I am trying to set up Dependabot to automatically check my private registries for updates. I'm successful with authentication, and dependabot looks at my xml for my package, but when it tries to find the JAR's it fails with a 404. This is my dependabot configuration:
version: 2
registries:
artifact-registry:
type: maven-repository
url: "https://{region}-maven.pkg.dev/{project}/{repo}/"
username: "_json_key_base64"
password: ${{ secrets.ARTIFACT_REGISTRY_READER_B64 }}
maven-central:
type: maven-repository
url: "https://repo1.maven.org/maven2/"
updates:
- package-ecosystem: "maven" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "daily"
registries:
- artifact-registry
- maven-central
But in the logs, I am getting this:
404 https://{region}-maven.pkg.dev:443/{project}/{repo}/com/{org}/{repo}/1.24-SNAPSHOT/{repo}-1.24-SNAPSHOT.jar
and if I visit it directly (after authenticating with user and pass) i get the following:
{
"error": "Requested entity was not found."
}
For all my other packages (that arent in a private repo), dependabot can find the jars just fine when looking at "https://repo1.maven.org/maven2/".
TLDR: Why can't dependabot find my JAR's for a private, maven repository hosted on Artifact Registry?
Based on this documentation on Cloud Build 4xx client errors, this could indicate that the build request is not successful presumably by fault of the user sending the request.
Please check the build logs if it contains more information regarding the error. Here are some of the common causes:
If the aforementioned steps didn't work or were not applicable, you may file a bug through the Google Cloud issue tracker so that Google Cloud engineers could take a look at this. This doesn't have a specific ETA but you can keep track of its progress once the ticket has been created.