Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dotnet nuget push fails to authenticate #101

Closed
sliekens opened this issue Jun 23, 2020 · 9 comments
Closed

dotnet nuget push fails to authenticate #101

sliekens opened this issue Jun 23, 2020 · 9 comments

Comments

@sliekens
Copy link

Description

I can't get authentication to work after reading the README section and related issues (NuGet/Home#8580 (comment)).

I want to:

  1. restore dependencies from nuget.org
  2. publish a package to GPR

Details

I have a nuget.config in my repo with just the source I need to restore dependencies.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

Then I added the bit of yaml that configures the GPR source-url and adds authentication.

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-dotnet@v1
      with:
        source-url: https://nuget.pkg.github.com/stevenliekens/index.json
      env:
        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - run: dotnet pack --configuration Release --output artifacts --version-suffix CI-$(date --utc '+%Y%m%d-%H%M%S')
    - run: dotnet nuget push artifacts/*.nupkg

No matter what I do, I get an error on the last step saying that my API key is missing.

warn : No API Key was provided and no API Key could be found for 'https://nuget.pkg.github.com/stevenliekens'. To save an API Key for a source use the 'setApiKey' command.

Can this be a bug in the action? I don't see what I could possibly be missing.

@sliekens
Copy link
Author

Okay I went through the code, ran jest, did some soul-searching and finally realized that the problem was staring at me all along.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

If you include a <clear /> element in your repo-level config file then the workflow ignores the temporary nuget file generated by setup-dotnet. IMO that's a pretty big deal because <clear /> is included in the output of dotnet new nugetconfig. (For good reasons.)

Now I'm not sure how to go about fixing this... I assume that changing the action to modify the repo-level nuget config is a no-no?

@sliekens
Copy link
Author

sliekens commented Jun 24, 2020

I have a proposal... what if the action generates a full nuget config file that you can reference later on?

Input

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

Output

<?xml version="1.0"?>
<configuration>
  <config>
    <add key="defaultPushSource" value="https://nuget.pkg.github.com/OwnerName/index.json"/>
  </config>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="Source" value="https://nuget.pkg.github.com/OwnerName/index.json"/>
  </packageSources>
  <packageSourceCredentials>
    <Source>
      <add key="Username" value="OwnerName"/>
      <add key="ClearTextPassword" value="NUGET_AUTH_TOKEN"/>
    </Source>
  </packageSourceCredentials>
</configuration>

The user-experience would look something like this:

steps:
- id: dotnet
  uses: actions/setup-dotnet@vnext
  with:
    source-url: https://nuget.pkg.github.com/owner/index.json
  env:
    NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: dotnet nuget push **/*.nupkg --config-file ${{ steps.dotnet.outputs.nugetconfig }}

Unfortunately, that's not possible because dotnet nuget push does not support --config-file. (Tracked by NuGet/Home#4879.)

@ZEisinger thoughts?

@Airn5475
Copy link

Airn5475 commented Aug 4, 2020

I'm running into this too and I have no idea what's going on. I've had it working before and all of a sudden it stopped.

- name: Setup .NET Core
  uses: actions/[email protected]
  with:
    source-url: https://nuget.pkg.github.com/<owner>/index.json
  env:
    NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Pack NuGet
  run: dotnet pack <project name> --no-restore -c Release -o .\<project name>\NugetPackage   

- name: Publish NuGet
  run: |
      dotnet nuget push .\<project name>\NugetPackage\*.nupkg --no-symbols true

And I get the following output:

Run dotnet nuget push .\project\NugetPackage*.nupkg --no-symbols true
warn : No API Key was provided and no API Key could be found for 'https://nuget.pkg.github.com/owner'. To save an API Key for a source use the 'setApiKey' command.
Pushing project.1.0.2.nupkg to 'https://nuget.pkg.github.com/owner'...
PUT https://nuget.pkg.github.com/owner/
An error was encountered when fetching 'PUT https://nuget.pkg.github.com/owner/'. The request will now be retried.
An error occurred while sending the request.
The response ended prematurely.
PUT https://nuget.pkg.github.com/owner/
An error was encountered when fetching 'PUT https://nuget.pkg.github.com/owner/'. The request will now be retried.
An error occurred while sending the request.
The response ended prematurely.
PUT https://nuget.pkg.github.com/owner/
error: An error occurred while sending the request.
error: The response ended prematurely.

@PathogenDavid
Copy link

PathogenDavid commented Aug 4, 2020

I've found success setting DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER to 0 command as noted in NuGet/Home#9775. IE: https://github.com/InfectedLibraries/ClangSharp.Pathogen/blob/120bef6bf5e73f6745bf238c23c594ce2d48be27/.github/workflows/ClangSharp.Pathogen.yml#L187-L191

Also off topic, but *.nupkg without double quotes can cause only the first matched package to be uploaded. And if you care about that workflow running on Ubuntu, you can't use backslashes. (And if you care about it running on Windows, you can't use forward slashes so I'd recommend using working-directory instead.)

@ZEisinger
Copy link
Contributor

It seems the original problem with not using the given token would be solved by #109 (not released in v1 yet). The nuget file was being generated into a temp folder outside the repo path and was not being used.

@ZEisinger
Copy link
Contributor

The release has been completed. Please reopen if the original bug is not resolved, or open a new issue for other bugs.

akunzai added a commit to akunzai/NHibernate.Extensions.Logging that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/NHibernate.Extensions.Logging that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/NHibernate.Extensions.Logging that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/NHibernate.Extensions.Logging that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/NHibernate.Extensions.Logging that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/NHibernate.Extensions.Logging that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/GSS.Authentication.CAS that referenced this issue Jan 20, 2021
akunzai added a commit to akunzai/GSS.Authorization.OAuth that referenced this issue Jan 20, 2021
@AndrewTriesToCode
Copy link

AndrewTriesToCode commented Jan 31, 2021

Still seems to be an issue. I was getting

warn : No API Key was provided and no API Key could be found for 'https://nuget.pkg.github.com/andrewtriestocode'. To save an API Key for a source use the 'setApiKey' command.

using the install dotnet action parameters. If I just use the --source and --api-key options on the command line run for dotnet nuget push it works as expected.

@etiennecl
Copy link

I experience the same issue as @AndrewTriesToCode .

@sliekens
Copy link
Author

sliekens commented Apr 2, 2021

My conclusion is that you have to do one of two things:

  • A) Remove the <clear /> element from your nuget.config
  • B) Add the source that requires authentication to your nuget.config

So this will never work:

    - uses: actions/setup-dotnet@v1
      with:
        config-file: nuget.config
        source-url: https://nuget.pkg.github.com/OwnerName/index.json
      env:
        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
<!-- Will never work, even though the NUGET_AUTH_TOKEN is added, it can't be matched to a packageSource after the <clear/> -->
<configuration>
    <packageSources>
        <clear />
        <add key="nuget" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    </packageSources>
</configuration>

Option A:

<!-- Will work because packageSources are now merged with the temporary nuget.config in the parent directory -->
<configuration>
    <packageSources>
        <add key="nuget" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    </packageSources>
</configuration>

Option B:

<!-- Will also work because setup-dotnet will match your existing packageSource -->
<configuration>
    <packageSources>
        <clear />
        <add key="nuget" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
        <add key="gh" value="https://nuget.pkg.github.com/OwnerName/index.json" protocolVersion="3" />
    </packageSources>
</configuration>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants