I'm facing an issue with an Azure DevOps pipeline that's supposed to push a NuGet package to GitHub Packages. The pipeline has two main tasks: NuGetAuthenticate and NuGetCommand. The NuGetAuthenticate task seems to succeed, but the NuGetCommand task fails with a 401 Unauthorized error:
##[error]The nuget command failed with exit code(1) and error(Response status code does not indicate success: 401 (Unauthorized).
I've confirmed that the Personal Access Token (PAT) used is correct and has the necessary scopes as I am able to manually do a dotnet nuget push from PowerShell to push packages to GH.
Here's a snippet of the relevant part of the pipeline:
- ${{ if parameters.gitHubNuGetExternalFeed }}:
- task: NuGetAuthenticate@0
displayName: 'NuGet Authenticate'
inputs:
nuGetServiceConnections: '${{ parameters.gitHubNuGetExternalFeed }}'
enabled: true
continueOnError: true
- task: NuGetCommand@2
displayName: Publish to GitHub Packages Nuget Feed
inputs:
command: 'push'
nuGetFeedType: 'external'
publishFeedCredentials: '${{ parameters.gitHubNuGetExternalFeed }}'
packagesToPush: '$(Common.TestResultsDirectory)/NuGet/*.*nupkg'
versioningScheme: 'byEnvVar'
versionEnvVar: $(GitVersion.SemVer)
includeSymbols: true
buildProperties: 'description=test'
condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'))
enabled: true
continueOnError: true
I'm not sure why the NuGetCommand is failing with a 401 error, given that the PAT has been confirmed to work and the NuGetAuthenticate task succeeds. Any insights or suggestions on how to troubleshoot this issue would be greatly appreciated.
I initially set up a service connection to a NuGet feed using the ApiKey method. My feed URL was https://nuget.pkg.github.com/myorganization/index.json, and for the ApiKey, I used a full access PAT created in my organization, of which I am the owner. This same PAT was previously used in PowerShell automation for manually downloading and pushing NuGet packages from Azure Artifacts to GitHub packages, and it authenticated and worked fine in that context.
Originally, my pipeline only had the** NuGetCommand** task, which was throwing the 401 errors with my service connection. To address this, I added a NuGetAuthenticate step. However, this resulted in an error stating:
##[error]Error: The service connection for 'https://nuget.pkg.github.com/myorganization/index.json' is not valid. ApiKey service connections are not supported in this task. Instead, use -ApiKey (NuGet) or --api-key (dotnet) when invoking the tool itself. See the task documentation for more details.
Consequently, I changed the service connection to Basic Authentication, using my personal username and the PAT token. This change allowed the NuGetAuthenticate step to succeed, but the 401 error in the NuGetCommand step persisted.
I was expecting that by correctly configuring the service connection and ensuring the PAT had the required scopes, the pipeline would authenticate and push the package without any issues. However, the persistent 401 error in the NuGetCommand step is puzzling, especially given that the NuGetAuthenticate step now succeeds. Any insights into what might be causing this issue or further steps I could take to resolve it would be greatly appreciated.
I can reproduce the same 401 error when using
NuGetCommand@2task to push the NuGet package (.NET Core 7) to GitHub Packages Registry.After switching to using
DotNetCoreCLI@2task to push the package, it can work fine.The reason:
NuGetCommand@2task normally works with.NET Frameworkapps..NET Coreand.NET Standardapps, should use theDotNetCoreCLI@2task.EDIT:
When setting up the NuGet service connection using basic authentication:
At first, ensure again you have provided the correct GitHub PAT and feed URL (
https://nuget.pkg.github.com/{GitHub Org name}/index.json).For the value of
Usernamefield, try to set it same as the{GitHub Org name}.