dotnet nuget push fails to authenticate

[sliekens]

Description

I can't get authentication to work after reading the README section and related issues (NuGet/Home#8580 (comment)).

I want to:

1. restore dependencies from nuget.org
2. publish a package to GPR

Details

I have a nuget.config in my repo with just the source I need to restore dependencies.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

Then I added the bit of yaml that configures the GPR source-url and adds authentication.

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-dotnet@v1
      with:
        source-url: https://nuget.pkg.github.com/stevenliekens/index.json
      env:
        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    - run: dotnet pack --configuration Release --output artifacts --version-suffix CI-$(date --utc '+%Y%m%d-%H%M%S')
    - run: dotnet nuget push artifacts/*.nupkg

No matter what I do, I get an error on the last step saying that my API key is missing.

warn : No API Key was provided and no API Key could be found for 'https://nuget.pkg.github.com/stevenliekens'. To save an API Key for a source use the 'setApiKey' command.

Can this be a bug in the action? I don't see what I could possibly be missing.

[sliekens]

Okay I went through the code, ran jest, did some soul-searching and finally realized that the problem was staring at me all along.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

If you include a <clear /> element in your repo-level config file then the workflow ignores the temporary nuget file generated by setup-dotnet. IMO that's a pretty big deal because <clear /> is included in the output of dotnet new nugetconfig. (For good reasons.)

Now I'm not sure how to go about fixing this... I assume that changing the action to modify the repo-level nuget config is a no-no?

[sliekens]

I have a proposal... what if the action generates a full nuget config file that you can reference later on?

Input

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

Output

<?xml version="1.0"?>
<configuration>
  <config>
    <add key="defaultPushSource" value="https://nuget.pkg.github.com/OwnerName/index.json"/>
  </config>
  <packageSources>
    <clear />
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="Source" value="https://nuget.pkg.github.com/OwnerName/index.json"/>
  </packageSources>
  <packageSourceCredentials>
    <Source>
      <add key="Username" value="OwnerName"/>
      <add key="ClearTextPassword" value="NUGET_AUTH_TOKEN"/>
    </Source>
  </packageSourceCredentials>
</configuration>

The user-experience would look something like this:

steps:
- id: dotnet
  uses: actions/setup-dotnet@vnext
  with:
    source-url: https://nuget.pkg.github.com/owner/index.json
  env:
    NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: dotnet nuget push **/*.nupkg --config-file ${{ steps.dotnet.outputs.nugetconfig }}

Unfortunately, that's not possible because dotnet nuget push does not support --config-file. (Tracked by NuGet/Home#4879.)

@ZEisinger thoughts?

[Airn5475]

I'm running into this too and I have no idea what's going on. I've had it working before and all of a sudden it stopped.

- name: Setup .NET Core
  uses: actions/setup-dotnet@v1.5.0
  with:
    source-url: https://nuget.pkg.github.com/<owner>/index.json
  env:
    NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Pack NuGet
  run: dotnet pack <project name> --no-restore -c Release -o .\<project name>\NugetPackage   

- name: Publish NuGet
  run: |
      dotnet nuget push .\<project name>\NugetPackage\*.nupkg --no-symbols true

And I get the following output:

Run dotnet nuget push .\project\NugetPackage*.nupkg --no-symbols true
warn : No API Key was provided and no API Key could be found for 'https://nuget.pkg.github.com/owner'. To save an API Key for a source use the 'setApiKey' command.
Pushing project.1.0.2.nupkg to 'https://nuget.pkg.github.com/owner'...
PUT https://nuget.pkg.github.com/owner/
An error was encountered when fetching 'PUT https://nuget.pkg.github.com/owner/'. The request will now be retried.
An error occurred while sending the request.
The response ended prematurely.
PUT https://nuget.pkg.github.com/owner/
An error was encountered when fetching 'PUT https://nuget.pkg.github.com/owner/'. The request will now be retried.
An error occurred while sending the request.
The response ended prematurely.
PUT https://nuget.pkg.github.com/owner/
error: An error occurred while sending the request.
error: The response ended prematurely.

[PathogenDavid]

I've found success setting DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER to 0 command as noted in NuGet/Home#9775. IE: https://github.com/InfectedLibraries/ClangSharp.Pathogen/blob/120bef6bf5e73f6745bf238c23c594ce2d48be27/.github/workflows/ClangSharp.Pathogen.yml#L187-L191

Also off topic, but *.nupkg without double quotes can cause only the first matched package to be uploaded. And if you care about that workflow running on Ubuntu, you can't use backslashes. (And if you care about it running on Windows, you can't use forward slashes so I'd recommend using working-directory instead.)

[ZEisinger]

It seems the original problem with not using the given token would be solved by #109 (not released in v1 yet). The nuget file was being generated into a temp folder outside the repo path and was not being used.

[ZEisinger]

The release has been completed. Please reopen if the original bug is not resolved, or open a new issue for other bugs.

[AndrewTriesToCode]

Still seems to be an issue. I was getting

warn : No API Key was provided and no API Key could be found for 'https://nuget.pkg.github.com/andrewtriestocode'. To save an API Key for a source use the 'setApiKey' command.

using the install dotnet action parameters. If I just use the --source and --api-key options on the command line run for dotnet nuget push it works as expected.

[etiennecl]

I experience the same issue as @AndrewTriesToCode .

[sliekens]

My conclusion is that you have to do one of two things:

• A) Remove the <clear /> element from your nuget.config
• B) Add the source that requires authentication to your nuget.config

So this will never work:

    - uses: actions/setup-dotnet@v1
      with:
        config-file: nuget.config
        source-url: https://nuget.pkg.github.com/OwnerName/index.json
      env:
        NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

<!-- Will never work, even though the NUGET_AUTH_TOKEN is added, it can't be matched to a packageSource after the <clear/> -->
<configuration>
    <packageSources>
        <clear />
        <add key="nuget" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    </packageSources>
</configuration>

Option A:

<!-- Will work because packageSources are now merged with the temporary nuget.config in the parent directory -->
<configuration>
    <packageSources>
        <add key="nuget" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    </packageSources>
</configuration>

Option B:

<!-- Will also work because setup-dotnet will match your existing packageSource -->
<configuration>
    <packageSources>
        <clear />
        <add key="nuget" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
        <add key="gh" value="https://nuget.pkg.github.com/OwnerName/index.json" protocolVersion="3" />
    </packageSources>
</configuration>