jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-01 18:05:46 -05:00
Code Issues Projects Releases Wiki Activity
Files
8e35ec0fe260fd66509692d6f65c8cd2bcbf613c
docs/content/packages/learn-github-packages/about-github-packages.md
Melanie Yarbrough 91d3857341 [DO NOT MERGE] Universe 2020 Day 1: December 8, 2020 (#16480) 
* Update README

* [Universe] Dark mode (#16545)

* Dark mode updates (#16696)

* [Universe] Corporate sponsors (#16457)

* Dependency review beta (#16563)

* Add placeholder topic file

* Revert change I didn't make

I'm not sure where this change came from or why it's showing up in my PR here but I didn't make this change and it's not part of Dependency Review so I'm reverting it.

* Un-revert previous change

OK I see what happened there. I was comparing the PR to main rather than the Universe megabranch, hence it showed a change I didn't make.
This commit undoes the change I do not want to revert on the megabranch.

* Update image to add the Checks tab

* Finish updating topic to mention DR

* Fix check errors

* Fix another versioning error

* Add a sentence about supported ecosystems

* Add review changes

* Remove Further reading topics in same category

As suggested by James, I've removed the links to topics that are in the same `/collaborating-with-issues-and-pull-requests/` category as this topic.

* Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

* Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

* Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

* Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md

* Updates in the light of Maya's review

* Remove use of "exploit" in description

* Change 'dependency review summary' to 'dependency review'

See PR review comment from Maya.

* Mention that the age of the dependency is given

* Update screenshots to latest GUI

* Add details of dependency ordering within a DR

* Update content/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request.md

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

* Update content/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies.md

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

* Update content/github/visualizing-repository-data-with-graphs/about-the-dependency-graph.md

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>

* [Universe 2020] New audit log REST API endpoint (#16699)

* Minimal updates for preview

*  API previews 

* Update beta note

*  Update API previews 

*  Update previews 

* Add draft section for git events

* Clean API previews

* More fixes + API previews

* Address review comments + update API previews

* Mention cursor-based pagination

* Update content/rest/overview/resources-in-the-rest-api.md

Co-authored-by: Jeff Saracco <jeffsaracco@github.com>

* Temporarily revert API previews

* Small tweaks from review comments + API previews

* revert json schemas

* Updating OpenAPI descriptions (#16776)

* Updating OpenAPI descriptions

* Add decorated OpenAPI schema files

Co-authored-by: Jeff Saracco <jeffsaracco@github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>

* [Universe 2020] GitHub Actions: Workflow visualization (#16629)

* initial empty commit

* replace image used only for dotcom

* add new image and version usage

* add new image and version usage

* add new image and version usage

* add new image and version usage, delete unneeded image

* add new image and version usage, fix incorrect image

* add new image and version usage

* add new image and version usage

* add new image and version usage

* add new image and version usage

* update screenshot update

* add new image and version usage

* add new image and version usage

* update text

* update images and fix list numbering

* add step with graph

* Add missing versioning

* add overview of visualization

* fix title to match filename

* add beta note

* update wording

* Restructuring packages (#16731)

* restructuring packages

* moving more content

* moving more content

* fixing the toc for guides

* removing CR from the landing page

* adjusting qs

* updating npm

* enhancing guides

* Update updating-github-insights.md

* fixing link problems

* fixing link problems

* redirecting the redirects

* another change

* fixing the guides landing page

* add packages quickstart

* moving CR content

* adding some descriptive text

* add packages landing page

* adding guide content back

* update popular articles based on data

* fix caps on product name

* try removing product from front matter

* Update content/packages/quickstart.md

Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>

* Update content/packages/quickstart.md

Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>

* add node package instructions to quickstart

* fixing links and adding redirect

* fixing redirects

* renaming to container guides

* renaming to container guides and fixing reusables

* adding context and about section to CR

* removign landign page extra titles and descriptions

* reverting the packages

* updating link

* Apply suggestions from code review

Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>

* updating

* update test to reflect redesigned product landing page

* Add private vs public clarification

* Fix borked test

* filter out standalone category files from test

Co-authored-by: Cynthia Rich <crichID@github.com>
Co-authored-by: Cynthia Rich <crichID@users.noreply.github.com>
Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: Jason Etcovitch <jasonetco@github.com>

* Add discussions video
See https://github.com/github/docs-internal/pull/16759

* Remove typos

* update article name in test

Co-authored-by: Laura Coursen <lecoursen@github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: hubwriter <hubwriter@github.com>
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-authored-by: Jeff Saracco <jeffsaracco@github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
Co-authored-by: Meg Bird <megbird@github.com>
Co-authored-by: Leona B. Campbell <3880403+runleonarun@users.noreply.github.com>
Co-authored-by: Cynthia Rich <crichID@github.com>
Co-authored-by: Cynthia Rich <crichID@users.noreply.github.com>
Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: Jason Etcovitch <jasonetco@github.com>
2020-12-08 12:20:02 -05:00

167 lines
12 KiB
Markdown
Raw Blame History

---
title: About GitHub Packages
intro: '{% data variables.product.prodname_registry %} is a software package hosting service that allows you to host your software packages privately or publicly and use packages as dependencies in your projects.'
product: '{% data reusables.gated-features.packages %}'
redirect_from:
- /articles/about-github-package-registry
- /github/managing-packages-with-github-package-registry/about-github-package-registry
- /github/managing-packages-with-github-packages/about-github-packages
- /packages/publishing-and-managing-packages/about-github-packages
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
---
{% data reusables.package_registry.packages-ghes-release-stage %}
### About {% data variables.product.prodname_registry %}
{% data variables.product.prodname_registry %} is a platform for hosting and managing packages, including containers and other dependencies. {% data variables.product.prodname_registry %} combines your source code and packages in one place to provide integrated permissions management and billing, so you can centralize your software development on {% data variables.product.product_name %}.
You can integrate {% data variables.product.prodname_registry %} with {% data variables.product.product_name %} APIs, {% data variables.product.prodname_actions %}, and webhooks to create an end-to-end DevOps workflow that includes your code, CI, and deployment solutions.
{% data variables.product.prodname_registry %} offers different package registries for commonly used packages, such as for Node, RubyGems, Apache Maven, Gradle, and Nuget.
{% if currentVersion == "free-pro-team@latest" %}
{% data variables.product.prodname_registry %} also offers a {% data variables.product.prodname_container_registry %} designed to support the unique needs of container images. For more information, see "[About {% data variables.product.prodname_github_container_registry %}](/packages/guides/about-github-container-registry)."
{% data reusables.package_registry.container-registry-beta %}
![Diagram showing Node, RubyGems, Apache Maven, Gradle, Nuget, and the container registry with their hosting urls](/assets/images/help/package-registry/packages-overview-diagram.png)
{% endif %}
#### Viewing packages
You can review the package's README, some metadata like licensing, download statistics, version history, and more on {% data variables.product.product_name %}. For more information, see "[Viewing packages](/packages/manage-packages/viewing-packages)."
#### About package permissions and visibility
| | Package registries |
|----|----|
| Hosting locations | You can host multiple packages in one repository. |
| Permissions | Each package inherits the permissions of the repository where the package is hosted. <br> <br> For example, anyone with read permissions for a repository can install a package as a dependency in a project, and anyone with write permissions can publish a new package version. |
| Visibility | {% data reusables.package_registry.public-or-private-packages %} |
{% if currentVersion == "free-pro-team@latest" %}
### About billing for {% data variables.product.prodname_registry %}
{% data reusables.package_registry.packages-billing %} For more information, see "[About billing for {% data variables.product.prodname_registry %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages)."
{% data reusables.package_registry.container-registry-beta-billing-note %}
{% endif %}
### Supported clients and formats
{% data variables.product.prodname_registry %} uses the native package tooling commands you're already familiar with to publish and install package versions.
#### Support for package registries
{% if currentVersion == "free-pro-team@latest" %}
Package registries use `PACKAGE-TYPE.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME` as the package host URL, replacing `PACKAGE-TYPE` with the Package namespace. For example, your Gemfile will be hosted at `rubygems.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`.
{% else %}
The package types supported on {% data variables.product.product_location %} may vary since your site administrator can enable or disable support for different package types. For more information, see "[Managing GitHub Packages for your enterprise](/enterprise/admin/packages)."
If {% data variables.product.product_location %} has subdomain isolation enabled, then package registries will use `PACKAGE-TYPE.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME` as the package host URL, replacing `PACKAGE-TYPE` with the Package namespace. For example, your Dockerfile will be hosted at `docker.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`.
If {% data variables.product.product_location %} has subdomain isolation disabled, then package registries will use `HOSTNAME/_registry/PACKAGE-TYPE/OWNER/REPOSITORY/IMAGE-NAME` as the package host URL. For example, your Gemfile will be hosted at `HOSTNAME/_registry/rubygems/OWNER/REPOSITORY/IMAGE-NAME`, replacing *HOSTNAME* with the host name of your {% data variables.product.prodname_ghe_server %} instance.
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
| Language | Description | Package format | Package client | Package namespace |
| --- | --- | --- | --- | --- |
| JavaScript | Node package manager | `package.json` | `npm` | `npm.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`
| Ruby | RubyGems package manager | `Gemfile` | `gem` | `rubygems.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`
| Java | Apache Maven project management and comprehension tool | `pom.xml` | `mvn` | `maven.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`
| Java | Gradle build automation tool for Java | `build.gradle` or `build.gradle.kts` | `gradle` | `maven.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`
| .NET | NuGet package management for .NET | `nupkg` | `dotnet` CLI | `nuget.pkg.github.com/OWNER/REPOSITORY/IMAGE-NAME`
{% else %}
With subdomain isolation enabled on {% data variables.product.product_location %}:
| Language | Description | Package format | Package client | Package namespace |
| --- | --- | --- | --- | --- |
| JavaScript | Node package manager | `package.json` | `npm` | `npm.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`
| Ruby | RubyGems package manager | `Gemfile` | `gem` | `rubygems.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`
| Java | Apache Maven project management and comprehension tool | `pom.xml` | `mvn` | `maven.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`
| Java | Gradle build automation tool for Java | `build.gradle` or `build.gradle.kts` | `gradle` | `maven.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`
| .NET | NuGet package management for .NET | `nupkg` | `dotnet` CLI | `nuget.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`
| N/A | Docker container management | `Dockerfile` | `Docker` | `docker.HOSTNAME/OWNER/REPOSITORY/IMAGE-NAME`
With subdomain isolation disabled on {% data variables.product.product_location %}:
| Language | Description | Package format | Package client | Package namespace |
| --- | --- | --- | --- | --- |
| JavaScript | Node package manager | `package.json` | `npm` | `HOSTNAME/_registry/npm/OWNER/REPOSITORY/IMAGE-NAME`
| Ruby | RubyGems package manager | `Gemfile` | `gem` | `HOSTNAME/_registry/rubygems/OWNER/REPOSITORY/IMAGE-NAME`
| Java | Apache Maven project management and comprehension tool | `pom.xml` | `mvn` | `HOSTNAME/_registry/maven/OWNER/REPOSITORY/IMAGE-NAME`
| Java | Gradle build automation tool for Java | `build.gradle` or `build.gradle.kts` | `gradle` | `HOSTNAME/_registry/maven/OWNER/REPOSITORY/IMAGE-NAME`
| .NET | NuGet package management for .NET | `nupkg` | `dotnet` CLI | `HOSTNAME/_registry/nuget/OWNER/REPOSITORY/IMAGE-NAME`
{% note %}
**Note:** Docker is not supported when subdomain isolation is disabled.
{% endnote %}
For more information about subdomain isolation, see "[Enabling subdomain isolation](/enterprise/admin/configuration/enabling-subdomain-isolation)."
{% endif %}
For more information about configuring your package client for use with {% data variables.product.prodname_registry %}, see "[Package client guides for {% data variables.product.prodname_registry %}](/packages/guides/package-client-guides-for-github-packages)."
{% if currentVersion == "free-pro-team@latest" %}
For more information about Docker and {% data variables.product.prodname_github_container_registry %}, see "[Container guides for {% data variables.product.prodname_registry %}](/packages/guides/container-guides-for-github-packages)."
{% endif %}
### Authenticating to {% data variables.product.prodname_registry %}
{% data reusables.package_registry.authenticate-packages %}
### About scopes and permissions for package registries
To use or manage a package hosted by a package registry, you must use a token with the appropriate scope, and your user account must have appropriate permissions for that repository.
For example:
- To download and install packages from a repository, your token must have the `read:packages` scope, and your user account must have read permissions for the repository.
- To delete a specified version of a private package on {% data variables.product.product_name %}, your token must have the `delete:packages` and `repo` scope. Public packages cannot be deleted. For more information, see "[Deleting a package](/packages/manage-packages/deleting-a-package)."
| Scope | Description | Repository permissions |
| --- | --- | --- |
|`read:packages`| Download and install packages from {% data variables.product.prodname_registry %} | read |
|`write:packages`| Upload and publish packages to {% data variables.product.prodname_registry %} | write |
| `delete:packages` | Delete specified versions of private packages from {% data variables.product.prodname_registry %} | admin |
| `repo` | Upload and delete packages (along with `write:packages`, or `delete:packages`) | write, or admin |
When you create a {% data variables.product.prodname_actions %} workflow, you can use the `GITHUB_TOKEN` to publish and install packages in {% data variables.product.prodname_registry %} without needing to store and manage a personal access token.
For more information, see:
- "[Using {% data variables.product.prodname_registry %} with {% data variables.product.prodname_actions %}](/packages/using-github-packages-with-your-projects-ecosystem/)"
- "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token/)"
- "[Available scopes](/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#available-scopes)"
### Managing packages
You can delete a version of a private package on {% data variables.product.product_name %} or using the GraphQL API. When you use the GraphQL API to query and delete private packages, you must use the same token you use to authenticate to {% data variables.product.prodname_registry %}. For more information, see "[Deleting a package](/packages/manage-packages/deleting-a-package)" and "[Forming calls with GraphQL](/graphql/guides/forming-calls-with-graphql)."
You can configure webhooks to subscribe to package-related events, such as when a package is published or updated. For more information, see the "[`package` webhook event](/webhooks/event-payloads/#package)."
### Contacting support
{% if currentVersion == "free-pro-team@latest" %}
If you have feedback or feature requests for {% data variables.product.prodname_registry %}, use the [feedback form for {% data variables.product.prodname_registry %}](https://support.github.com/contact/feedback?contact%5Bcategory%5D=github-packages).
Contact {% data variables.contact.github_support %} about {% data variables.product.prodname_registry %} using [our contact form](https://support.github.com/contact?form%5Bsubject%5D=Re:%20GitHub%20Packages) if:
* You experience anything that contradicts the documentation
* You encounter vague or unclear errors
* Your published package contains sensitive data, such as GDPR violations, API Keys, or personally identifying information
{% else %}
If you need support for {% data variables.product.prodname_registry %}, please contact your site administrators.
{% endif %}
Reference in New Issue View Git Blame Copy Permalink