OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.0.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-1786
CI/CD Nuget Push Unauthorized (OD-1786)
gameman733 opened 2 years ago

This is likely a user error but I am having a difficult time getting CI/CD Nuget pushing setup.

Server 10.0.0

My script currently (essentially)

dotnet nuget remove source onedevProject

Write-Output "Building"
dotnet build -p CONFIGURATION=Release


Write-Output "Adding Nuget Source"
dotnet nuget add source --name onedevProject--username @job_token@ --password @secret:access-token@ --store-password-in-clear-text http://ts-onedev:6610/Path/To/Project/~nuget/index.json

Write-Output "Push Nuget Package" 
dotnet nuget push -s onedevProject Project\bin\Release\*.nupkg

The relevent portion of the build output:

16:45:05 Push Nuget Package 16:45:11 error: Unable to load the service index for source http://SERVERNAME:6610/Path/To/Project/~nuget/index.json. 16:45:11 error: Response status code does not indicate success: 401 (Unauthorized).

I have a build -> Job Secret defined for @secret:access-token@, but I'm not sure if there is anything more needed. I THINK that this should actually point to a users access token, but the token is viewable in the Build -> Job Secret screen, so having that mapped to a user account seems like a bad idea. Am I doing something wrong or is there another step I am missing?

  • Robin Shen commented 2 years ago

    Firstable, please upgrade to build #4795, which fixed a nuget bug (bad request when push some special version string), and masked the job secret value.

    For the unauthorized error you encountered, I set up a demo project which can push package via CI/CD successfully. You may compare it with your job to see if there is any clue.

  • gameman733 commented 2 years ago

    I will have to get with our server group to get onedev updated. The package version in question is 2024.3.7.1016 (These are all internal projects so we version off date/build), so I don't think we would be hitting #1772.

    Can you confirm that @secret:access-token@ is supposed to be set to an individual user's access token? Or is it something automatically generated for the build process?

    Edit: it does work with a users access token set as the access-token

  • Robin Shen commented 2 years ago

    It should be set to a user access token with permission to publish packages to target project.

  • gameman733 commented 2 years ago

    Update applied and everything is working as I expected, thank you!

    One final question, if a bit off topic.. is there currently, or plans to support, a unified Nuget feed for groups of projects or all projects hosted on the server? It appears that right now all nuget feeds are specific to the project its associated with.

  • Robin Shen commented 2 years ago

    The project hosting nuget package is not necessarily the same as the project publishing it. So you may create a project hosting all of your nuget packages, and configure all other projects to publish nuget packages to it.

  • Robin Shen changed state to 'Closed' 2 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
issue 1/1
Type
Question
Priority
Normal
Assignee
Robin Shen
Labels
No labels
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-1786
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover