Skip to content

A repo to show you how to use a private NuGet feed to restore packages in Azure DevOps, GitHub Actions, GitLab CI and AppCenter.

License

Notifications You must be signed in to change notification settings

LanceMcCarthy/DevOpsExamples

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DevOps - Pipeline and Workflow Examples

This repository contains a rich set of CI-CD demos where I show you how to:

  • Connect to private nuget feeds; Azure, GitHub packages, and custom (eg Telerik).
  • Build .NET apps and publish to a container registry; Docker, Azure, GitHub, etc.

Although I use Telerik's NuGet server because I have a license, these demos are good for any private feed type; just use your source URL and credentials instead!

Table of Contents

CI Systems

System CI/CD file(s)
GitHub Actions .github/workflows
Azure DevOps (YAML) azure-pipelines.yml
Azure DevOps (classic) click build badge
GitLab CI/CD .gitlab-ci.yml

Badges

Project GitHub Actions Azure DevOps GitLab CI
ASP.NET AJAX Build AJAX Application Build CLASSIC
ASP.NET Core Build ASP.NET Core Application Build - CLASSIC
ASP.NET Blazor Build Blazor Application Build - CLASSIC Build status
WPF (net48) Build WPF Build - CLASSIC Build status
WinForms (net48) Build WinForms Build - CLASSIC
Console Build Console Build - YAML Build status
WinUI 3 Build WinUI3 Project
.NET MAUI MAUI main Build - CLASSIC
Kendo Angular Build Angular Build - CLASSIC Build status

Bonus Notes

  • Docker and DockerHub integration:
    • The workflows/main_build-aspnetcore.yml uses a Dockerfile to build and publish a Linux image to DockerHub => lancemccarthy/myaspnetcoreapp.
      • Ex. docker run -d -p 8080:8080 lancemccarthy/myaspnetcoreapp:latest
      • Ex. docker run -d -p 8080:8080 lancemccarthy/myblazorapp:latest
    • For a real-world example, visit Akeyless Web Target's docker-publish.yml, which builds and publishes the lancemccarthy/secretsmocker container image to Docker Hub.
      • Ex. docker run -d -p 8080:80 lancemccarthy/secretsmocker:latest
  • Azure DevOps: All statuses are for classic pipelines, except the Console project, which uses Azure DevOps YAML pipelines.

Videos

Azure DevOps with Telerik NuGet Server

The following 4 minute video takes you though all the steps on adding a private NuGet feed as a Service Connection and consuming that service in three different pipeline setups.

YouTube tutorial

  • 0:09 Add a Service connection to the Telerik server
  • 1:14 Classic pipeline for .NET Core
  • 1:47 Classic .NET Framework pipeline
  • 2:25 YAML pipeline setup for .NET Core

Tips and Troubleshooting

GitHub Actions: Using Secrets to Set Environment Variables

A common problem to run into is to think that the environment variable is the same thing as the GitHub Secret (or Azure DevOps pipeline variable). In this demo, I intentionally named the secrets a different name than the environment variable name so that it is easier for you to tell the difference.

However, I know that not everyone has the time to watch the video and just copy/paste the YAML instead. This will cause you to hit a roadblock because you missed the part about setting up the GitHub secret, Azure DevOps pipeline variable or . Here is a 2 screenshot crash-course on how to get back on track.

In your YAML, you probably have done this:

image

That mean you must also have the secrets in your Settings > Secrets list

image

Powershell: Update Package Source Dynamically

You could also dynamically update the credentials of a Package Source defined in your nuget.config file This is a good option when you do not want to use a packageSourceCredentials section that uses environment variables.

# Updates a source named 'Telerik' in the nuget.config
dotnet nuget update source "Telerik" --source "https://nuget.telerik.com/v3/index.json" --configfile "src/nuget.config" --username '${{ secrets.MyTelerikEmail }}' --password '${{ secrets.MyTelerikPassword }}' --store-password-in-clear-text

That command will look through the nuget.config for a package source with the key Telerik and then add/update the credentials for that source.

The --store-password-in-clear-text switch is important. It does not mean the password is visible, rather it means that you're using the password text and not a custom encrypted variant. For more information, please visit https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials

Using Telerik NuGet Keys

You can use the same approach in the previous section. Everything is exactly the same, except you use api-key for the username and the NuGet key for the password.

Please visit the Announcing NuGet Keys blog post for more details how ot create the key and how to use it.

dotnet nuget update source "Telerik" --source "https://nuget.telerik.com/v3/index.json" --configfile "src/nuget.config" --username 'api-key' --password '${{ secrets.MyNuGetKey }}' --store-password-in-clear-text

IMPORTANT: Protect your key by storing it in a GitHub Secret, then use the secret's varible name in the command

Dockerfile: Using Secrets

When using a Dockerfile to build a .NET project that uses the Telerik NuGet server, you'll need a safe and secure way to handle your crednetials. This can be done my mounting a Docker secret, which is a 1-liner in theDockerfile. Let's walkthrough through the highlights.

In your GitHub Actions workflow, you can set a secret in the same step that you build/publish the container. In the following YAML, notice we're using a GitHub Actions Secret to set a Docker secret: telerik_key=${{ secrets.TELERIK_NUGET_KEY }}

    - uses: docker/build-push-action@v3
      with:
        secrets: |
          telerik_key=${{ secrets.TELERIK_NUGET_KEY }}
     ...

Now, insdie the Dockerfie itself, we can mount that secret:

# Here we use a docker secret to update the 'Telerik_Feed' package source, then restore then build
RUN --mount=type=secret,id=telerik_key \
  echo $(cat /run/secrets/telerik_key)

Now that the secret's value is available (/run/secrets/telerik_key in this case), it can be used in subsequent dotnet commands. For example here, I update the Telerik package source's credentials.

dotnet nuget update source "Telerik_Feed" -s "https://nuget.telerik.com/v3/index.json" -u "api-key" -p $(cat /run/secrets/telerik_key) --configfile "./NuGet.Config" --store-password-in-clear-text \

For a complete demo, see the complete Dockerfile and the complete workflow.