artifacts-credprovider | Azure Artifacts Credential Provider enables dotnet | DevOps library
kandi X-RAY | artifacts-credprovider Summary
kandi X-RAY | artifacts-credprovider Summary
# Azure Artifacts Credential Provider. The Azure Artifacts Credential Provider automates the acquisition of credentials needed to restore NuGet packages as part of your .NET development workflow. It integrates with MSBuild, dotnet, and NuGet(.exe) and works on Windows, Mac, and Linux. Any time you want to use packages from an Azure Artifacts feed, the Credential Provider will automatically acquire and securely store a token on behalf of the NuGet client you're using.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of artifacts-credprovider
artifacts-credprovider Key Features
artifacts-credprovider Examples and Code Snippets
Community Discussions
Trending Discussions on artifacts-credprovider
QUESTION
I have a few Dockerfiles that are dependant on a "pat" (Personal Access Token) file to be able to access a private nuget feed. I have taken some inspiration from somakdas to get this working.
To run my single Dockerfile I first create a "pat" file containing my token and build with docker build -f Services/User.API/Dockerfile -t userapi:dev --secret id=pat,src=pat .
This works as intended, but my issue is getting this to work using a docker-compose.yml file.
First I took a look at using docker-compose secrets, but it came to my attention that docker-compose secrets are access at runtime, not build-time. https://github.com/docker/compose/issues/6358
So now I'm trying to create a volume containing my pat file but I get cat: /pat: No such file or directory when the command RUN --mount=type=secret... is running. This may not be secure but it will only be running locally.
My Dockerfile
...ANSWER
Answered 2022-Feb-10 at 16:39I solved this by attacking the problem in a different way. As the main goal was to get this working locally I created Dockerfile.Local and docker-compose.local.yml. Together with this I created an .env file containing the "pat".
The docker-compose.local.yml passes the "pat" as an argument to the Dockerfile.Local where it's used. I also discarded --mount=type=secret and set the value to VSS_NUGET_EXTERNAL_FEED_ENDPOINTS directly.
.env file:
QUESTION
Why is docker build corrupting the JSON in $VSS_NUGET_EXTERNAL_FEED_ENDPOINTS?
I am using this article (spefically example 2 which uses Buildkit and docker build secrets) to help populate my Dockerfile. The process will:
- pass a PAT during
docker build, - mount the PAT as a secret,
- export an escaped JSON string using the secret (via
cat /pat) to ENV, and- ^^^ the above JSON is corrupt ^^^
- use the env variable to call a NuGet private feed before
- making a
dotnet restorerequest.
The bash command in question is:
...ANSWER
Answered 2021-Nov-24 at 03:30As per the advice from @glenn jackman and @dan in the comments, I found the /pat file had a newline at the end of the file. Deleting the newline solved the json problem.
QUESTION
I have been trying to get docker to pull from a private nuget feed which is hosted within Azure Devops, but I consistently get a 401 unauthorized error. I have looked a numerous other answers and resources, but all of which have not helped. My dockerfile script is the following
...ANSWER
Answered 2020-Dec-09 at 20:29You can check out below workarounds without using NuGet credential plugin.
1, Use dotnet cli to add credentials to the nuget source in your docker file. And then pass the $PAT in the build arguments (ie. --build-arg PAT=$PAT ):
QUESTION
Using Docker locally to perform a build using my project's .dockerfile, I'm having trouble getting access to our private ADO Artifacts with a 401 Unauthorized.
I've generated a PAT for my ADO account with "Packaging (Read)" across all accessible organizations and it has not expired.
This works in the ADO Build Pipeline using the "npmAuthenticate" task and pointing it to the project's .npmrc, but locally, Docker fails to authenticate.
ANSWER
Answered 2020-Dec-08 at 00:53This is the base "devtools" image I've used in the past for authenticating to private Azure DevOps NuGet and NPM feeds. The PAT needs to be Base64 encoded for NPM, but not for NuGet. It's a little weird. I can't guarantee there's not a better way to do this.
QUESTION
I am currently experimenting with using Docker for our build process to make it easy to reproduce build results from any developer machine/server.
The complication is that I have several private packages my software depends on, which requires me to a variable to the build script before restoring packages. This in turn causes docker to not use the cached output of the nuget restore step.
Environment is Windows Containers, .Net Framework 4.8 code.
My (simplified) Dockerfile:
...ANSWER
Answered 2020-Nov-01 at 11:20Executing two passes of nuget restore seems like the best available approach to me. As you mentioned the first execution will return a non-zero exit code because of the restore failure for the private feed which will cause the Docker build to fail. There are techniques amongst the various shells for compensating for a non-zero exit code when you want the exit code to be zero. This allows Docker build to proceed even if the nuget restore command resulted in an error.
These are examples of how this can be done in various shells:
Windows CMD shellQUESTION
I have found a few articles, and posts on this forum, relating to the issue of an Azure private artifact feeds not able to be authorized when building an image with the Docker build task in Azure, which is understandable.
So, I have put together a Dockerfile that mirrors the online examples:
ANSWER
Answered 2020-Oct-08 at 08:31You may try the following format to see whether it works:
QUESTION
Is there a good way to create an authentication mechanism to Devops to be able to access the artifact NuGet feed? I would like to create a base image for my team that would allow them to just pull an image from our Azure Container Registry that has access to our devops nuget feed. Ideally people wouldn't have to have the same stock dockerfile code in every single project that grabs a PAT from their host build system. This would also allow us to CICD this a little more nicely.
My current solution
...ANSWER
Answered 2020-Jul-30 at 05:42I would like to create a base image for my team that would allow them to just pull an image from our Azure Container Registry that has access to our devops nuget feed.
You can include the credentials inside your image to achieve this, But for security concern, you've better add some extra steps or codes to pass the credentials from outside the image.
Based on your current solution, you can use the system predefined variable $(System.AccessToken) to get the security token in the azure devops CICD pipeline. Then in the docker build task, you pass the access token to the ARG IT_PAT as arguement,
--build-arg IT_PAT=$(System.AccessToken)
Besides using the NuGet credential plugin, You can also use the dotnet cli to add credentials to the nuget source. And then pass the $(System.AccessToken) in the build arguements. See below:
QUESTION
I'm using Azure DevOps and would like to run dotnet tool restore --interactive in my Build Pipeline. In my code repo, there is nuget.config as follows. The file has a private feed hosted in Azure Artifact in addition to nuget.org.
ANSWER
Answered 2020-Jan-19 at 15:01You can't use the flag --interactive in a build pipeline, because this flag except to get an output from the user during the execution.
You can use the default restore option in the .Net core task:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install artifacts-credprovider
Using the above is recommended, but as per NuGet's plugin discovery rules, alternatively you can install the credential provider to a location you prefer, and then set the environment variable NUGET_PLUGIN_PATHS to the .exe of the credential provider found in plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe. For example, $env:NUGET_PLUGIN_PATHS="my-alternative-location\CredentialProvider.Microsoft.exe". Note that if you are using both nuget and dotnet, this environment variable is not recommended due to this issue: https://github.com/NuGet/Home/issues/8151.
To install netcore, run installcredprovider.ps1 e.g. iex "& { $(irm https://aka.ms/install-artifacts-credprovider.ps1) }"
To install both netfx and netcore, run installcredprovider.ps1 -AddNetfx. The netfx version is needed for nuget.exe. e.g. iex "& { $(irm https://aka.ms/install-artifacts-credprovider.ps1) } -AddNetfx"
Download the latest release of Microsoft.NuGet.CredentialProvider.zip
Unzip the file
Copy the netcore (and netfx for nuget.exe) directory from the extracted archive to $env:UserProfile\.nuget\plugins (%UserProfile%/.nuget/plugins/)
Note: this script only installs the netcore version of the plugin. If you need to have it working with mono msbuild, you will need to download the version with both netcore and netfx binaries following the steps in Manual installation on Linux and Mac. Using the above is recommended, but as per NuGet's plugin discovery rules, alternatively you can install the credential provider to a location you prefer, and then set the environment variable NUGET_PLUGIN_PATHS to the .dll of the credential provider found in plugins\netcore\CredentialProvider.Microsoft\CredentialProvider.Microsoft.dll. For example, $env:NUGET_PLUGIN_PATHS="my-alternative-location\CredentialProvider.Microsoft.dll".
wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash
sh -c "$(curl -fsSL https://aka.ms/install-artifacts-credprovider.sh)"
Download the latest release of Microsoft.NuGet.CredentialProvider.tar.gz
Untar the file
Copy the netcore (and 'netfx' for msbuild /t:restore command) directory from the extracted archive to $HOME/.nuget/plugins
Use the NuGet Authenticate task before running NuGet, dotnet or MSBuild commands that need authentication. If you're running the command as part of an automated build on an unattended build agent outside of Azure DevOps Pipelines, you can supply an access token directly using the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable. The use of Personal Access Tokens is recommended. You may need to restart the agent service or the computer before the environment variables are available to the agent.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
