Authorize and Restore Azure Artifacts NuGet packages within GitHub Actions workflow
In my recent engagement, I came across a requirement to consume NuGet packages from private Azure Artifacts feed in GitHub Actions.
I was working with was an ASPNET Core dotnet application and writing a GitHub Actions workflow to deploy the application in Azure Cloud (App Service).
Challenge: How to include registry feed authorization information in GitHub Actions workflow to dynamically authorize private Azure Artifacts package feeds on workflow execution.
Project Setup: The key elements in the project structure were:
- Nuget.Config file — present in the root of the application besides project (*.csproj) file. Include public feed source URL
2. .npmrc file — present in the root of the application. User’s dummy .npmrc file in project root folder — Included authorization information of Azure Artifacts package feed. The information can be found by going to Azure Artifacts Package feed -> Connect to Feed -> Other
Generate a Personal Access Token in Azure DevOps with Read access to the package feed. Convert the PAT into Base64 and insert in the .npmrc file. Instructions can be found at — Set up your client’s npmrc — Azure Artifacts | Microsoft Docs
3. .npmrc file — present in the ClientApp directory besides package.json file. Project specific .npmrc file containing registry information
Project folder structure-
GitHub Actions workflow:
- First, we have to create a secret either at the repository or GitHub organization with an Azure DevOps PAT that has access to the Artifact feed. I called my secret: Azure_DevOps_PAT
2. Add secret for the Azure App Service publish profile used while deploying the application: AZURE_WEBAPP_PUBLISH_PROFILE.
3. Insert a script action to add nuget URL source
Example:
dotnet nuget add source “https://pkgs.dev.azure.com/<OrganizationName>/_packaging/<RegistryName>/nuget/v3/index.json" -n privatenpmregistrypackagesource -u <userName> -p ${{ secrets.AZURE_DEVOPS_PAT }} — store-password-in-clear-text
Syntax can be found at — https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-add-source
4. Repeat step 3 if you want to consume feeds from multiple packages
5. You can view the list of all nuget sources with “dotnet nuget list source” command.
6. Insert a script action and copy the dummy user’s .npmrc file to the GitHub runner’s home directory. This step is critical as it will add authorization information which runner will use while connecting to the package feed in restore step
7. Insert script action for npm install inside the ClientApp directory
8. Install dependencies and build the project
9. Hurray!!! The workflow is able to connect, authorize and consume packages from private Azure Artifacts feed.
