Uncategorised1,775 views

Private NuGet Feed in Azure Pipelines with or without Docker

Posted by

There are a couple of ways you can connect to your Azure Private NuGet Feeds and depending on how you designed your application build pipeline here are some options:

Build using Azure Pipelines without Docker

If you build your dotnet application in Azure Pipelines, using the .NET Core step’s restore command DotNetCoreCLI@2, you don’t need to worry much because it automatically handles authentication to Azure Artifacts Feeds.

Build using Azure Pipelines with Docker or any containerization platform

If you’re using Docker to build or application in an isolated environment I found 2 ways of handling authentication to Azure Artifacts Feeds:

Azure Artifacts Credential Provider

Azure Artifacts Credential Provider is a tool provided by Microsoft and automates the process of acquiring the credentials needed to restore your NuGet packages.

Make sure you add to your nuget.config file the private repository source:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="MyPackages" value="YOUR PRIVATE FEED URL" />
  </packageSources>
</configuration>

Add to the Dockerfile:

ARG FEED_URL
ARG PAT

# download and install latest credential provider. Not required after https://github.com/dotnet/dotnet-docker/pull/891/commits
RUN wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash

# Optional: Sometimes the HTTP client hangs because of a .NEt issue. Setting this in Dockerfile helps 
ENV DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0

# Environment variable to enable seesion token cache. More on this here:
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true

# Make sure that you *do not* hard code the "PAT" here. That is a sensitive information and must not be checked in.
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS {\"endpointCredentials\": [{\"endpoint\":\"${FEED_URL}\", \"username\":\"ArtifactsDocker\", \"password\":\"${PAT}\"}]}

azure-pipelines.yaml

variables:
  tag: '$(Build.BuildId)'
  docker-registry: 'DOCKER REGISTRY'
  docker-repository: 'DOCKER REPOSITORY'
  feed-url: 'YOUR PRIVATE FEED URL'

- task: Docker@2
  displayName: Build and Publish Docker Image
  inputs:
    containerRegistry: $(docker-registry)
    repository: $(docker-repository)
    command: 'buildAndPush'
    Dockerfile: '**/Dockerfile'
    arguments: '--build-arg FEED_URL=$(feed-url) --build-arg TOKEN=$(System.AccessToken)'

Leave a Reply

Your email address will not be published. Required fields are marked *