azure-pipelines-tasks: Stop using the setAuthForSourcesInTempNuGetConfig in all package downloading scenarios, such as nuget install, restore, because it completely breaks PackageSourceMapping
Note
Issues in this repo are for tracking bugs, feature requests and questions for the tasks in this repo
For a list:
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
If you have an issue or request for the Azure Pipelines service, use developer community instead:
https://developercommunity.visualstudio.com/spaces/21/index.html )
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Bug
Enter Task Name: Tasks/DotNetCoreCLIV2/restorecommand.ts, but really all commands in this list https://github.com/microsoft/azure-pipelines-tasks/search?q=setAuthForSourcesInTempNuGetConfig
list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
Environment
-
Server - Azure Pipelines or TFS on-premises?
-
If using TFS on-premises, provide the version: N/A
-
If using Azure Pipelines, provide the account name, team project name, build definition name/build number: N/A
-
-
Agent - Hosted or Private:
-
If using Hosted agent, provide agent queue name: N/A
-
If using private agent, provide the OS of the machine running the agent and the agent version: N/A
-
Issue Description
[Include task name(s), screenshots and any other relevant details]
NuGet recently release a supply chain feature called PackageSourceMapping. That feature uses the package source keys from a NuGet.Config.
See details here: https://devblogs.microsoft.com/nuget/introducing-package-source-mapping/ and https://docs.microsoft.com/en-us/nuget/consume-packages/package-source-mapping.
Azure DevOps has many tasks that rewrite the config and add a feed-
prefix, but unfortunately this breaks all source mapping configurations.
See https://github.com/NuGet/Home/issues/11406
Please stop relying on rewriting the nuget.config for these operations.
Task logs
https://github.com/microsoft/azure-pipelines-tasks/search?q=setAuthForSourcesInTempNuGetConfig
[Enable debug logging and please provide the zip file containing all the logs for a speedy resolution]
Troubleshooting
Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting
Error logs
[Insert error from the logs here for a quick overview]
About this issue
- Original URL
- State: open
- Created 3 years ago
- Reactions: 12
- Comments: 22 (12 by maintainers)
Links to this issue
- nuget - .NET 6 does not support .NET Standard 2.1? - Stack Overflow
- c# - Azure Pipelines Nuget Restore Failing MSB4226 - Stack Overflow
- Paketquellenzuordnung | Microsoft Learn
- Mappage de source du package | Microsoft Learn
- Mapeamento de origens de pacotes | Microsoft Learn
- Package Source Mapping | Microsoft Learn
- パッケージ ソース マッピング | Microsoft Learn
- Mapování zdroje balíčků | Microsoft Learn
- Paketquellenzuordnung | Microsoft Learn
- Mappage de la source de package | Microsoft Learn
- Mapping origine pacchetto | Microsoft Learn
- Сопоставление источников пакетов | Microsoft Learn
- Mapeamento de origem do pacote | Microsoft Learn
Hello,
I just want to sum up the suggestion by @nkolev92 for reference:
Replace the normal dotnet restore task
with a separate Nuget authenticate and a Powershell
dotnet restore
task:Would be nice if anyone fixes this issue as it is annoying and time consuming to fix it. I spent three days searching for a solution until I found this issue and noticed a little note at the end of the documentation for Source Mapping that it is not recommended to use the task which is supposed to do the job (
DotNetCoreCLI@2
withrestore
command) but it’s not able to do it properly…Just to be clear - Are we saying people should, in general, not ever use DotNetCoreCLIV2 task anymore and replace it by cmd/bash/pwsh calls? (and maybe NuGetV0/NuGetCommandV2? others?)
Our team is still discussing internally how we’ll handle this. We are trying to discontinue any work on the heavyweight tasks and encourage adoption of the authenticate tasks
FWIW, I think it was actually @magleaso’s suggestion: https://github.com/microsoft/azure-pipelines-tasks/issues/15542#issuecomment-982018356
Thank you!
Please let us know if there’s anything we can do to help from NuGet side.
fyi @aortiz-msft @jondouglas