microsoft · AlexVTor · Feb 28, 2024 · Feb 27, 2024 · Feb 27, 2024 · Feb 27, 2024
@@ -11,6 +11,12 @@ import * as ngRunner from 'azure-pipelines-tasks-packaging-common/nuget/NuGetToo
 import * as pkgLocationUtils from 'azure-pipelines-tasks-packaging-common/locationUtilities';
 import { getProjectAndFeedIdFromInputParam, logError } from 'azure-pipelines-tasks-packaging-common/util';
 
+interface EndpointCredentials {
+    endpoint: string;
+    username?: string;
+    password: string;
+}
+
 export async function run(): Promise<void> {
     let packagingLocation: pkgLocationUtils.PackagingLocation;
     try {
@@ -65,8 +71,10 @@ export async function run(): Promise<void> {
         }
 
         // Setting up auth info
-        const accessToken = pkgLocationUtils.getSystemAccessToken();
+        let accessToken;
+        let feed;
         const isInternalFeed: boolean = nugetFeedType === 'internal';
+        accessToken = getAccessToken(isInternalFeed);
         const internalAuthInfo = new auth.InternalAuthInfo(urlPrefixes, accessToken, /*useCredProvider*/ null, true);
 
         let configFile = null;
@@ -182,3 +190,57 @@ function dotNetNuGetPushAsync(dotnetPath: string, packageFile: string, feedUri:
     const envWithProxy = ngRunner.setNuGetProxyEnvironment(process.env, /*configFile*/ null, feedUri);
     return dotnet.exec({ cwd: workingDirectory, env: envWithProxy } as IExecOptions);
 }
+
+function getAccessToken(isInternalFeed: boolean): string{
+    let accessToken: string;
+    let allowServiceConnection = tl.getVariable('PUBLISH_VIA_SERVICE_CONNECTION');
+
+    if(allowServiceConnection) {
+        let endpoint = tl.getInput('externalEndpoint', false);
+
+        if(endpoint && isInternalFeed === true) {
+            tl.debug("Found external endpoint, will use token for auth");
+            let endpointAuth = tl.getEndpointAuthorization(endpoint, true);
+            let endpointScheme = tl.getEndpointAuthorizationScheme(endpoint, true).toLowerCase();
+            switch(endpointScheme)
+            {
+                case ("token"):
+                    accessToken = endpointAuth.parameters["apitoken"];
+                    break;
+                default:
+                    tl.warning("Invalid authentication type for internal feed. Use token based authentication.");
+                    break;
+            }
+        }
+        if(!accessToken && isInternalFeed === true)
+        {            
+            tl.debug("Checking for auth from Cred Provider."); 
+            const feed = getProjectAndFeedIdFromInputParam('feedPublish');
+            const JsonEndpointsString = process.env["VSS_NUGET_EXTERNAL_FEED_ENDPOINTS"];
+            if (JsonEndpointsString) {
+                tl.debug(`Endpoints found: ${JsonEndpointsString}`);
+
+                let endpointsArray: { endpointCredentials: EndpointCredentials[] } = JSON.parse(JsonEndpointsString);
+                tl.debug(`Feed details ${feed.feedId} ${feed.projectId}`);
+
+                for (let endpoint_in = 0; endpoint_in < endpointsArray.endpointCredentials.length; endpoint_in++) {
+                    if (endpointsArray.endpointCredentials[endpoint_in].endpoint.search(feed.feedName) != -1) {
+                        tl.debug(`Endpoint Credentials found for ${feed.feedName}`);
+                        accessToken = endpointsArray.endpointCredentials[endpoint_in].password;
+                        break;
+                    }
+                }
+            }
+        }
+        if(!accessToken)
+        {
+            tl.debug('Defaulting to use the System Access Token.');
+            accessToken = pkgLocationUtils.getSystemAccessToken();
+        }
+    }
+    else {
+        accessToken = pkgLocationUtils.getSystemAccessToken();
+    }
+
+    return accessToken;
+}
@@ -17,7 +17,7 @@
     "demands": [],
     "version": {
         "Major": 2,
-        "Minor": 235,
+        "Minor": 236,
         "Patch": 0
     },
     "minimumAgentVersion": "2.144.0",

@@ -17,7 +17,7 @@
   "demands": [],
   "version": {
     "Major": 2,
-    "Minor": 235,
+    "Minor": 236,
     "Patch": 0
   },
   "minimumAgentVersion": "2.144.0",

@@ -5,7 +5,9 @@ import { INpmRegistry, NpmRegistry } from 'azure-pipelines-tasks-packaging-commo
 import { NpmToolRunner } from './npmtoolrunner';
 import * as util from 'azure-pipelines-tasks-packaging-common/util';
 import * as npmutil from 'azure-pipelines-tasks-packaging-common/npm/npmutil';
-import { PackagingLocation } from 'azure-pipelines-tasks-packaging-common/locationUtilities';
+import * as npmrcparser from 'azure-pipelines-tasks-packaging-common/npm/npmrcparser';
+import { getSystemAccessToken, PackagingLocation, getFeedRegistryUrl, RegistryType } from 'azure-pipelines-tasks-packaging-common/locationUtilities';
+import * as os from 'os';
 
 export async function run(packagingLocation: PackagingLocation): Promise<void> {
     const workingDir = tl.getInput(NpmTaskInput.WorkingDir) || process.cwd();
@@ -33,10 +35,9 @@ export async function getPublishRegistry(packagingLocation: PackagingLocation):
         case RegistryLocation.Feed:
             tl.debug(tl.loc('PublishFeed'));
             const feed = util.getProjectAndFeedIdFromInputParam(NpmTaskInput.PublishFeed);
-            npmRegistry = await NpmRegistry.FromFeedId(
+            npmRegistry = await getNpmRegistry(
                 packagingLocation.DefaultPackagingUri,
-                feed.feedId,
-                feed.projectId,
+                feed, 
                 false /* authOnly */,
                 true /* useSession */);
             break;
@@ -47,4 +48,67 @@ export async function getPublishRegistry(packagingLocation: PackagingLocation):
             break;
     }
     return npmRegistry;
+}
+
+async function getNpmRegistry(defaultPackagingUri: string, feed: any, authOnly?: boolean, useSession?: boolean) {
+    const lineEnd = os.EOL;
+    let url: string;
+    let nerfed: string;
+    let auth: string;
+    let username: string;
+    let email: string;
+    let password64: string;
+
+    url = npmrcparser.NormalizeRegistry( await getFeedRegistryUrl(defaultPackagingUri, RegistryType.npm, feed.feedId, feed.projectId, null, useSession));
+    nerfed = util.toNerfDart(url);
+
+    // Setting up auth info
+    const accessToken = getAccessToken();
+
+    // Azure DevOps does not support PATs+Bearer only JWTs+Bearer
+    email = 'VssEmail';
+    username = 'VssToken';
+    password64 = Buffer.from(accessToken).toString('base64');
+    tl.setSecret(password64);
+
+    auth = nerfed + ':username=' + username + lineEnd;
+    auth += nerfed + ':_password=' + password64 + lineEnd;
+    auth += nerfed + ':email=' + email + lineEnd;
+
+    return new NpmRegistry(url, auth, authOnly);
+}
+
+function getAccessToken(): string {
+    let accessToken: string;
+    let allowServiceConnection = tl.getVariable('PUBLISH_VIA_SERVICE_CONNECTION');
+
+    if(allowServiceConnection) {
+        let endpoint = tl.getInput('publishEndpoint', false);
+
+        if(endpoint) {
+            tl.debug("Found external endpoint, will use token for auth");
+            let endpointAuth = tl.getEndpointAuthorization(endpoint, true);
+            let endpointScheme = tl.getEndpointAuthorizationScheme(endpoint, true).toLowerCase();
+            switch(endpointScheme)
+            {
+                case ("token"):
+                    accessToken = endpointAuth.parameters["apitoken"];
+                    break;
+                default:
+                    tl.warning("Invalid authentication type for internal feed. Use token based authentication.");
+                    break;
+            }
+        }
+        if(!accessToken)
+        {
+            tl.debug('Defaulting to use the System Access Token.');
+            accessToken = getSystemAccessToken();
+        }
+        return accessToken;
+    }
+    else{
+        accessToken = getSystemAccessToken();
+    }
+
+    return accessToken;
 }
@@ -9,7 +9,7 @@
     "author": "Microsoft Corporation",
     "version": {
         "Major": 1,
-        "Minor": 231,
+        "Minor": 236,
         "Patch": 0
     },
     "runsOn": [

@@ -9,7 +9,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 1,
-    "Minor": 231,
+    "Minor": 236,
     "Patch": 0
   },
   "runsOn": [

@@ -36,6 +36,12 @@ interface IVstsNuGetPushOptions {
     settings: vstsNuGetPushToolRunner.VstsNuGetPushSettings;
 }
 
+interface EndpointCredentials {
+    endpoint: string;
+    username?: string;
+    password: string;
+}
+
 export async function run(nuGetPath: string): Promise<void> {
     let packagingLocation: pkgLocationUtils.PackagingLocation;
     try {
@@ -103,7 +109,10 @@ export async function run(nuGetPath: string): Promise<void> {
         }
 
         // Setting up auth info
-        const accessToken = pkgLocationUtils.getSystemAccessToken();
+        let accessToken;
+        let feed;
+        const isInternalFeed: boolean = nugetFeedType === "internal";
+        accessToken = getAccessToken(isInternalFeed);
         const quirks = await ngToolRunner.getNuGetQuirksAsync(nuGetPath);
 
         // Clauses ordered in this way to avoid short-circuit evaluation, so the debug info printed by the functions
@@ -131,7 +140,6 @@ export async function run(nuGetPath: string): Promise<void> {
         let credCleanup = () => { return; };
 
         let feedUri: string;
-        const isInternalFeed: boolean = nugetFeedType === "internal";
 
         let authInfo: auth.NuGetExtendedAuthInfo;
         let nuGetConfigHelper: NuGetConfigHelper2;
@@ -405,3 +413,57 @@ function shouldUseVstsNuGetPush(isInternalFeed: boolean, conflictsAllowed: boole
 
     return false;
 }
+
+function getAccessToken(isInternalFeed: boolean): string{
+    let accessToken: string;
+    let allowServiceConnection = tl.getVariable('PUBLISH_VIA_SERVICE_CONNECTION');
+
+    if(allowServiceConnection) {
+        let endpoint = tl.getInput('externalEndpoint', false);
+
+        if(endpoint && isInternalFeed === true) {
+            tl.debug("Found external endpoint, will use token for auth");
+            let endpointAuth = tl.getEndpointAuthorization(endpoint, true);
+            let endpointScheme = tl.getEndpointAuthorizationScheme(endpoint, true).toLowerCase();
+            switch(endpointScheme)
+            {
+                case ("token"):
+                    accessToken = endpointAuth.parameters["apitoken"];
+                    break;
+                default:
+                    tl.warning("Invalid authentication type for internal feed. Use token based authentication.");
+                    break;
+            }
+        }
+        if(!accessToken && isInternalFeed === true)
+        {           
+            tl.debug("Checking for auth from Cred Provider."); 
+            const feed = getProjectAndFeedIdFromInputParam('feedPublish');
+            const JsonEndpointsString = process.env["VSS_NUGET_EXTERNAL_FEED_ENDPOINTS"];
+            if (JsonEndpointsString) {
+                tl.debug(`Endpoints found: ${JsonEndpointsString}`);
+
+                let endpointsArray: { endpointCredentials: EndpointCredentials[] } = JSON.parse(JsonEndpointsString);
+                tl.debug(`Feed details ${feed.feedId} ${feed.projectId}`);
+
+                for (let endpoint_in = 0; endpoint_in < endpointsArray.endpointCredentials.length; endpoint_in++) {
+                    if (endpointsArray.endpointCredentials[endpoint_in].endpoint.search(feed.feedName) != -1) {
+                        tl.debug(`Endpoint Credentials found for ${feed.feedName}`);
+                        accessToken = endpointsArray.endpointCredentials[endpoint_in].password;
+                        break;
+                    }
+                }
+            }
+        }
+        if(!accessToken)
+        {
+            tl.debug('Defaulting to use the System Access Token.');
+            accessToken = pkgLocationUtils.getSystemAccessToken();
+        }
+    }
+    else {
+        accessToken = pkgLocationUtils.getSystemAccessToken();
+    }
+
+    return accessToken;
+}
@@ -9,7 +9,7 @@
     "author": "Microsoft Corporation",
     "version": {
         "Major": 2,
-        "Minor": 231,
+        "Minor": 236,
         "Patch": 0
     },
     "runsOn": [

@@ -9,7 +9,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 2,
-    "Minor": 231,
+    "Minor": 236,
     "Patch": 0
   },
   "runsOn": [

@@ -9,7 +9,7 @@
   "category": "Package",
   "version": {
     "Major": 0,
-    "Minor": 231,
+    "Minor": 236,
     "Patch": 0
   },
   "runsOn": [

@@ -9,7 +9,7 @@
   "category": "Package",
   "version": {
     "Major": 0,
-    "Minor": 231,
+    "Minor": 236,
     "Patch": 0
   },
   "runsOn": [

@@ -259,7 +259,7 @@ function authSetup(
         projectId = feedProject.projectId;
 
         // Setting up auth info
-        accessToken = pkgLocationUtils.getSystemAccessToken();
+        accessToken = getAcessToken();
     }
 
     else {
@@ -288,3 +288,42 @@ function authSetup(
         accessToken
     ];
 }
+
+function getAcessToken() : string {
+    let accessToken: string;
+    let allowServiceConnection = tl.getVariable('PUBLISH_VIA_SERVICE_CONNECTION');
+
+    if(allowServiceConnection) {
+        let endpoint = tl.getInput('externalEndpoints', false);
+
+        if(endpoint) {
+            tl.debug("Found external endpoint, will try to use token for auth");
+            let endpointAuth = tl.getEndpointAuthorization(endpoint, true);
+            let endpointScheme = tl.getEndpointAuthorizationScheme(endpoint, true).toLowerCase();
+            switch(endpointScheme)
+            {
+                case ("token"):
+                    accessToken = endpointAuth.parameters["apitoken"];
+                    break;
+                default:
+                    tl.warning("Invalid authentication type for internal feed. Use token based authentication.");
+                    break;
+            }
+        }
+        if(!accessToken)
+        {           
+            tl.debug("Checking for auth in environment variables."); 
+            accessToken = process.env["UNIVERSAL_PUBLISH_PAT"];
+        }
+        if(!accessToken)
+        {
+            tl.debug('Defaulting to use the System Access Token.');
+            accessToken = pkgLocationUtils.getSystemAccessToken();
+        }    
+    }
+    else {
+        accessToken = pkgLocationUtils.getSystemAccessToken();
+    }
+
+    return accessToken;
+}
diff --git a/_generated/DotNetCoreCLIV2.versionmap.txt b/_generated/DotNetCoreCLIV2.versionmap.txt
@@ -1,2 +1,2 @@
-Default|2.235.0
-Node20_229_2|2.235.1
+Default|2.236.0
+Node20_229_2|2.236.1