Azure DevOps Pipeline Failing with 401 Unauthorized Error When Pushing NuGet Package to GitHub

1.1k views Asked by At

I'm facing an issue with an Azure DevOps pipeline that's supposed to push a NuGet package to GitHub Packages. The pipeline has two main tasks: NuGetAuthenticate and NuGetCommand. The NuGetAuthenticate task seems to succeed, but the NuGetCommand task fails with a 401 Unauthorized error:

##[error]The nuget command failed with exit code(1) and error(Response status code does not indicate success: 401 (Unauthorized).

I've confirmed that the Personal Access Token (PAT) used is correct and has the necessary scopes as I am able to manually do a dotnet nuget push from PowerShell to push packages to GH.

Here's a snippet of the relevant part of the pipeline:

- ${{ if parameters.gitHubNuGetExternalFeed }}: 
  - task: NuGetAuthenticate@0
    displayName: 'NuGet Authenticate'
    inputs:
      nuGetServiceConnections: '${{ parameters.gitHubNuGetExternalFeed }}'
    enabled: true
    continueOnError: true

  - task: NuGetCommand@2
    displayName: Publish to GitHub Packages Nuget Feed
    inputs:
      command: 'push'
      nuGetFeedType: 'external'
      publishFeedCredentials: '${{ parameters.gitHubNuGetExternalFeed }}'
      packagesToPush: '$(Common.TestResultsDirectory)/NuGet/*.*nupkg'
      versioningScheme: 'byEnvVar'
      versionEnvVar: $(GitVersion.SemVer)
      includeSymbols: true
      buildProperties: 'description=test'
    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
    enabled: true
    continueOnError: true

I'm not sure why the NuGetCommand is failing with a 401 error, given that the PAT has been confirmed to work and the NuGetAuthenticate task succeeds. Any insights or suggestions on how to troubleshoot this issue would be greatly appreciated.

I initially set up a service connection to a NuGet feed using the ApiKey method. My feed URL was https://nuget.pkg.github.com/myorganization/index.json, and for the ApiKey, I used a full access PAT created in my organization, of which I am the owner. This same PAT was previously used in PowerShell automation for manually downloading and pushing NuGet packages from Azure Artifacts to GitHub packages, and it authenticated and worked fine in that context.

Originally, my pipeline only had the** NuGetCommand** task, which was throwing the 401 errors with my service connection. To address this, I added a NuGetAuthenticate step. However, this resulted in an error stating:

##[error]Error: The service connection for 'https://nuget.pkg.github.com/myorganization/index.json' is not valid. ApiKey service connections are not supported in this task. Instead, use -ApiKey (NuGet) or --api-key (dotnet) when invoking the tool itself. See the task documentation for more details.

Consequently, I changed the service connection to Basic Authentication, using my personal username and the PAT token. This change allowed the NuGetAuthenticate step to succeed, but the 401 error in the NuGetCommand step persisted.

I was expecting that by correctly configuring the service connection and ensuring the PAT had the required scopes, the pipeline would authenticate and push the package without any issues. However, the persistent 401 error in the NuGetCommand step is puzzling, especially given that the NuGetAuthenticate step now succeeds. Any insights into what might be causing this issue or further steps I could take to resolve it would be greatly appreciated.

1

There are 1 answers

2
Bright Ran-MSFT On

I can reproduce the same 401 error when using NuGetCommand@2 task to push the NuGet package (.NET Core 7) to GitHub Packages Registry.

After switching to using DotNetCoreCLI@2 task to push the package, it can work fine.


The reason:

  • The NuGetCommand@2 task normally works with .NET Framework apps.
  • For .NET Core and .NET Standard apps, should use the DotNetCoreCLI@2 task.

enter image description here


EDIT:

When setting up the NuGet service connection using basic authentication:

  1. At first, ensure again you have provided the correct GitHub PAT and feed URL (https://nuget.pkg.github.com/{GitHub Org name}/index.json).

  2. For the value of Username field, try to set it same as the {GitHub Org name}.

    enter image description here