages %} |
|
|
{% data reusables.package_registry.packages-ghes-release-stage %}
About {% data variables.product.prodname_registry %}
{% data variables.product.prodname_registry %} is a platform for hosting and managing packages, including containers and other dependencies. {% data variables.product.prodname_registry %} combines your source code and packages in one place to provide integrated permissions management and billing, so you can centralize your software development on {% data variables.product.product_name %}.
You can integrate {% data variables.product.prodname_registry %} with {% data variables.product.product_name %} APIs, {% data variables.product.prodname_actions %}, and webhooks to create an end-to-end DevOps workflow that includes your code, CI, and deployment solutions.
{% data variables.product.prodname_registry %} offers different package registries for commonly used packages, such as for Node, RubyGems, Apache Maven, Gradle, and Nuget.
{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_registry %} also offers a {% data variables.product.prodname_container_registry %} designed to support the unique needs of container images. For more information, see "About {% data variables.product.prodname_github_container_registry %}."
{% data reusables.package_registry.container-registry-beta %}
{% endif %}
Viewing packages
You can review the package's README, some metadata like licensing, download statistics, version history, and more on {% data variables.product.product_name %}. For more information, see "Viewing packages."
About package permissions and visibility
| Package registries | |
|---|---|
| Hosting locations | You can host multiple packages in one repository. |
| Permissions | Each package inherits the permissions of the repository where the package is hosted. For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version. |
| Visibility | {% data reusables.package_registry.public-or-private-packages %} |
{% if currentVersion == "free-pro-team@latest" %}
About billing for {% data variables.product.prodname_registry %}
{% data reusables.package_registry.packages-billing %} For more information, see "About billing for {% data variables.product.prodname_registry %}."
{% data reusables.package_registry.container-registry-beta-billing-note %} {% endif %}
Supported clients and formats
{% data variables.product.prodname_registry %} uses the native package tooling commands you're already familiar with to publish and install package versions.
Support for package registries
{% if currentVersion == "free-pro-team@latest" %}
Package registries use PACKAGE-TYPE.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME as the package host URL, replacing PACKAGE-TYPE with the Package namespace. For example, your Gemfile will be hosted at rubygems.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME.
{% else %}
The package types supported on {% data variables.product.product_location %} may vary since your site administrator can enable or disable support for different package types. For more information, see "Managing GitHub Packages for your enterprise."
If {% data variables.product.product_location %} has subdomain isolation enabled, then package registries will use PACKAGE-TYPE.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME as the package host URL, replacing PACKAGE-TYPE with the Package namespace. For example, your Dockerfile will be hosted at docker.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME.
If {% data variables.product.product_location %} has subdomain isolation disabled, then package registries will use HOSTNAME/_registry/PACKAGE-TYPE/OWNER/REPOSITORY/IMAGE-NAME as the package host URL. For example, your Gemfile will be hosted at HOSTNAME/_registry/rubygems/OWNER/REPOSITORY/IMAGE-NAME, replacing HOSTNAME with the host name of your {% data variables.product.prodname_ghe_server %} instance.
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
| Language | Description | Package format | Package client | Package namespace |
|---|---|---|---|---|
| JavaScript | Node package manager | package.json |
npm |
npm.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| Ruby | RubyGems package manager | Gemfile |
gem |
rubygems.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Apache Maven project management and comprehension tool | pom.xml |
mvn |
maven.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Gradle build automation tool for Java | build.gradle or build.gradle.kts |
gradle |
maven.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
| .NET | NuGet package management for .NET | nupkg |
dotnet CLI |
nuget.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME |
{% else %}
With subdomain isolation enabled on {% data variables.product.product_location %}:
| Language | Description | Package format | Package client | Package namespace |
|---|---|---|---|---|
| JavaScript | Node package manager | package.json |
npm |
npm.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| Ruby | RubyGems package manager | Gemfile |
gem |
rubygems.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Apache Maven project management and comprehension tool | pom.xml |
mvn |
maven.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Gradle build automation tool for Java | build.gradle or build.gradle.kts |
gradle |
maven.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| .NET | NuGet package management for .NET | nupkg |
dotnet CLI |
nuget.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
| N/A | Docker container management | Dockerfile |
Docker |
docker.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME |
With subdomain isolation disabled on {% data variables.product.product_location %}:
| Language | Description | Package format | Package client | Package namespace |
|---|---|---|---|---|
| JavaScript | Node package manager | package.json |
npm |
HOSTNAME/_registry/npm/OWNER/REPOSITORY/IMAGE-NAME |
| Ruby | RubyGems package manager | Gemfile |
gem |
HOSTNAME/_registry/rubygems/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Apache Maven project management and comprehension tool | pom.xml |
mvn |
HOSTNAME/_registry/maven/OWNER/REPOSITORY/IMAGE-NAME |
| Java | Gradle build automation tool for Java | build.gradle or build.gradle.kts |
gradle |
HOSTNAME/_registry/maven/OWNER/REPOSITORY/IMAGE-NAME |
| .NET | NuGet package management for .NET | nupkg |
dotnet CLI |
HOSTNAME/_registry/nuget/OWNER/REPOSITORY/IMAGE-NAME |
{% note %}
Note: Docker is not supported when subdomain isolation is disabled.
{% endnote %}
For more information about subdomain isolation, see "Enabling subdomain isolation."
{% endif %}
For more information about configuring your package client for use with {% data variables.product.prodname_registry %}, see "Package client guides for {% data variables.product.prodname_registry %}."
{% if currentVersion == "free-pro-team@latest" %} For more information about Docker and {% data variables.product.prodname_github_container_registry %}, see "Container guides for {% data variables.product.prodname_registry %}." {% endif %}
Authenticating to {% data variables.product.prodname_registry %}
{% data reusables.package_registry.authenticate-packages %}
About scopes and permissions for package registries
To use or manage a package hosted by a package registry, you must use a token with the appropriate scope, and your user account must have appropriate permissions for that repository.
For example:
- To download and install packages from a repository, your token must have the
read:packagesscope, and your user account must have read permissions for the repository. - To delete a specified version of a private package on {% data variables.product.product_name %}, your token must have the
delete:packagesandreposcope. Public packages cannot be deleted. For more information, see "Deleting a package."
| Scope | Description | Repository permissions |
|---|---|---|
read:packages |
Download and install packages from {% data variables.product.prodname_registry %} | read |
write:packages |
Upload and publish packages to {% data variables.product.prodname_registry %} | write |
delete:packages |
Delete specified versions of private packages from {% data variables.product.prodname_registry %} | admin |
repo |
Upload and delete packages (along with write:packages, or delete:packages) |
write, or admin |
When you create a {% data variables.product.prodname_actions %} workflow, you can use the GITHUB_TOKEN to publish and install packages in {% data variables.product.prodname_registry %} without needing to store and manage a personal access token.
For more information, see:
- "Using {% data variables.product.prodname_registry %} with {% data variables.product.prodname_actions %}"
- "Creating a personal access token"
- "Available scopes"
Managing packages
You can delete a version of a private package on {% data variables.product.product_name %} or using the GraphQL API. When you use the GraphQL API to query and delete private packages, you must use the same token you use to authenticate to {% data variables.product.prodname_registry %}. For more information, see "Deleting a package" and "Forming calls with GraphQL."
You can configure webhooks to subscribe to package-related events, such as when a package is published or updated. For more information, see the "package webhook event."
Contacting support
{% if currentVersion == "free-pro-team@latest" %} If you have feedback or feature requests for {% data variables.product.prodname_registry %}, use the feedback form for {% data variables.product.prodname_registry %}.
Contact {% data variables.contact.github_support %} about {% data variables.product.prodname_registry %} using our contact form if:
- You experience anything that contradicts the documentation
- You encounter vague or unclear errors
- Your published package contains sensitive data, such as GDPR violations, API Keys, or personally identifying information
{% else %} If you need support for {% data variables.product.prodname_registry %}, please contact your site administrators.
{% endif %}