In my last posts, I created a private NuGet feed and automatically uploaded a NuGet package with my Azure DevOps pipeline. Using Visual Studio to restore the NuGet package from the private feed works fine because my user has access to the feed. When I try to restore the package when building a Docker image, it will crash with a 401 Unauthorized error.
Today, I will show you how to create an access token for your private Azure DevOps NuGet feed and how to pass it to your Dockerfile to build Docker images.
This post is part of “Microservice Series - From Zero to Hero”.
Create a Personal Access Token (PAT) in Azure DevOps
To create a personal access token in Azure DevOps, click on user settings, and select Personal access tokens.
This opens a new flyout window. There you can enter a name, your organization, and the expiration date. If you select Custom defined as the expiration date, you can create a PAT which is valid for one year. Select custom defined scope and then select Read in the Packaging section. This allows the PAT to read the NuGet packages from the feed.
After you click Create, the new PAT is displayed. Make sure to copy it because you won’t be able to see it again after you closed the window.
Pass the PAT to build the Dockerfile locally
You can find the code of the demo on GitHub.
Add a nuget.config file
The first step to restoring the NuGet package from the private feed is to add a nuget.config file to the root folder of the CustomerApi project. This file contains the URLs for the nuget.org and private feed. Since this file gets committed to source control, I don’t add the PAT there because I want to keep it private. The file looks as follows:
Use the PAT in the Dockerfile
Docker supports build arguments which I will use to pass the PAT inside the Dockerfile in the CI pipeline. Locally, I don’t pass a PAT but I can set a default value. Additionally, I have to add the PAT and a username to the nuget.config to be able to access the private NuGet feed. the code looks as follows:
Instead of localhost, use the previously created PAT. Make sure to not commit it to your source control though. Additionally, you have to copy the previously nuget.config file inside the Docker image. You can do this with the following code:
To use the nuget.config file during the restore, use the –configfile flag and provide the path to the nuget.config file.
You can find the finished Dockerfile on GitHub.
Run the docker build again and it will finish successfully this time.
Pass the PAT in the Azure DevOps Pipeline
In the Azure DevOps pipeline, create a new secret variable for the PAT. To do that, open the pipeline and then click on Variables on the right top. Click on the + symbol and then provide a name for the variable and the value of the PAT. Make sure to enable Keep this value secret to hide the actual value from users.
Next, add the build-arg parameter to the docker build task and provide the previously created variable as PAT. The whole task looks as follows:
That’s already all to restore the NuGet package from a private feed. Run the pipeline it will finish successfully.
Conclusion
You can create a private access token (PAT) to access NuGet packages of a private NuGet feed in Azure DevOps. This token can be passed to the Dockerfile as a build argument and then inside the Dockerfile be added to the nuget.config file. This allows you to restore private NuGet packages locally and in your Azure DevOps pipeline without committing your secret PAT to source control.
Note: If you run this demo, it will work without my private feed because I uploaded the NuGet package to nuget.org.
You can find the code of the demo on GitHub.
This post is part of “Microservice Series - From Zero to Hero”.
Comments powered by Disqus.