This repository contains a rich set of CI-CD demos where I show you how to:
- Connect to private nuget feeds; Azure, GitHub packages, and custom (eg Telerik).
- Build .NET apps and publish to a container registry; Docker, Azure, GitHub, etc.
Although I use Telerik's NuGet server because I have a license, these demos are good for any private feed type; just use your source URL and credentials instead!
- CI Systems
- Build Badges
- Videos
- Tips and Troubleshooting
- Related Blog Posts
System | CI/CD file(s) |
---|---|
GitHub Actions | .github/workflows |
Azure DevOps (YAML) | azure-pipelines.yml |
Azure DevOps (classic) | click build badge |
GitLab CI/CD | .gitlab-ci.yml ↗ |
Project | GitHub Actions | Azure DevOps | GitLab CI |
---|---|---|---|
ASP.NET AJAX | |||
ASP.NET Core | |||
ASP.NET Blazor | |||
WPF (net48) | |||
WinForms (net48) | |||
Console | |||
WinUI 3 | |||
.NET MAUI | |||
Kendo Angular |
- Docker and DockerHub integration:
- The
workflows/main_build-aspnetcore.yml
uses a Dockerfile to build and publish a Linux image to DockerHub => lancemccarthy/myaspnetcoreapp.- Ex.
docker run -d -p 8080:8080 lancemccarthy/myaspnetcoreapp:latest
- Ex.
docker run -d -p 8080:8080 lancemccarthy/myblazorapp:latest
- Ex.
- For a real-world example, visit Akeyless Web Target's docker-publish.yml, which builds and publishes the lancemccarthy/secretsmocker container image to Docker Hub.
- Ex.
docker run -d -p 8080:80 lancemccarthy/secretsmocker:latest
- Ex.
- The
- Azure DevOps: All statuses are for classic pipelines, except the
Console
project, which uses Azure DevOps YAML pipelines.
The following 4 minute video takes you though all the steps on adding a private NuGet feed as a Service Connection and consuming that service in three different pipeline setups.
- 0:09 Add a Service connection to the Telerik server
- 1:14 Classic pipeline for .NET Core
- 1:47 Classic .NET Framework pipeline
- 2:25 YAML pipeline setup for .NET Core
A common problem to run into is to think that the environment variable is the same thing as the GitHub Secret (or Azure DevOps pipeline variable). In this demo, I intentionally named the secrets a different name than the environment variable name so that it is easier for you to tell the difference.
However, I know that not everyone has the time to watch the video and just copy/paste the YAML instead. This will cause you to hit a roadblock because you missed the part about setting up the GitHub secret, Azure DevOps pipeline variable or . Here is a 2 screenshot crash-course on how to get back on track.
In your YAML, you probably have done this:
That mean you must also have the secrets in your Settings > Secrets list
You could also dynamically update the credentials of a Package Source defined in your nuget.config file This is a good option when you do not want to use a packageSourceCredentials
section that uses environment variables.
# Updates a source named 'Telerik' in the nuget.config
dotnet nuget update source "Telerik" --source "https://nuget.telerik.com/v3/index.json" --configfile "src/nuget.config" --username '${{ secrets.MyTelerikEmail }}' --password '${{ secrets.MyTelerikPassword }}' --store-password-in-clear-text
That command will look through the nuget.config for a package source with the key Telerik
and then add/update the credentials for that source.
The
--store-password-in-clear-text
switch is important. It does not mean the password is visible, rather it means that you're using the password text and not a custom encrypted variant. For more information, please visit https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials
You can use the same approach in the previous section. Everything is exactly the same, except you use api-key
for the username and the NuGet key for the password.
Please visit the Announcing NuGet Keys blog post for more details how ot create the key and how to use it.
dotnet nuget update source "Telerik" --source "https://nuget.telerik.com/v3/index.json" --configfile "src/nuget.config" --username 'api-key' --password '${{ secrets.MyNuGetKey }}' --store-password-in-clear-text
IMPORTANT: Protect your key by storing it in a GitHub Secret, then use the secret's varible name in the command
When using a Dockerfile to build a .NET project that uses the Telerik NuGet server, you'll need a safe and secure way to handle your crednetials. This can be done my mounting a Docker secret, which is a 1-liner in theDockerfile. Let's walkthrough through the highlights.
In your GitHub Actions workflow, you can set a secret in the same step that you build/publish the container. In the following YAML, notice we're using a GitHub Actions Secret to set a Docker secret: telerik_key=${{ secrets.TELERIK_NUGET_KEY }}
- uses: docker/build-push-action@v3
with:
secrets: |
telerik_key=${{ secrets.TELERIK_NUGET_KEY }}
...
Now, insdie the Dockerfie itself, we can mount that secret:
# Here we use a docker secret to update the 'Telerik_Feed' package source, then restore then build
RUN --mount=type=secret,id=telerik_key \
echo $(cat /run/secrets/telerik_key)
Now that the secret's value is available (/run/secrets/telerik_key
in this case), it can be used in subsequent dotnet commands. For example here, I update the Telerik package source's credentials.
dotnet nuget update source "Telerik_Feed" -s "https://nuget.telerik.com/v3/index.json" -u "api-key" -p $(cat /run/secrets/telerik_key) --configfile "./NuGet.Config" --store-password-in-clear-text \
For a complete demo, see the complete Dockerfile and the complete workflow.