尝试构建Dockerfile时,Azure Artifacts提供了未授权的权限 [英] Azure Artifacts gives unauthorized when trying to build Dockerfile
问题描述
我正在使用Azure DevOps Pipelines从我的github存储库创建Docker映像.但是,访问我在Azure Artifacts中托管的nuget程序包时出现问题.它返回未授权(401).由于Azure Pipelines似乎是相对较新的,因此似乎并没有太多帮助,并且那里没有专门针对Artifacts的帮助对我没有用.
I am using Azure DevOps Pipelines to create a Docker image from my github repo. It is having issue however accessing the nuget package that I have hosted in Azure Artifacts. It returns unauthorized (401). As Azure Pipelines seems to be relativly new, there does not seem to be much help, and the help that is out there that is not specifically for Artifacts has not worked for me.
azure-pipelines.yml
pool:
vmImage: 'Ubuntu 16.04'
variables:
imageName: 'dockerRepoName:$(build.buildId)'
steps:
- script: docker build -f dockerRepoName -t $(imageName) .
displayName: 'docker build'
Dockerfile
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY MyWebsite.Website/MyWebsite.Website.csproj MyWebsite.Website/
COPY NuGet.config ./
RUN dotnet restore MyWebsite.Website/MyWebsite.Website.csproj
COPY . .
WORKDIR /src/MyWebsite.Website
RUN dotnet build MyWebsite.Website.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish MyWebsite.Website.csproj -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyWebsite.Website.dll"]
Nuget.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<config>
<add key="http_proxy" value="https://pkgs.dev.azure.com/companyName/_packaging/MyWebsite.Api/nuget/v3/index.json" />
<add key="http_proxy.user" value="notSureWhatUserGoesHere_TriedABunchOfDifferentOnes" />
<add key="http_proxy.password" value="PersonalAccessTOkenFromAzureDevops" />
</config>
<solution>
<add key="disableSourceControlIntegration" value="true" />
</solution>
<packageSources>
<add key="MyWebsite" value="https://pkgs.dev.azure.com/companyName/_packaging/MyWebsite.Api/nuget/v3/index.json" />
</packageSources>
</configuration>
找出实际的用户名和密码,因此显然不是我所使用的用户名和密码.由于这是一个私人存储库,因此这些URL也被更新为"companyName",因此该URL将不起作用.
Took out the actual user and passwords, so that obviously was not what I used for those. The urls are also updated to "companyName" since it a private repo so the url will not work.
构建错误
2018-11-21T19:21:00.0200396Z Restoring packages for /src/MyWebsite.Website/MyWebsite.Website.csproj...
2018-11-21T19:21:00.6762563Z /usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : Unable to load the service index for source https://pkgs.dev.azure.com/companyName/_packaging/MyWebsite.Api/nuget/v3/index.json. [/src/MyWebsite.Website/MyWebsite.Website.csproj]
2018-11-21T19:21:00.6763038Z /usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : Response status code does not indicate success: 401 (Unauthorized). [/src/MyWebsite.Website/MyWebsite.Website.csproj]
2018-11-21T19:21:01.0956272Z The command '/bin/sh -c dotnet restore MyWebsite.Website/MyWebsite.Website.csproj' returned a non-zero code: 1
2018-11-21T19:21:01.1105851Z ##[error]Bash exited with code '1'.
2018-11-21T19:21:01.1192131Z ##[section]Finishing: docker build
推荐答案
- 创建个人访问令牌(PAT)
- 授予对范围的包"部分的读取权限
- Create a Personal Access Token (PAT)
- Grant Read access to the Package section of the Scopes
示例Docker文件
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/dotnet:2.1-sdk AS build
# The Personal Access token required to access the artifacts
ARG PAT
# Install the Credential Provider to configure the access
RUN wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
# Configure the environment variables
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"{package source}/index.json\", \"password\":\"${PAT}\"}]}"
WORKDIR /src
COPY ["src/Sample/Sample.csproj", "src/Sample/"]
RUN dotnet restore -s "{package source}/index.json" "src/Sample/Sample.csproj"
COPY . .
WORKDIR "/src/src/Sample"
RUN dotnet build "Sample.csproj" -c Release -o /app
FROM build AS publish
RUN dotnet publish "Sample.csproj" -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Sample.dll"]
这篇关于尝试构建Dockerfile时,Azure Artifacts提供了未授权的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!