我在 GitHub 上托管了一个存储库,用于构建 NuGet 包并将其发布到 NuGet 托管的私有源。如果我使用 GitHub Actions 创建工作流程,那么我可以毫无问题地使用 NuGet 包。
我遇到的问题是,我试图从 Azure DevOps 实例中运行的管道中使用该 NuGet 包。我在 Azure DevOps 中创建了一个名为
github-nugettrigger: none
resources:
- repo: self
stages:
- stage: Packaging
jobs:
- job: buildAndPackage
steps:
- task: NuGetAuthenticate@1
inputs:
nuGetServiceConnections: 'github-nuget'
- script: >-
docker build
--build-arg NUGET_GITHUBUSER=doesnt-really-matter
--build-arg NUGET_GITHUBTOKEN=$(VSS_NUGET_ACCESSTOKEN)
--tag my-api:$(Build.BuildNumber)
--file api/src/MyProject.Web/Dockerfile .
然后在我的 Dockerfile 中,我的构建阶段如下:
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG NUGET_GITHUBUSER
ARG NUGET_GITHUBTOKEN
ENV NUGET_GITHUBUSER=${NUGET_GITHUBUSER}
ENV NUGET_GITHUBTOKEN=${NUGET_GITHUBTOKEN}
WORKDIR /src
COPY ["api/src/MyProject.Web/MyProject.Web.csproj", "api/src/MyProject.Web/"]
COPY ["nuget.config", "/"]
RUN dotnet nuget update source github --username ${NUGET_GITHUBUSER} --password ${NUGET_GITHUBTOKEN} --store-password-in-clear-text --valid-authentication-types basic
RUN dotnet restore "api/src/MyProject.Web/MyProject.Web.csproj"
COPY . .
WORKDIR "/src/api/src/MyProject.Web"
RUN dotnet build "MyProject.Web.csproj" -c Release -o /app/build --no-restore
尝试从私有源检索 NuGet 包时构建失败:
#43 [build 34/38] RUN dotnet nuget update source github --username anyone --password *** --store-password-in-clear-text --valid-authentication-types basic
#43 0.492 Package source "github" was successfully updated.
#43 DONE 0.7s
#44 [build 35/38] RUN dotnet restore "api/src/MyProject.Web/MyProject.Web.csproj"
#44 1.332 Determining projects to restore...
#44 4.554 /usr/share/dotnet/sdk/8.0.403/NuGet.targets(174,5): warning : Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured. [/src/api/src/MyProject.Web/MyProject.Web.csproj]
#44 4.571 Retrying 'FindPackagesByIdAsync' for source 'https://nuget.pkg.github.com/my-org/download/my.shared.package/index.json'.
#44 4.571 Response status code does not indicate success: 401 (Unauthorized).
有什么想法吗?在我看来,
NuGetAuthenticateNuGetAuthenticateInstalling the Azure Artifacts Credential Provider (.NET Core) to '/home/vsts/.nuget/plugins/netcore/CredentialProvider.Microsoft'. This credential provider is compatible with .NET SDK 6 or later.
Setting up the credential provider to use the identity 'MyProject.API Build Service (my-org)' for feeds in your organization/collection starting with:
https://pkgs.dev.azure.com/my-org/
https://my-org.pkgs.visualstudio.com/
Setting up the credential provider for these service connections:
https://nuget.pkg.github.com/my-org/index.json
Finishing: Authenticate private NuGet feed
我可以在使用 YAML 示例时重现类似的问题。
当 Nuget 身份验证任务对外部资源进行身份验证时,其输出变量不是有效的 Github PAT/密码。因此,它不能直接用于更新Nuget配置文件中的Nuget源。
解决这个问题,可以参考以下两种方法:
方法一:如果需要继续使用nuget.config文件设置github源。您需要跳过使用 NuGetAuthenticate 任务并使用 github PAT 运行
dotnet nuget update这是一个示例:您需要在 Pipeline 中手动将 Github PAT 设置为秘密变量。
stages:
- stage: Packaging
jobs:
- job: buildAndPackage
steps:
- script: >-
docker build
--build-arg NUGET_GITHUBUSER=doesnt-really-matter
--build-arg NUGET_GITHUBTOKEN=$(GithubPAT)
--tag my-api:$(Build.BuildNumber)
--file api/src/MyProject.Web/Dockerfile .
Dockerfile 示例:
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG NUGET_GITHUBUSER
ARG NUGET_GITHUBTOKEN
ENV NUGET_GITHUBUSER=${NUGET_GITHUBUSER}
ENV NUGET_GITHUBTOKEN=${NUGET_GITHUBTOKEN}
WORKDIR /src
COPY ["api/src/MyProject.Web/MyProject.Web.csproj", "api/src/MyProject.Web/"]
COPY ["nuget.config", "/"]
RUN dotnet nuget update source github --username ${NUGET_GITHUBUSER} --password ${NUGET_GITHUBTOKEN} --store-password-in-clear-text --valid-authentication-types basic --configfile /nuget.config
RUN dotnet restore "api/src/MyProject.Web/MyProject.Web.csproj" --configfile /nuget.config
COPY . .
WORKDIR "/src/api/src/MyProject.Web"
RUN dotnet build "MyProject.Web.csproj" -c Release -o /app/build --no-restore
方法2:如果您想继续使用NuGetAuthenticate任务,您可以使用docker文件中的
VSS_NUGET_EXTERNAL_FEED_ENDPOINTS步骤如下:
Step1:删除Nuget.config文件中的github源。
Step2:删除 docker 文件中的以下行:
RUN dotnet nuget update source github --username ${NUGET_GITHUBUSER} --password ${NUGET_GITHUBTOKEN} --store-password-in-clear-text --valid-authentication-types basic
Step2:将以下行添加到 docker 文件中:
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://nuget.pkg.github.com/my-org/index.json\", \"username\":\"docker\", \"password\":\"${NUGET_GITHUBTOKEN}\"}]}"
Dockerfile:
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG NUGET_GITHUBUSER
ARG NUGET_GITHUBTOKEN
ENV NUGET_GITHUBUSER=${NUGET_GITHUBUSER}
ENV NUGET_GITHUBTOKEN=${NUGET_GITHUBTOKEN}
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://nuget.pkg.github.com/my-org/index.json\", \"username\":\"docker\", \"password\":\"${NUGET_GITHUBTOKEN}\"}]}"
WORKDIR /src
COPY ["api/src/MyProject.Web/MyProject.Web.csproj", "api/src/MyProject.Web/"]
COPY ["nuget.config", "/"]
RUN dotnet restore "api/src/MyProject.Web/MyProject.Web.csproj"
COPY . .
WORKDIR "/src/api/src/MyProject.Web"
RUN dotnet build "MyProject.Web.csproj" -c Release -o /app/build --no-restore
管道样品:
trigger: none
resources:
- repo: self
stages:
- stage: Packaging
jobs:
- job: buildAndPackage
steps:
- task: NuGetAuthenticate@1
inputs:
nuGetServiceConnections: 'github-nuget'
- script: >-
docker build
--build-arg NUGET_GITHUBUSER=doesnt-really-matter
--build-arg NUGET_GITHUBTOKEN=$(VSS_NUGET_ACCESSTOKEN)
--tag my-api:$(Build.BuildNumber)
--file api/src/MyProject.Web/Dockerfile .
在这种情况下,您可以保留 Pipeline 中的当前设置,它将使用 github 源来恢复包。