Search code examples
c#.netdockernugetgithub-actions

Add private nuget source to docker build with GitHub secrets

I am currently getting a 401 unauthorised when trying to add the NuGet packet source to my docker build.

I started by adding the NuGet source URL into the docker file with:

RUN dotnet nuget add source https://nuget.pkg.github.com/blah/index.json -UserName "AZ" -Password $NUGET_AUTH_TOKEN

The logs show that it getting the URL correct but 401 as it's not looking like it's using the var "NUGET_AUTH_TOKEN".

The NuGet auth token NUGET_AUTH_TOKEN is a GitHub secret which I'm passing as a env and using when setting up dotnet

In my GitHub Workflow I am then passing these value in by using "--build-arg"

--build-arg NUGET_URL=${{ env.NUGET_URL }} --build-arg NUGET_AUTH_TOKEN=${{ secrets.NUGET_TOKEN }}

GitHub Workflow:

      - name: Build and Push Docker image
        id: build-image
        working-directory: ./src/Blah
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          docker build --build-arg NUGET_URL=${{ env.NUGET_URL }} --build-arg NUGET_AUTH_TOKEN=${{ secrets.NUGET_TOKEN }} -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Blah.Blah/Dockerfile .

Dockerfile


RUN dotnet nuget add source https://nuget.pkg.github.com/blah/index.json -UserName "AZ" -Password $NUGET_AUTH_TOKEN
RUN dotnet restore "Blah.Blah/Blah.Blah.csproj"
COPY . .
WORKDIR "/src/Blah.Blah"
RUN dotnet build "Blah.Blah.csproj" -c Release -o /app/build

Currently blocked and this has been the first time I've used private NuGet packages with Docker containers. Any help would be highly appreciated.

Solution

  • Resolution:

    I passed the values needed as environmental variables.

    GitHub Workflow

          - name: Build and Push Docker image
        id: build-image
        working-directory: ./src/Blah
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
          NUGET_URL: ${{ env.NUGET_URL }}
          NUGET_AUTH_TOKEN: ${{ env.NUGET_AUTH_TOKEN }}
        run: |
          docker build --build-arg NUGET_URL=$NUGET_URL --build-arg NUGET_AUTH_TOKEN=$NUGET_AUTH_TOKEN -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Blah.Blah/Dockerfile .

    Dockerfile

    ARG NUGET_URL
ARG NUGET_AUTH_TOKEN
RUN echo "machine nuget.example.com login <username> password $NUGET_AUTH_TOKEN" > ~/.netrc
RUN dotnet nuget add source -n github -u AZ -p $NUGET_AUTH_TOKEN --store-password-in-clear-text $NUGET_URL
RUN dotnet restore "Blah.Blah/Blah.Blah.csproj"
COPY . .
WORKDIR "/src/Blah.Blah"
RUN dotnet build "Blah.Blah.csproj" -c Release -o /app/build
`