TechQA.

Publish a nuget in Github Packages using an Application Installation Token

205 views Asked by At

I am trying to publish a Nuget package for an organization in Github using dotnet publish.

We are planning publish packages from a Github actions from a repository in one organisation to the packages feed that's hosted in another organisation. As such we can't rely on the GITHUB_TOKEN that's assigned to the workflow.

It works fine when I use a personal access token with permissions to write artifacts in that organization. We don't really want to use a personal token tied to a user.

We thought using a Github App could be a good option. I was able to get an access token from the Github App installation, which was configured with permissions to read/write artifacts.

That token works fine for making calls to the packages API, I can retrieve or do write operations with existing packages.

However, it does not work when it is used with dotnet publish (as --api-key parameter). It can not be a problem with permissions as the calls to the package API are working fine.

Does anyone know if that scenario is supported ?

nuget github-actions dotnet-publish github-packages
Original Q&A
1

There are 1 answers

8
jessehouwing On

GitHub App Token

If you are using a GitHub App with the right permissions to write to the feed, you'll need to fetch an app token in your workflow and use that instead of the GITHUB_TOKEN secret.

steps:
 - id: create_token
   uses: tibdex/github-app-token@v2
   with:
     app_id: ${{ secrets.APP_ID }}
     private_key: ${{ secrets.PRIVATE_KEY }}


 - run: "echo 'The created token is masked: ${{ steps.create_token.outputs.token }}'"

Note: Check the docs for the action to further limit the permissions and repositories the token is minted for.

You can then use that token to authenticate against GitHub packages similar to now you'd do it in a normal workflow.

- pwsh: |
    dotnet nuget add source --username USERNAME --password $env:TOKEN --store-password-in-clear-text --name github "https://nuget.pkg.github.com/NAMESPACE/index.json"
  env:
    TOKEN: ${{ steps.create_token.outputs.token }}

The following applies if you are publishing within the same organisation.

GitHub Actions can be granted the packages: write permission with that it can publish new packages with the GITHUB_TOKEN variable.

For existing packages you can go to the details page of the package, package settings and then grant GitHub actions access to that package.

enter image description here

Be sure to authenticate to the feed as described in the docs.

Use the following command to authenticate to GitHub Packages in a GitHub Actions workflow using the GITHUB_TOKEN instead of hardcoding a personal access token in a nuget.config file in the repository:

dotnet nuget add source --username USERNAME --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/NAMESPACE/index.json"

Replace NAMESPACE with the name of the personal account or organization to which your packages are scoped.

The actual username doesn't matter.

Related Questions in NUGET

Related Questions in GITHUB-ACTIONS

Related Questions in DOTNET-PUBLISH

Related Questions in GITHUB-PACKAGES

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions