Posts Restore NuGet Packages from a Private Feed when building Docker Containers
Restore NuGet Packages from a Private Feed when building Docker Containers
Cancel

Restore NuGet Packages from a Private Feed when building Docker Containers

In my last posts, I created a private NuGet feed and automatically uploaded a NuGet package with my Azure DevOps pipeline. Using Visual Studio to restore the NuGet package from the private feed works fine because my user has access to the feed. When I try to restore the package when building a Docker image, it will crash with a 401 Unauthorized error.

The Docker build failed

The Docker build failed

Today, I will show you how to create an access token for your private Azure DevOps NuGet feed and how to pass it to your Dockerfile to build Docker images.

Create a Personal Access Token (PAT) in Azure DevOps

To create a personal access token in Azure DevOps, click on user settings, and select Personal access tokens.

Create a Personal access tokens

Create a Personal access tokens

This opens a new flyout window. There you can enter a name, your organization, and the expiration date. If you select Custom defined as expiration date, you can create a PAT which is valid for one year. Select custom defined scope and then select Read in the Packaging section. This allows the PAT to read the NuGet packages from the feed.

Configure the PAT

Configure the PAT

After you click Create, the new PAT is displayed. Make sure to copy it because you won’t be able to see it again after you closed the window.

The PAT got created

The PAT got created

Pass the PAT to build the Dockerfile locally

You can find the code of the demo on Github.

Add a nuget.config file

The first step to restore the NuGet package from the private feed is to add a nuget.config file to the root folder of the CustomerApi project. This file contains the URLs for the nuget.org and the private feed. Since this file gets committed to source control, I don’t add the PAT there because I want to keep it private. The file looks as follows:

Use the PAT in the Dockerfile

Docker supports build arguments which I will use to pass the PAT inside the Dockerfile in the CI pipeline. Locally, I don’t pass a PAT but I can set a default value. Additionally, I have to add the PAT and a username to the nuget.config to be able to access the private NuGet feed. the code looks as follows:

Instead of localhost, use the previously created PAT. Make sure to not commit it to your source control though. Additionally, you have to copy the previously nuget.config file inside the Docker image. You can do this with the following code:

To use the nuget.config file during the restore, use the –configfile flag and provide the path to the nuget.config file.

You can find the finished Dockerfile on Github.

Run the docker build again and it will finish successfully this time.

Pass the PAT in the Azure DevOps Pipeline

In the Azure DevOps pipeline, create a new secret variable for the PAT. To do that, open the pipeline and then click on Variables on the right top. Click on the + symbol and then provide a name for the variable and the value of the PAT. Make sure to enable Keep this value secret to hide the actual value from users.

Create a secret variable for the PAT

Create a secret variable for the PAT

Next, add build-arg as argument to the docker build task and provide the previously created variable as PAT. The whole task looks as follows:

That’s already all to restore the NuGet package from a private feed. Run the pipeline it will finish successfully.

Conclusion

You can create a private access token (PAT) to access NuGet packages of a private NuGet feed in Azure DevOps. This token can be passed to the Dockerfile as a build argument and then inside the Dockerfile be added to the nuget.config file. This allows you to restore private NuGet packages locally and in your Azure DevOps pipeline without committing your secret PAT to source control.

Note: If you run this demo, it will work without my private feed because I uploaded the NuGet package to nuget.org.

You can find the code of the demo on Github.

This post is part of “Microservice Series - From Zero to Hero”.

This post is licensed under CC BY 4.0 by the author.