Wednesday, September 20, 2023

Use Github secrets to restore nuget packages from private packages source with authentication in Dockerfile via Github actions

If you use private nuget packages source with authentication and Docker in your project you may need to restore packages from this custom packages source within Docker file. In this post I will show how to use Github secrets for that when you build Docker image via docker/build-push-action Github action.

First of all in the yaml file of our Github action we need to pass necessary secrets references to the build action using the following syntax:

name: Build
id: docker_build
uses: docker/build-push-action@v5
with:
  ...
  secrets: |
    "NUGET_USERNAME=${{ secrets.NUGET_USERNAME }}"
    "NUGET_PWD=${{ secrets.NUGET_PWD }}"

After that in Docker file we fetch passed secrets (they are stored to special files under /run/secrets/... path which is available during Docker image build) and will store them to environment variables using export command. After that we will add our private packages source with username and password (using dotnet nuget add source). When it will be done we will be able to run "dotnet restore" command which will restore project dependencies including those which come from private nuget source:

COPY Foo.csproj src/

RUN --mount=type=secret,id=NUGET_USERNAME \
	--mount=type=secret,id=NUGET_PWD \
	export NUGET_USERNAME=$(cat /run/secrets/NUGET_USERNAME) && \
	export NUGET_PWD=$(cat /run/secrets/NUGET_PWD) && \
	dotnet nuget add source https://my-private-packages-source/index.json --name FooPackages --username "${NUGET_USERNAME}" --password "${NUGET_PWD}" --store-password-in-clear-text

RUN dotnet restore "src/Foo.csproj" /p:IsDockerBuild=true

Note that it is important to pipe commands which export environment variables and then use them to the same single RUN command. If you will try to use these variables in separate RUN command "nuget add source" will tell that "Package source with Name: ... added successfully" but then you will get confusing error when will try to run "dotnet restore":

Error NU1301: Unable to load the service index for source

But if everything is done in the way how it is described above then your project dependencies should be restored successfully for your Docker image.

at
Posted by
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)