Azure Devops nuget工件提要和Docker [英] Azure Devops nuget artifact feed and docker
问题描述
是否有一种很好的方法来创建对Devops的身份验证机制,以便能够访问工件NuGet提要?我想为我的团队创建一个基础映像,使他们可以从可以访问我们的devops nuget提要的Azure容器注册表中提取一个图像.理想情况下,人们不必在每个从其主机构建系统中获取PAT的项目中都拥有相同的dockerfile库存代码.这也使我们可以更好地CICD.
我当前的解决方案
FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build-envWORKDIR/appARG IT_PATENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS"{\" endpointCredentials \":[{\"endpoint \":\" https://pkgs.dev.azure.com/MNPIT/_packaging/MNP/nuget/v3/index.json \,\"用户名\:\" build \,\"密码\:\" $ {IT_PAT} \}}}"运行mkdir -p $ HOME/.nuget/pluginsWORKDIR/deps#下载并安装NuGet凭证插件,以便我们可以登录到私有的NuGet提要运行curl https://github.com/microsoft/artifacts-credprovider/releases/download/v0.1.24/Microsoft.NetCore2.NuGet.CredentialProvider.tar.gz -L -o creds.tar.gz -s运行tar -xzf creds.tar.gz运行cp -r plugins/netcore/〜/.nuget/plugins - 每个构建文件中的股票代码
- 每个用户都使用PAT配置其环境变量
- 在每个版本上通过PAT
- 不适用于自动构建系统
我想为我的团队创建一个基础映像,使他们可以从可以访问devops nuget提要的Azure容器注册表中提取一个映像.
您可以在映像中包含凭据以实现此目的,但是出于安全考虑,最好添加一些额外的步骤或代码以从映像外部传递凭据.
根据您当前的解决方案,您可以使用 另一个解决方法是在构建上下文中包含nuget.config.但是您需要首先包含一个没有凭据的nuget.config文件,然后添加一个额外的 将nuget.config复制到docker文件中,还原完成后,不要忘记删除nuget.config文件: 如果您正在使用基于Yaml的管道.您还可以签出容器职位.然后,您可以通过设置容器端点.然后,您可以直接在管道中使用还原任务.参见下面的示例,nuget restore任务将在您的私有容器中运行,并且可以通过为nuget feed指定属性 在管道中指定容器时,代理将首先获取并启动该容器.然后,作业的每个步骤都将在容器内运行. 有关更多信息,您可以查看此线程./p> Is there a good way to create an authentication mechanism to Devops to be able to access the artifact NuGet feed? I would like to create a base image for my team that would allow them to just pull an image from our Azure Container Registry that has access to our devops nuget feed. Ideally people wouldn't have to have the same stock dockerfile code in every single project that grabs a PAT from their host build system. This would also allow us to CICD this a little more nicely. My current solution
I would like to create a base image for my team that would allow them to just pull an image from our Azure Container Registry that has access to our devops nuget feed. You can include the credentials inside your image to achieve this, But for security concern, you've better add some extra steps or codes to pass the credentials from outside the image. Based on your current solution, you can use the system predefined variable Besides using the NuGet credential plugin, You can also use the dotnet cli to add credentials to the nuget source. And then pass the Another workaround is to include the nuget.config in the build context. But you need to include a nuget.config file without the credentials first, and then add an extra nuget task to add the credentials to the config file. Then copy the nuget.config in your docker file . See below: Add a nuget task to run below custom command to add the credentials to the nuget.config file. Copy the nuget.config in the docker file, Donot forget to delete the nuget.config file when the restore is complete: If you are using Yaml based pipeline. You can also check out container jobs. Then you use your private container by setting up the container endpoints. And then you can directly use the restore tasks in your pipeline. See below example, the nuget restore task will run in your private container, and it can access to your azure feeds directly by specifying attribute When you specify a container in your pipeline, the agent will first fetch and start the container. Then, each step of the job will run inside the container.
For more information you can check out this thread. 这篇关于Azure Devops nuget工件提要和Docker的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
COPY * .csproj.复制./nuget.config.RUN dotnet还原运行rm nuget.config vstsFeed 来直接访问您的azure feed:
容器:图片:myprivate/registry:ubuntu1604端点:private_dockerhub_connection脚步:-任务:NuGetCommand @ 2输入:命令:恢复"feedsToUse:选择"vstsFeed:"my-azure-nuget-feed"restoreSolution:'**/*.sln' FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build-env
WORKDIR /app
ARG IT_PAT
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\": \"https://pkgs.dev.azure.com/MNPIT/_packaging/MNP/nuget/v3/index.json\",\"username\": \"build\",\"password\": \"${IT_PAT}\"}]}"
RUN mkdir -p $HOME/.nuget/plugins
WORKDIR /deps
# Downloads and installs the NuGet credential plugin so we can login to the private NuGet feed
RUN curl https://github.com/microsoft/artifacts-credprovider/releases/download/v0.1.24/Microsoft.NetCore2.NuGet.CredentialProvider.tar.gz -L -o creds.tar.gz -s
RUN tar -xzf creds.tar.gz
RUN cp -r plugins/netcore/ ~/.nuget/plugins
$(System.AccessToken) to get the security token in the azure devops CICD pipeline. Then in the docker build task, you pass the access token to the ARG IT_PAT as arguement,--build-arg IT_PAT=$(System.AccessToken)$(System.AccessToken) in the build arguements. See below:ARG PAT
COPY . .
RUN dotnet nuget add source "your-source-url" --name "source-name" --username "useless" --password "$PAT" --store-password-in-clear-text
RUN dotnet restore
sources Add -Name "MyPackages" -Source "https://my.pkgs.visualstudio.com/_packaging/MyPackages/nuget/v3/index.json" -username any -password $(System.AccessToken) -ConfigFile Source/Nuget.config -StorePasswordInClearText
COPY *.csproj .
COPY ./nuget.config .
RUN dotnet restore
RUN rm nuget.config
vstsFeed to your nuget feed:
container:
image: myprivate/registry:ubuntu1604
endpoint: private_dockerhub_connection
steps:
- task: NuGetCommand@2
inputs:
command: 'restore'
feedsToUse: 'select'
vstsFeed: 'my-azure-nuget-feed'
restoreSolution: '**/*.sln'
