Azure DevOps private nuget repo Unauthorized when building with docker
I stumbled across this post.(ref: solution @ the bottom)
Basically, change the PAT Organization to "All accessible organizations" AND scroll through the permission\security sections and set the following:
- Build (Artifacts, definitions, requests, queue a build, and updated build properties): Read
- Connected server (Access endpoints): Connected server
- Packaging (Create, read, update, and delete feeds and packages): Read
(Not sure if all of these are required.)
Docker File:
FROM mcr.microsoft.com/dotnet/core/aspnet:2.2-stretch-slim AS baseWORKDIR /appFROM mcr.microsoft.com/dotnet/core/sdk:2.2-stretch AS buildWORKDIR /src# The Personal Access Token argARG PAT# Set environment variablesENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED trueENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS '{"endpointCredentials":[{"endpoint":"https://pkgs.dev.azure.com/ORG/_packaging/FEEDNAME/nuget/v3/index.json","username":"USERNAME","password":"'${PAT}'"}]}'# Get and install the Artifact Credential providerRUN wget -O - https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bashCOPY ["PROJECTNAME.csproj", "./"]RUN dotnet restore -s "https://pkgs.dev.azure.com/ ORG /_packaging/ FEEDNAME /nuget/v3/index.json" -s "https://api.nuget.org/v3/index.json"COPY . ./WORKDIR /srcRUN dotnet build " PROJECTNAME.csproj" -c Release -o /appFROM build AS publishRUN dotnet publish --no-restore " PROJECTNAME.csproj" -c Release -o /appFROM base AS finalWORKDIR /appCOPY --from=publish /app .ENTRYPOINT ["dotnet", " PROJECTNAME.dll"]
docker command:
docker build -t BUILDNAME:local . --build-arg PAT=xxxxxxxxxxxxxxxxxxxxxxxxx
Previously we were using a nuget.config file with credentials\PAT and this was working. I have no idea what changed to cause it to stop. If anyone had an idea pls post.
you need to force dotnet restore
to use your config file:
RUN dotnet restore "MyProject/MyProject.csproj" --configfile Nuget.Config
alternatively you can do something like this in your dockerfile:
# Add Environment Variables references for access private Azure Artifacts Repository# Use --build-arg <ARG> to pass this in.ARG TOKENPASSARG TOKENUSERARG NUGET_ENDPOINT# Fetch Azure Artifacts "Magic" credentials providersRUN wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash# Needs to be enabled to fetch the private repository credentials for NuGet restore.ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED trueENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"$NUGET_ENDPOINT\", \"username\":\"$TOKENUSER\", \"password\":\"$TOKENPASS\"}]}"# Workaround of some kind to help Azure Artifact Private repository image collection.ENV DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER 0
and use docker build with --build-arg TOKENPASS=$(TOKENPASS) --build-arg TOKENUSER=$(TOKENUSER) --build-arg NUGET_ENDPOINT=$(NUGET_ENDPOINT)