OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #1786
#1786  CI/CD Nuget Push Unauthorized
Closed
gameman733 opened 2 months ago

This is likely a user error but I am having a difficult time getting CI/CD Nuget pushing setup.

Server 10.0.0

My script currently (essentially)

dotnet nuget remove source onedevProject

Write-Output "Building"
dotnet build -p CONFIGURATION=Release


Write-Output "Adding Nuget Source"
dotnet nuget add source --name onedevProject--username @job_token@ --password @secret:access-token@ --store-password-in-clear-text http://ts-onedev:6610/Path/To/Project/~nuget/index.json

Write-Output "Push Nuget Package" 
dotnet nuget push -s onedevProject Project\bin\Release\*.nupkg

The relevent portion of the build output:

16:45:05 Push Nuget Package 16:45:11 error: Unable to load the service index for source http://SERVERNAME:6610/Path/To/Project/~nuget/index.json. 16:45:11 error: Response status code does not indicate success: 401 (Unauthorized).

I have a build -> Job Secret defined for @secret:access-token@, but I'm not sure if there is anything more needed. I THINK that this should actually point to a users access token, but the token is viewable in the Build -> Job Secret screen, so having that mapped to a user account seems like a bad idea. Am I doing something wrong or is there another step I am missing?
Robin Shen commented 2 months ago

Firstable, please upgrade to build #4795 (10.3.1), which fixed a nuget bug (bad request when push some special version string), and masked the job secret value.

For the unauthorized error you encountered, I set up a demo project which can push package via CI/CD successfully. You may compare it with your job to see if there is any clue.
gameman733 commented 2 months ago

I will have to get with our server group to get onedev updated. The package version in question is 2024.3.7.1016 (These are all internal projects so we version off date/build), so I don't think we would be hitting #1772.

Can you confirm that @secret:access-token@ is supposed to be set to an individual user's access token? Or is it something automatically generated for the build process?

Edit: it does work with a users access token set as the access-token
Robin Shen commented 2 months ago

It should be set to a user access token with permission to publish packages to target project.
gameman733 commented 2 months ago

Update applied and everything is working as I expected, thank you!

One final question, if a bit off topic.. is there currently, or plans to support, a unified Nuget feed for groups of projects or all projects hosted on the server? It appears that right now all nuget feeds are specific to the project its associated with.
Robin Shen commented 2 months ago

The project hosting nuget package is not necessarily the same as the project publishing it. So you may create a project hosting all of your nuget packages, and configure all other projects to publish nuget packages to it.
Robin Shen changed state to 'Closed' 2 months ago
Previous Value Current Value 
Open
 
Closed
issue 1 of 1
Type
Question
Priority
Normal
Assignee
Robin Shen
Labels
No labels
Issue Votes (0)
Login to vote
Watchers (3)
Reference
onedev/server#1786
Please wait...
Page is in error, reload to recover