I'm trying to configure my Github repository in order to automatically have a NuGet package built and pushed to both nuget.org and github.com. So what I want is that each time a commit is made on the master branch, or another branch is merged into the master, github publishes a new Nuget package of the head of the master to both Nuget and Github.
NuGet
On my nuget organization account, I generated an access token (username - API keys - Create)
On Github (select your organization - View organization - Settings tab - Secrets) I added a secret with the name PUBLISH_TO_NUGET_ORG and my nuget access token
Github
On my personal account, I generated an access token (Account - Settings - Developer settings - Personal access tokens - generate)
On Github I added a secret with the name PUBLISH_TO_GITHUB_COM and my github access token
These are the scopes for my Github access token:
Setup
In my github repository I've setup an action to restore, build, test, pack and publish:
name: .NET Core
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 3.1.301
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
# - name: Publish
# uses: brandedoutcast/publish-nuget#v2.5.2
# with:
# PROJECT_FILE_PATH: MintPlayer.SeasonChecker/MintPlayer.SeasonChecker.csproj
# NUGET_KEY: ${{secrets.PUBLISH_TO_NUGET_ORG}}
# INCLUDE_SYMBOLS: true
- name: Pack
run: dotnet pack --no-build --configuration Release MintPlayer.SeasonChecker/MintPlayer.SeasonChecker.csproj --output .
- name: PushNuget
run: dotnet nuget push *.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{secrets.PUBLISH_TO_NUGET_ORG}} --skip-duplicate
- name: AddGithubSource
run: dotnet nuget add source --username PieterjanDeClippel --password ${{secrets.PUBLISH_TO_GITHUB_COM}} --name github https://nuget.pkg.github.com/MintPlayer/index.json
- name: PushGithub
run: dotnet nuget push *.nupkg --source github --skip-duplicate
The push to nuget.org works fine, but the push to my GitHub feed fails with an Unauthorized error.
I've taken a look at some plugins like this one, and I want to embed this into my action in order not to build my project multiple times.
First take:
dotnet nuget push *.nupkg --source https://nuget.pkg.github.com/MintPlayer/index.json --api-key ${{secrets.PUBLISH_TO_GITHUB_COM}} --skip-duplicate
Result:
warn : Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
Second take with multiple commands:
dotnet nuget add source --username PieterjanDeClippel --password ${{secrets.PUBLISH_TO_GITHUB_COM}} --name github https://nuget.pkg.github.com/MintPlayer/index.json
dotnet nuget push *.nupkg --source github --skip-duplicate
This one fails with the following (obvious) message:
error: Password encryption is not supported on .NET Core for this platform. The following feed try to use an encrypted password: 'github'. You can use a clear text password as a workaround.
error: Encryption is not supported on non-Windows platforms.
Does anyone have any experience with automated publishing of Nuget packages to Github?
Link to action configuration file
Edit
I tried sending a POST request:
Url: https://api.github.com/user
Authorization: Basic Auth
Username:
Password: <my-api-key>
And I'm getting my user information, so my access token definitely works.
Edit
I also tried running the command on my computer, replacing the token with my own and that as well does work.
Turns out I was missing a nuget.config file in my Solution
https://github.community/t/github-actions-automatically-push-nuget-package/128242/4
nuget.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
</packageSources>
</configuration>
And my workflow file:
name: .NET Core
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Setup .NET Core
uses: actions/setup-dotnet#v1.5.0
with:
dotnet-version: 3.1.301
# Authenticates packages to push to GPR
source-url: https://nuget.pkg.github.com/${{ github.repository_owner }}/index.json
env:
NUGET_AUTH_TOKEN: '%NUGET_AUTH_TOKEN%'
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
- name: Pack
run: dotnet pack --no-build --configuration Release
- name: PushNuget
run: dotnet nuget push **/*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.PUBLISH_TO_NUGET_ORG }} --skip-duplicate
- name: PushGithub
# The github token is automatically being pulled from the workflow
run: dotnet nuget push **/*.nupkg --no-symbols --skip-duplicate
env:
NUGET_AUTH_TOKEN: ${{ github.token }}
Per the github actions docs
<packageSourceCredentials>
<github>
<add key="Username" value="USERNAME" />
<add key="ClearTextPassword" value="TOKEN" />
</github>
</packageSourceCredentials>
So I think you just need to set -StorePasswordInClearText in your nuget add source command as you are currently encrypting the token
References:
Github Actions - https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-dotnet-cli-for-use-with-github-packages#authenticating-to-github-packages
Nuget Config Docs - https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials
Related
I add a connection string to my app service (configuration > connection strings > + New connection string > Save), and this works. But when I redeploy through my CI/CD github workflow, the connection string is gone.
Before a new deployment:
After a new deployement:
My workflow file:
on: [push]
name: workflow
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2 # checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
- run: dotnet --version
- run: dotnet tool restore
- run: dotnet run --project tests/Server/Server.Tests.fsproj
build-and-deploy:
if: github.ref == 'refs/heads/deploy'
needs: test
runs-on: ubuntu-latest
steps:
- name: 'Checkout Github Action'
uses: actions/checkout#v2
- name: 'Login via Azure CLI'
uses: azure/login#v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Restore'
run: dotnet tool restore
- name: 'Deploy'
run: dotnet run azure
I have deployed the .NET Core App to Azure App service using GitHub Actions.
Added new Connection String in Configuration => Connection Strings as you have mentioned.
When I tried to Sync (Redeploy) from Deployment Center, got the below alert.
It clearly says that old deployment changes will be updated with the new one.
But for me the Connection String is not missing.
While creating the App Service, Initially Disable the GitHub Actions settings.
Later, Connect to GitHub from Deployment Center.
If we don't want to miss any configurations which are done after deployment. Instead of Re-deploying the App using Sync option, click on Disconnect.
Re-connect and Build the workflow again.
You can see the available Connection Strings.
I have a GitHub action doing .net solution build, test and deploy to Azure:
name: Build and deploy ASP.Net Core app to Azure Web App - project-test-api
on:
push:
branches:
- main
workflow_dispatch:
env:
# Stop wasting time caching packages
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
# Disable sending usage data to Microsoft
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: AutoModality/action-clean#v1
- uses: actions/checkout#v2
- name: Set up .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: '6.0.x'
include-prerelease: true
- name: Manually restore
working-directory: SolutionDir
run: dotnet restore --force
- name: Build with dotnet
working-directory: SolutionDir
run: dotnet build --configuration Release --no-restore
- name: Test
working-directory: SolutionDir
run: dotnet test --no-restore --no-build --configuration Release
- name: dotnet publish
working-directory: SolutionDir
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
- name: Upload artifact for deployment job
uses: actions/upload-artifact#v2
with:
name: .net-app
path: ${{env.DOTNET_ROOT}}/myapp
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact#v2
with:
name: .net-app
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy#v2
with:
app-name: 'quickplanner-test-api'
slot-name: 'Production'
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_SECRET }}
package: .
Recently I added a test project to the solution. From what I can see one of the packages used in the test project uses Newtonsoft.Json v9.0 when the rest of the solution uses v13.0. The solution can be built locally, tested and everything is ok. The GitHub action also finishes successfully building the solution, runs tests and deploys it to Azure. The problem occurs on Azure - somewhere along the way GitHub action uses an older version of Newtonsoft.Json. All projects expect newer ones, so the whole website breaks because of this. I'm not sure how to fix this - I've tried adding manually correct version of Newtonsoft.Json to the test project, to all projects, clearing caches in GitHub actions but without luck. What works is just removing test project from the solution, but obviously I want tests to be working. Does anyone has idea why this breaks and how to fix it?
I managed to fix this problem by adding this code to my Tests project csproj file:
<PropertyGroup>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
<GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
</PropertyGroup>
I'm not entirely sure what was the root cause behind this problem
For my ASP .Net Core project, I am trying to integrate CI/CD with Azure.
There, I tried to create an Azure pipeline with GitHub as follows:
Since I have already created .yml file in my GitHub Repository I decided to go with the option Existing Azure Pipeline YAML file option.
I have already created the following yml file in the Github repo in the path .github/workflows/dotnet.yml
Here is the dotnet.yml file:
name: .NET
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Setup .NET
uses: actions/setup-dotnet#v1
with:
dotnet-version: 5.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore
# - name: Test
# run: dotnet test --no-build --verbosity normal
But I am getting the two errors as:
/.github/workflows/dotnet.yml(Line: 3, Col: 1): Unexpected value 'on'
/.github/workflows/dotnet.yml(Line: 10, Col: 1): A mapping was not
expected
I do not understand why I am getting these errors. When I push to the repository the .NET builds run and it builds successfully.
Can somebody please let me know how to solve these two errors and what the fault in my YAML file is?
It looks like you try to run github actions build this is why its not working have a look into documentation how to structure your build
In Azure pipeline it will smth like this
steps:
- task: UseDotNet#2
inputs:
packageType: 'sdk'
version: '5.0.x'
- task: DotNetCoreCLI#2
displayName: Restore
inputs:
command: restore
projects: '**/*.csproj'
- script: dotnet build --no-restore
displayName: 'Build'
workingDirectory: SET_WORK_DIR
I've built an Azure Static Web App with one API function which has one dependency. This dependency sits in a private repository on GitHub. On my local dev machine I'm able to build the Functions app by downloading the dependency using SSH authentication. When trying to deploy to Azure using GitHub Actions I get the error Host key verification failed.
My GitHub Actions workflow is similar to the default workflow generated by Azure Static Web App, with the addition of using webfactory/ssh-agent for facilitating the SSH authentication on GitHub to retrieve the private repository Y and a run step with git clone for testing purposes:
# ... Same as on https://learn.microsoft.com/en-us/azure/static-web-apps/github-actions-workflow
jobs:
build_and_deploy_job:
runs-on: ubuntu-latest
name: Build and Deploy Job
steps:
- uses: actions/checkout#v2
with:
submodules: true
persist-credentials: false
- uses: webfactory/ssh-agent#v0.5.1
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE }}
- run: |
git clone ssh://git#github.com/X/Y.git Z
ls -la Z
- name: Build And Deploy
id: builddeploy
uses: Azure/static-web-apps-deploy#v0.0.1-preview
with:
azure_static_web_apps_api_token: ${{ secrets.AZURE_TOKEN }}
repo_token: ${{ secrets.GITHUB_TOKEN }}
action: "upload"
app_location: "/"
api_location: "api"
output_location: "build"
# ... Same as on https://learn.microsoft.com/en-us/azure/static-web-apps/github-actions-workflow
In my private repository Y I've added the public key associated to private key secrets.SSH_PRIVATE as a deploy key.
After running the workflow it shows the git clone command is ran correctly as the ls -la command results in displaying the directories and files in my private repository. However, the build process of my API (yarn install --prefer-offline --production) results in the error Host key verification failed when yarn is fetching the packages. As a result, GitHub Actions cannot download the dependency in my private repository, and cannot build the API. This ends with a failed workflow.
After analyzing Azure/static-web-apps-deploy#v0.0.1-preview I noticed it uses Oryx to start a Docker container for the build process of the Azure Static Web App. This container is unaware of the ssh-agent that was initialized using webfactory/ssh-agent on the host VM. As a result the yarn install triggered in Azure/static-web-apps-deploy#v0.0.1-preview couldn't download the dependency that was in my private repository and failed the installation.
To circumvent this I've refactored my private dependency to use it as a git submodule instead, because submodules can be loaded prior to the build process using actions/checkout. This was achieved by adding only two extra lines to the workflow file that is generated by Azure Static Web Apps. I've highlighted these two lines with a trailing # ADDED in the following snippet of my workflow file:
jobs:
build_and_deploy_job:
runs-on: ubuntu-latest
name: Build and Deploy Job
steps:
- uses: actions/checkout#v2
with:
ssh-known-hosts: "github.com" # ADDED
ssh-key: ${{ secrets.SSH_PRIVATE }} # ADDED
submodules: true
- name: Build And Deploy
id: builddeploy
uses: Azure/static-web-apps-deploy#v0.0.1-preview
...
Is it possible to use the webapps-deploy action to deploy into a specific path of the web app (and not just into wwroot)? For example deploying into a IIS virtual directory under wwwroot/app.
Current yaml GitHub action configuration, can't find a property here for setting a requested path on the web server.
- name: "Run Azure webapp deploy action using publish profile credentials"
uses: azure/webapps-deploy#v2
with:
app-name: MyApp
publish-profile: ${{ secrets.SECRET_PROFILE }}
package: build
Image showing the Virtual Application (wwwroot/app) I'd like to deploy into
With many times testing, I found it's not possible using Git Action. But you can consider using Visual Studio, importing publish profile.
First, set the virtual path in portal.
Downloads the publish profile. You will use the content of publish profile.
Modify the profile. Change msdeploySite's value from Your-Site to Your-Site\folder\subfolder, such as msdeploySite="dorissub\app". Change destinationAppUrl's value from http://xxx.azurewebsites.net to http://xxx.azurewebsites.net/app
Publish from VS.
Check the sub folder. it works.
Here is how I do using Git Action.
Add secret. Go to your GitHub repository settings and add a secret with the content of publish profile as the value, name it as AZURE_WEBAPP_PUBLISH_PROFILE.
Run workflow with this yaml file:
name: .NET Core dorisxxx
on: [push]
env:
AZURE_WEBAPP_NAME: dorisxxx # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '3.1.x' # set this to the dot net version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout the repo
- uses: actions/checkout#master
# Setup .NET Core SDK
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
# Run dotnet build and publish
- name: dotnet build and publish
run: |
dotnet restore
dotnet build --configuration Release
dotnet publish -c Release -o '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
# Deploy to Azure Web apps
- name: 'Run Azure webapp deploy action using publish profile credentials'
uses: azure/webapps-deploy#v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }} # Replace with your app name
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} # Define secret variable in repository settings as per action documentation
package: '${{ env.AZURE_WEBAPP_PACKAGE_PATH }}/myapp'
But the project still published to wwwroot...
Maybe you should choose another way to deploy.