发表新帖
发表新帖

Azure Devops nuget artifact feed and docker

前端 未结
关注
2 1819
一生所求
一生所求 2021-01-28 03:30

Is there a good way to create an authentication mechanism to Devops to be able to access the artifact NuGet feed? I would like to create a base image for my team that would allo

相关标签:
2条回答
  • 清歌不尽
    2021-01-28 04:00

    I would like to create a base image for my team that would allow them to just pull an image from our Azure Container Registry that has access to our devops nuget feed.

    You can include the credentials inside your image to achieve this, But for security concern, you've better add some extra steps or codes to pass the credentials from outside the image.

    Based on your current solution, you can use the system predefined variable $(System.AccessToken) to get the security token in the azure devops CICD pipeline. Then in the docker build task, you pass the access token to the ARG IT_PAT as arguement,

    --build-arg IT_PAT=$(System.AccessToken)

    Besides using the NuGet credential plugin, You can also use the dotnet cli to add credentials to the nuget source. And then pass the $(System.AccessToken) in the build arguements. See below:

    ARG PAT
COPY . .
RUN dotnet nuget add source "your-source-url" --name "source-name" --username "useless" --password "$PAT" --store-password-in-clear-text
RUN dotnet restore

    Another workaround is to include the nuget.config in the build context. But you need to include a nuget.config file without the credentials first, and then add an extra nuget task to add the credentials to the config file. Then copy the nuget.config in your docker file . See below:

    Add a nuget task to run below custom command to add the credentials to the nuget.config file.

    sources Add -Name "MyPackages" -Source "https://my.pkgs.visualstudio.com/_packaging/MyPackages/nuget/v3/index.json" -username any -password $(System.AccessToken) -ConfigFile Source/Nuget.config -StorePasswordInClearText

    Copy the nuget.config in the docker file, Donot forget to delete the nuget.config file when the restore is complete:

    COPY *.csproj .
COPY ./nuget.config .
RUN dotnet restore
RUN rm nuget.config

    If you are using Yaml based pipeline. You can also check out container jobs. Then you use your private container by setting up the container endpoints. And then you can directly use the restore tasks in your pipeline. See below example, the nuget restore task will run in your private container, and it can access to your azure feeds directly by specifying attribute vstsFeed to your nuget feed:

    When you specify a container in your pipeline, the agent will first fetch and start the container. Then, each step of the job will run inside the container.

    container:
  image: myprivate/registry:ubuntu1604
  endpoint: private_dockerhub_connection

steps:
- task: NuGetCommand@2
  inputs:
    command: 'restore'
    feedsToUse: 'select'
    vstsFeed: 'my-azure-nuget-feed'
    restoreSolution: '**/*.sln'

    For more information you can check out this thread.

    0 讨论(0)
  • 攒了一身酷
    2021-01-28 04:18

    YAML

    1. Run NuGetAuthenticate task to add VSS_NUGET_ACCESSTOKEN to environment variables (more info)
    2. Pass token to Docker task as an argument
    - task: NuGetAuthenticate@0

- task: Docker@2
  displayName: 'build docker image'
  inputs:
    command: build
    containerRegistry: 'happycodeacr'
    repository: 'hc-app-sample-api-dev'
    buildContext: '$(Pipeline.Workspace)/app'
    Dockerfile: '$(Pipeline.Workspace)/app/src/HappyCode.Api/Dockerfile'
    arguments: '--build-arg FEED_ACCESSTOKEN=$(VSS_NUGET_ACCESSTOKEN)'
    tags: |
      latest
      $(Build.BuildId)

    Dockerfile

    1. Download and install artifacts provider (more info)
    2. Receive token
    3. Set VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable with feed url and token for nuget restore process
    4. Copy NuGet.config file
    5. Run dotnet restore
    FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /work

RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh  | sh
ARG FEED_ACCESSTOKEN
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS \
    "{\"endpointCredentials\": [{\"endpoint\":\"https://happycode.pkgs.visualstudio.com/_packaging/hc-nuget-feed/nuget/v3/index.json\", \"password\":\"${FEED_ACCESSTOKEN}\"}]}"
COPY ["NuGet.config", "./"]

COPY ["src/*/*.csproj", "./"]
RUN for projectFile in $(ls *.csproj); \
    do \
      mkdir -p ${projectFile%.*}/ && mv $projectFile ${projectFile%.*}/; \
    done
RUN dotnet restore /work/HappyCode.Api/HappyCode.Api.csproj

# further instructions

    0 讨论(0)
 看不清?
提交回复
热议问题