尝试构建 Dockerfile 时 Azure Artifacts 提供未经授权

Question

我正在使用 Azure DevOps Pipelines 从我的 github 存储库创建 Docker 映像。但是访问我在 Azure Artifacts 中托管的 nuget 包时遇到问题。它返回未经授权的 (401)。由于 Azure Pipelines 似乎相对较新，因此似乎没有太多帮助，而且不是专门针对 Artifacts 的帮助对我没有用。

azure-pipelines.yml

pool:
  vmImage: 'Ubuntu 16.04'

variables:
  imageName: 'dockerRepoName:$(build.buildId)'

steps:
- script: docker build -f dockerRepoName -t $(imageName) .
  displayName: 'docker build'

Dockerfile

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY MyWebsite.Website/MyWebsite.Website.csproj MyWebsite.Website/
COPY NuGet.config ./
RUN dotnet restore MyWebsite.Website/MyWebsite.Website.csproj
COPY . .
WORKDIR /src/MyWebsite.Website
RUN dotnet build MyWebsite.Website.csproj -c Release -o /app

FROM build AS publish
RUN dotnet publish MyWebsite.Website.csproj -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyWebsite.Website.dll"]

Nuget.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <config>
    <add key="http_proxy" value="https://pkgs.dev.azure.com/companyName/_packaging/MyWebsite.Api/nuget/v3/index.json" />
    <add key="http_proxy.user" value="notSureWhatUserGoesHere_TriedABunchOfDifferentOnes" />
    <add key="http_proxy.password" value="PersonalAccessTOkenFromAzureDevops" />
  </config>
  <solution>
    <add key="disableSourceControlIntegration" value="true" />
  </solution>
  <packageSources>
    <add key="MyWebsite" value="https://pkgs.dev.azure.com/companyName/_packaging/MyWebsite.Api/nuget/v3/index.json" />
  </packageSources>
</configuration>

取出实际的用户名和密码，所以这显然不是我用于这些的。 url 也更新为“companyName”，因为它是一个私人仓库，所以 url 将不起作用。

构建错误

2018-11-21T19:21:00.0200396Z   Restoring packages for /src/MyWebsite.Website/MyWebsite.Website.csproj...
2018-11-21T19:21:00.6762563Z /usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error : Unable to load the service index for source https://pkgs.dev.azure.com/companyName/_packaging/MyWebsite.Api/nuget/v3/index.json. [/src/MyWebsite.Website/MyWebsite.Website.csproj]
2018-11-21T19:21:00.6763038Z /usr/share/dotnet/sdk/2.1.500/NuGet.targets(114,5): error :   Response status code does not indicate success: 401 (Unauthorized). [/src/MyWebsite.Website/MyWebsite.Website.csproj]
2018-11-21T19:21:01.0956272Z The command '/bin/sh -c dotnet restore MyWebsite.Website/MyWebsite.Website.csproj' returned a non-zero code: 1
2018-11-21T19:21:01.1105851Z ##[error]Bash exited with code '1'.
2018-11-21T19:21:01.1192131Z ##[section]Finishing: docker build

Answer 1

1. 创建个人访问令牌 (PAT)
   • 授予对范围的包部分的读取权限
2. 修改dockerfile
3. 将PAT 构建参数指定为docker build --build-arg PAT="{access token}"

示例 Docker 文件

FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80

FROM microsoft/dotnet:2.1-sdk AS build
# The Personal Access token required to access the artifacts
ARG PAT

# Install the Credential Provider to configure the access
RUN wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash

# Configure the environment variables
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"{package source}/index.json\", \"password\":\"${PAT}\"}]}"

WORKDIR /src


COPY ["src/Sample/Sample.csproj", "src/Sample/"]

RUN dotnet restore -s "{package source}/index.json" "src/Sample/Sample.csproj" 
COPY . .
WORKDIR "/src/src/Sample"
RUN dotnet build "Sample.csproj" -c Release -o /app

FROM build AS publish
RUN dotnet publish "Sample.csproj" -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Sample.dll"]