Azure Pipelines Can't Work With Github Packages

Question

Pretty simple to reproduce:

          - task: NuGetCommand@2
            displayName: NuGet push
            inputs:
              command: 'push'
              packagesToPush: '$(Pipeline.Workspace)/**/*.nupkg'
              nuGetFeedType: 'external'
              externalFeedCredentials: 'github-packages'
              publishFeedCredentials: 'github-packages'
              allowPackageConflicts: true

github-packages is a NuGet Service Connection in the project using a PAT that has full access to my GitHub organization.

I see the following output in the logs

2020-08-08T23:48:41.3089867Z [command]"C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/MSBuild/Current/Bin/msbuild.exe" /version /nologo
2020-08-08T23:48:42.7276911Z Caching tool: NuGet 5.4.0 x64
2020-08-08T23:48:42.7397600Z Found tool in cache: NuGet 5.4.0 x64
2020-08-08T23:48:42.7452624Z Resolved from tool cache: 5.4.0
2020-08-08T23:48:42.7453195Z Using version: 5.4.0
2020-08-08T23:48:42.7465530Z Found tool in cache: NuGet 5.4.0 x64
2020-08-08T23:48:42.8246178Z SYSTEMVSSCONNECTION exists true
2020-08-08T23:48:43.1624000Z SYSTEMVSSCONNECTION exists true
2020-08-08T23:48:43.8522322Z [command]C:\windows\system32\chcp.com 65001
2020-08-08T23:48:43.8632712Z Active code page: 65001
2020-08-08T23:48:44.2527739Z SYSTEMVSSCONNECTION exists true
2020-08-08T23:48:44.2733846Z Detected NuGet version 5.4.0.6315 / 5.4.0+d790b66be476cd901a56bd46ada037162097ee21.d790b66be476cd901a56bd46ada037162097ee21
2020-08-08T23:48:44.2752584Z 1b529ea0-989d-42e8-af13-8ba56ff0e7d8 exists true
2020-08-08T23:48:44.2836605Z [command]C:\hostedtoolcache\windows\NuGet\5.4.0\x64\nuget.exe sources Add -NonInteractive -Name httpsnugetpkggithubcomourorgindexjson -Source https://nuget.pkg.github.com/ourorg/index.json -ConfigFile d:\a\1\Nuget\tempNuGet_3286.config
2020-08-08T23:48:45.7706128Z Package source with Name: httpsnugetpkggithubcomourorgindexjson added successfully.
2020-08-08T23:48:45.7804645Z Using authentication information for the following URI: https://nuget.pkg.github.com/ourorg/index.json
2020-08-08T23:48:45.8355905Z [command]C:\hostedtoolcache\windows\NuGet\5.4.0\x64\nuget.exe setapikey *** -NonInteractive -Source httpsnugetpkggithubcomourorgindexjson -ConfigFile d:\a\1\Nuget\tempNuGet_3286.config
2020-08-08T23:48:46.4520785Z The API Key '***' was saved for 'https://nuget.pkg.github.com/ourorg/index.json'.
2020-08-08T23:48:46.4686061Z [command]C:\hostedtoolcache\windows\NuGet\5.4.0\x64\nuget.exe push d:\a\1\Build\M365Management.Console.0.2.83.nupkg -NonInteractive -Source https://nuget.pkg.github.com/ourorg/index.json -ApiKey *** -ConfigFile d:\a\1\Nuget\tempNuGet_3286.config -Verbosity Detailed
2020-08-08T23:48:49.1593595Z Unable to load the service index for source https://nuget.pkg.github.com/ourorg/index.json.
2020-08-08T23:48:49.1594103Z NuGet Version: 5.4.0.6315
2020-08-08T23:48:49.1594906Z   Response status code does not indicate success: 401 (Unauthorized).
2020-08-08T23:48:49.1595523Z Using d:\a\_tasks\NuGetCommand_333b11bd-d341-40d9-afcf-b32d5ce6f23b\2.172.0\CredentialProviderV2\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe as a credential provider plugin.
2020-08-08T23:48:49.1596753Z NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source https://nuget.pkg.github.com/ourorg/index.json. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).

the problem seems to be in this line here:

...nuget.exe sources Add -NonInteractive -Name httpsnugetpkggithubcomourorgindexjson -Source https://nuget.pkg.github.com/ourorg/index.json -ConfigFile d:\a\1\Nuget\tempNuGet_3286.config

it adds the external feed as a source, but doesn't use the Service Connection api key when adding it. It only uses the api key in the push command...and so it fails when trying to query the source at https://nuget.pkg.github.com/ourorg/index.json

I'm guessing this is just another broken piece of functionality in Azure DevOps but would appreciate some confirmation.

Thanks.

score 0 · Answer 1 · answered Aug 10 '20 at 08:00

0

You might need to use the Basic Authentication as the Authentication method of your Nuget service connection. User your PAT in the Password field. See below screeen:

Go to Project settings-->Service Connections under Pipelines-->Edit your Nuget service connection-->Choose Basic Authentication as Authentication method-->Enter your UserName-->Enter your PAT in the Password field.

answered Aug 10 '20 at 08:00

Levi Lu-MSFT

27,483
2
31
43

When I do that, it mixes up the username and password and sets the password to be "password-thepassword" (leaving the password in plain text in the logs and ****s out the username)....seems like this whole functionality just doesn't work – Jeff Aug 10 '20 at 23:44
That is weird. Any new error message? It worked perfectly in my test pipeline. I checked the "password-thepassword" in the task log, thepassword is not the PAT I entered in the service connection field. I also tried set thepassword as the password for the service connection, and i got 401 unauthorized error – Levi Lu-MSFT Aug 11 '20 at 02:04
i have the same issue. Using "Basic Authentication" with GitHub username and PAT as password. If i visit the feed url with a browser i can login just fine – nor0x Nov 24 '20 at 09:57
This solution did not work. Not sure what else could fix this annoying problem. – Arash Jan 21 '21 at 18:00
@LeviLu-MSFT could you please have this issue investigated and addressed? It's a blocker for our progress. – Arash Jan 21 '21 at 18:07
@Arash Please report this issue to Microsoft Development team [Here](https://developercommunity.visualstudio.com/content/problem/post.html?space=21). Meanwhile could you try using [azure artifact feeds](https://learn.microsoft.com/en-us/azure/devops/artifacts/concepts/feeds?view=azure-devops) as workaround? – Levi Lu-MSFT Jan 22 '21 at 01:55

score 0 · Answer 2 · answered Jul 12 '21 at 08:37

In your nuspec file, do you have the repository element?

<repository type="git" url="https://github.com/yourorganization/YourRepo" />

And when you do the push, use the ApiKey instead: The ApiKey should be a PAT with the access rights to write packages

Azure Pipelines Can't Work With Github Packages

2 Answers2