19

I try to add (override) a private nuget source to my build script in order to add the user/pw - and keep it out of my source control. What I tried so far:

  • nuget is not recognized as command inside the image
  • dotnet nuget does not have the command to add additional sources
  • installing nuget does not effect dotnet restore
FROM mcr.microsoft.com/dotnet/core/sdk:2.2 
RUN apt-get update && apt-get install -y nuget 
RUN nuget source Add -Name "Private Feed" -Source ".." -UserName "UserVAR" -Password "PassVAR"
RUN dotnet restore
jwillmer
  • 3,570
  • 5
  • 37
  • 73
  • if you ever upgrade 3.1 supports this https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-add-source – red888 Sep 14 '20 at 01:49

5 Answers5

12

My current workaround is to create a copy of the nuget.config with a packageSourceCredentials section that contains placeholders for user name and password. I then replace my existing nuget.config with this file and replace the user name and password with environment variables.

The only drawback is that I need to keep both config files in sync. If I modify my nuget.config in the project I need to remember to update the copy as well.

nuget.config.template

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="GitHub private registry" value="https://nuget.pkg.github.com/your_orga/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <GitHub_x0020_private_x0020_registry>
        <add key="Username" value="USER" />
        <add key="ClearTextPassword" value="PW" />
    </GitHub_x0020_nuget_x0020_registry>
</packageSourceCredentials>
</configuration>

Dockerfile

FROM mcr.microsoft.com/dotnet/core/sdk:2.2 AS build-image
ARG NUGET_AUTH_TOKEN
ARG NUGET_USER_NAME

WORKDIR /app
COPY ./My.Project .

# Replace nuget.config
RUN rm nuget.config
COPY ./gitlab-ci/nuget.config.template ./nuget.config
RUN sed -i -e "s/USER/$NUGET_USER_NAME/g" -e "s/PW/$NUGET_AUTH_TOKEN/g" nuget.config

RUN dotnet restore

.gitlab-ci.yml

docker build
      --build-arg NUGET_USER_NAME=$NUGET_USER_NAME
      --build-arg NUGET_AUTH_TOKEN=$NUGET_AUTH_TOKEN
      --tag $CI_REGISTRY/organization/application:$CI_COMMIT_SHA
      --file gitlab-ci/Dockerfile
      .
jwillmer
  • 3,570
  • 5
  • 37
  • 73
  • 1
    With this approach your username and token will end up in the image. You should use docker secret for that purpose. https://stackoverflow.com/questions/33621242/why-is-arg-in-a-dockerfile-not-recommended-for-passing-secrets – Kamushek Mar 11 '22 at 06:37
  • You can't use docker secrets with stand-alone containers. – db2 May 16 '22 at 19:55
  • @Kamushek we use staged builds to prevent this: https://docs.docker.com/build/building/multi-stage/ – jwillmer May 08 '23 at 13:08
  • @jwillmer if I remember correctly, in staged builds your data will be accessible in history on building machine or smth – Kamushek Jul 10 '23 at 06:35
12

By adding a nuget.config to the solution/project and copying it into the Docker project:

WORKDIR /src
COPY ["nuget.config", ""]

You can add the source and then have success with your docker build.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    <add key="Nellson Nuget Repo" value="http://private.source.local:123/v3/index.json" />
  </packageSources>
  <activePackageSource>
    <add key="NuGet official package source" value="https://api.nuget.org/v3/index.json" />
    <add key="Nellson Nuget Repo" value="http://private.source.local:123/v3/index.json" />
  </activePackageSource>
</configuration>
matt
  • 187
  • 1
  • 4
6

  1. In your private feed if it's azure artifacts create a personal access token with full access.

    enter image description here

  2. Add a NuGet.Config file to the root of your project

    <configuration>
  <packageSources>
    <add key="MyPrivateFeed" value="https://myfeed.url/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <MyPrivateFeed>
      <add key="Username" value="myusername" />
      <add key="ClearTextPassword" value="xq6n4lvnayeo2f467osasdasdgj4nat7xw2mkm7qwowvqeutjdueq" />
      <add key="ValidAuthenticationTypes" value="basic" />
    </MyPrivateFeed>
  </packageSourceCredentials>
</configuration>

    the ClearTextPassword key is your PAT

  3. Add these two-line to the copy section of your docker file

    COPY "NuGet.Config" "/"
RUN ["cp", "/NuGet.Config", "/root/.nuget/NuGet/NuGet.Config"]

    and finally run your docker build it should be work.

Pang
  • 9,564
  • 146
  • 81
  • 122
javidasd
  • 1,126
  • 13
  • 18
4

Answer for year 2023

Without security

This code for WebApplication3 works just fine. We use BaGet NuGet server to have a proxy between Nuget.org and our build servers for faster loads of common packages we use.

#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["WebApplication3/WebApplication3.csproj", "WebApplication3/"]

# !!!IMPORTANT PART HERE !!!

# Add your NuGet server here
RUN dotnet nuget add source https://nuget.yourdomain.com/v3/index.json
# For our purposes, to hide nuget.org behind a NuGet proxy we disable its source, you can skip that
RUN dotnet nuget disable source "nuget.org"

# Just to see if two lines above work
RUN dotnet nuget list source

RUN dotnet restore "WebApplication3/WebApplication3.csproj"

COPY . .
WORKDIR "/src/WebApplication3"
RUN dotnet build "WebApplication3.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "WebApplication3.csproj" -c Release -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebApplication3.dll"]

With basic authentication

#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build

# !!!IMPORTANT PART HERE !!!

ARG NUGET_USERNAME
ARG NUGET_PASSWORD

ENV NUGET_USERNAME=${NUGET_USERNAME}
ENV NUGET_PASSWORD=${NUGET_PASSWORD}

# Adds this source with basic authentication, other authentication types exist but I'm not sure if they are applicable here in Linux based container
RUN dotnet nuget add source https://nuget.yourdomain.com/v3/index.json --name="Your source name" --username ${NUGET_USERNAME} --valid-authentication-types basic --store-password-in-clear-text --password ${NUGET_PASSWORD}


WORKDIR /src
COPY ["WebApplication3/WebApplication3.csproj", "WebApplication3/"]

RUN dotnet nuget disable source "nuget.org"

# Just to see if two lines above work
RUN dotnet nuget list source

RUN dotnet restore "WebApplication3/WebApplication3.csproj"

COPY . .
WORKDIR "/src/WebApplication3"
RUN dotnet build "WebApplication3.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "WebApplication3.csproj" -c Release -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebApplication3.dll"]
Ondrej Valenta
  • 126
  • 3
2

The nuget source command is part of the nuget.exe command line interface, which can only be used on Linux in combination with Mono. Because the mcr.microsoft.com/dotnet/core/sdk image is a Linux container (Debian, to be precise) - you will need to install Mono and Nuget yourself in order to use that command. Your other option is to get the official Mono docker image and install .NET Core and NuGet.exe into that.

setagana
  • 149
  • 7