azure-pipelines-tasks: Stop using the setAuthForSourcesInTempNuGetConfig in all package downloading scenarios, such as nuget install, restore, because it completely breaks PackageSourceMapping

Note

Issues in this repo are for tracking bugs, feature requests and questions for the tasks in this repo

For a list:
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

If you have an issue or request for the Azure Pipelines service, use developer community instead:

https://developercommunity.visualstudio.com/spaces/21/index.html )

Required Information

Entering this information will route you directly to the right team and expedite traction.

Question, Bug, or Feature?
Type: Bug

Enter Task Name: Tasks/DotNetCoreCLIV2/restorecommand.ts, but really all commands in this list https://github.com/microsoft/azure-pipelines-tasks/search?q=setAuthForSourcesInTempNuGetConfig

list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

Environment

  • Server - Azure Pipelines or TFS on-premises?

    • If using TFS on-premises, provide the version: N/A

    • If using Azure Pipelines, provide the account name, team project name, build definition name/build number: N/A

  • Agent - Hosted or Private:

    • If using Hosted agent, provide agent queue name: N/A

    • If using private agent, provide the OS of the machine running the agent and the agent version: N/A

Issue Description

[Include task name(s), screenshots and any other relevant details]

NuGet recently release a supply chain feature called PackageSourceMapping. That feature uses the package source keys from a NuGet.Config.

See details here: https://devblogs.microsoft.com/nuget/introducing-package-source-mapping/ and https://docs.microsoft.com/en-us/nuget/consume-packages/package-source-mapping.

https://docs.microsoft.com/en-us/nuget/consume-packages/package-source-mapping#enabling-package-source-mapping

Azure DevOps has many tasks that rewrite the config and add a feed- prefix, but unfortunately this breaks all source mapping configurations.

See https://github.com/NuGet/Home/issues/11406

Please stop relying on rewriting the nuget.config for these operations.

Task logs

https://github.com/microsoft/azure-pipelines-tasks/search?q=setAuthForSourcesInTempNuGetConfig

[Enable debug logging and please provide the zip file containing all the logs for a speedy resolution]

Troubleshooting

Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting

Error logs

[Insert error from the logs here for a quick overview]

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Reactions: 12
  • Comments: 22 (12 by maintainers)

Most upvoted comments

Hello,

I just want to sum up the suggestion by @nkolev92 for reference:

Replace the normal dotnet restore task

- task: DotNetCoreCLI@2
  displayName: dotnet restore
  inputs:
    command: 'restore'
    restoreArguments: '--nologo'
    feedsToUse: 'config'
    nugetConfigPath: 'Nuget.config'
    verbosityRestore: 'Normal'

with a separate Nuget authenticate and a Powershell dotnet restore task:

- task: NuGetAuthenticate@1
  displayName: 'Authenticate with NuGet'

- task: PowerShell@2
  displayName: 'dotnet restore'
  inputs:
    targetType: 'inline'
    script: 'dotnet restore --nologo'
+7
Peter-B- on May 18, 2022

Would be nice if anyone fixes this issue as it is annoying and time consuming to fix it. I spent three days searching for a solution until I found this issue and noticed a little note at the end of the documentation for Source Mapping that it is not recommended to use the task which is supposed to do the job (DotNetCoreCLI@2 with restore command) but it’s not able to do it properly…

+5
jbrezina on Jul 4, 2023

Just to be clear - Are we saying people should, in general, not ever use DotNetCoreCLIV2 task anymore and replace it by cmd/bash/pwsh calls? (and maybe NuGetV0/NuGetCommandV2? others?)

+2
ransagy on May 9, 2022

Our team is still discussing internally how we’ll handle this. We are trying to discontinue any work on the heavyweight tasks and encourage adoption of the authenticate tasks

+2
magleaso on Nov 29, 2021

FWIW, I think it was actually @magleaso’s suggestion: https://github.com/microsoft/azure-pipelines-tasks/issues/15542#issuecomment-982018356

+1
zivkan on May 18, 2022

Thank you!

Please let us know if there’s anything we can do to help from NuGet side.

fyi @aortiz-msft @jondouglas

+1
nkolev92 on Nov 29, 2021
Read more comments on GitHub
← azure-pipelines-tasks: SqlDacpacDeploymentOnMachineGroupV0 - environment variable size failure
azure-pipelines-tasks: Stopped working suddenly →