I have followed this tutorial on how to create a nuget tool package.
Now I want to deploy this package when I create tags in my Gitlab Pipeline:
stages:
- build
- deploy
variables:
PACKAGE_SOURCE:
value: https://api.nuget.org/v3/index.json
description: Specifies the Nuget package server URL.
image: mcr.microsoft.com/dotnet/sdk:7.0
build-job:
stage: build
script:
- dotnet build -c Release
artifacts:
untracked: true
package-job:
stage: build
needs:
- job: build-job
artifacts: true
script:
- dotnet pack -c Release --no-build --output nupgk
artifacts:
paths:
- nupgk
deploy-job:
stage: deploy
only:
- tags
needs:
- job: package-job
artifacts: true
script:
- echo "Pushing package to $PACKAGE_SOURCE"
- dotnet nuget push nupgk/*.nupkg --api-key "$PACKAGE_SERVER_TOKEN" --source "$PACKAGE_SOURCE"
The build job and the packaging works fine and then in the deploy job (when i push a tag to the repository) i get the following message:
$ echo "Pushing package to $PACKAGE_SOURCE"
Pushing package to https://api.nuget.org/v3/index.json
$ dotnet nuget push nupgk/*.nupkg --api-key "$PACKAGE_SERVER_TOKEN" --source "$PACKAGE_SOURCE"
warn : No API Key was provided and no API Key could be found for 'https://www.nuget.org/api/v2/package'. To save an API Key for a source use the 'setApiKey' command.
Pushing mypackage.myversion.nupkg to 'https://www.nuget.org/api/v2/package'...
PUT https://www.nuget.org/api/v2/package/
Unauthorized https://www.nuget.org/api/v2/package/ 570ms
error: Response status code does not indicate success: 401 (An API key must be provided in the 'X-NuGet-ApiKey' header to use this service).
I do not understand this behaviour, because when I run the exact same commands on my local machine (using the same docker image) i get the following output:
$ echo "Pushing package to $PACKAGE_SOURCE"
Pushing package to https://api.nuget.org/v3/index.json
$ dotnet nuget push nupgk/*.nupkg --api-key "$PACKAGE_SERVER_TOKEN" --source "$PACKAGE_SOURCE"
Pushing mypackage.myversion.nupkg to 'https://www.nuget.org/api/v2/package'...
PUT https://www.nuget.org/api/v2/package/
Created https://www.nuget.org/api/v2/package/ 1090ms
Your package was pushed.
It also seems that dotnet nuget is totally ignoring my source argument, i also dont know why that is.
Okay, this seems to be an issue outside of the pipeline configuration. It turns out that Gitlab, by default, sets variables as protected (which i confused with masked). This means that the PACKAGE_SERVER_TOKEN variable was not available on the tag pipeline because the tag itself was not protected at the time of its creation.
Fix: I added a wildcard tag protection rule v* to create a protected tag and additionally modified the pipeline to only run if a ref is protected (to ensure the variable is set when the job is created)
...
deploy-job:
stage: deploy
only:
refs:
- tags
variables:
- $CI_COMMIT_REF_PROTECTED
...