When building a Docker image in an Azure DevOps pipeline that requires access to a private NuGet feed you need to run the NuGetAuthenticate task first in order to get an access token.
What is the local equivalent of this? i.e. I fetch a token, plug it into VSS_NUGET_EXTERNAL_FEED_ENDPOINTS and pass it as args when running the Docker build?
I fetch a token, plug it into VSS_NUGET_EXTERNAL_FEED_ENDPOINTS and pass it as args when running the Docker build?
Yes,a VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable is used to supply an access token.
Sample dockfile:
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /app
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
# Copy csproj and restore as distinct layers
COPY *.csproj .
COPY ./nuget.config .
ARG FEED_ACCESSTOKEN
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS="{\"endpointCredentials\": [{\"endpoint\":\"https://fabrikam.pkgs.visualstudio.com/_packaging/MyGreatFeed/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"${FEED_ACCESSTOKEN}\"}]}"
RUN dotnet restore
# Copy and publish app and libraries
COPY . .
RUN dotnet publish -c Release -o out --no-restore
FROM mcr.microsoft.com/dotnet/runtime:6.0 AS runtime
WORKDIR /app/
COPY --from=build /app/out ./
ENTRYPOINT ["dotnet", "dotnetapp.dll"]
Before running docker build, first populate the FEED_ACCESSTOKEN environment variable with a personal access token. Then, this Dockerfile would be built using this command:
docker build --build-arg FEED_ACCESSTOKEN .
You can check the doc "Using the Azure Artifact Credential Provider" for the detail setting.
Or you can directly add the credential in nuget.config,please check doc Managing NuGet Credentials in Docker Scenarios for the details.
On Azure DevOps, please make sure the account doesn't have Multi factor authentication(MFA) required, on local machine, you need to follow the popup message to login.