Search code examples
githubnugetgithub-actionsnuget-package-restore

dotnet restore fails to find package in private github package feed, when ran from a github workflow

We have some Nuget packages pushed to our organizations github package repository, and I am able to add those packages locally in my project, after I have added the github package source as an extra nuget source in my IDE (rider). For this, I use a pat-token.

So, everything works locally, and I can build everything fine. (combining nuget.org & our private feed).

The next logical step, is to leverage that package feed in our build pipeline in github actions... And that's where things fail...

This is the section in our github workflow, that I believe should work just fine:

FYI : I have not checked in a nuget.config file

- name: Restore dependencies
  run: |
    dotnet nuget add source --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github 'https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json'
    dotnet restore ${{ inputs.sourcePath }}

The difference is that I am using the secrets.GITHUB_TOKEN, but according to the logs, the source is successfully added... However, when the dotnet restore command runs, it seems the package cannot be found.

These are the logs:

Package source with Name: github added successfully.

Determining projects to restore...
/home/runner/work/mgmt-portal/mgmt-portal/src/Comp.AdminPortal.WebApp/Comp.AdminPortal.WebApp.csproj : 
error NU1101: Unable to find package Comp.Backend.WebAPI.Client. 
No packages exist with this id in source(s): github, nuget.org [/home/runner/work/mgmt-portal/mgmt-portal/src/Comp.ManagementPortal.sln]

Failed to restore /home/runner/work/mgmt-portal/mgmt-portal/src/Comp.AdminPortal.WebApp/Comp.AdminPortal.WebApp.csproj (in 3 sec).
Error: Process completed with exit code 1.
Solution

  • So, it seems it is not (yet?) possible to give specific permissions to the GITHUB_TOKEN. And in my case, the package was linked to another repo (not the repo in which I was running my pipeline.

    So by default the GITHUB_TOKEN does not have access rights for the scope of package:read and it does not seem possible to give those, at first sight.

    The workaround seems to be to use a personal access token, a PAT...