响应状态代码不表示成功:401(未经授权)-Azure Devops订阅源ASP.NET Core 3.1 Docker构建
我在这个论坛上找到了一些文章和帖子,这些文章和帖子都与Azure中使用Docker build任务构建映像时无法授权Azure私有工件提要的问题有关,这是可以理解的 因此,我整理了一个反映在线示例的响应状态代码不表示成功:401(未经授权)-Azure Devops订阅源ASP.NET Core 3.1 Docker构建,docker,asp.net-core,azure-devops,azure-artifacts,Docker,Asp.net Core,Azure Devops,Azure Artifacts,我在这个论坛上找到了一些文章和帖子,这些文章和帖子都与Azure中使用Docker build任务构建映像时无法授权Azure私有工件提要的问题有关,这是可以理解的 因此,我整理了一个反映在线示例的Dockerfile: FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base WORKDIR /app FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
Dockerfile
:
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
EXPOSE 80
# The Personal Access Token arg
ARG NUGET_PAT
# Set environment variables
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS '{"endpointCredentials": [{"endpoint":"https://pkgs.dev.azure.com/MY_FEED/nuget/v3/index.json", "username":"username", "password":"${NUGET_PAT}"}]}'
# install wget
RUN apt-get update && apt-get install -y wget
# Get and install the Artifact Credential provider
RUN wget -O - https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
COPY ["xxx.csproj", "."]
RUN dotnet restore -s "https://pkgs.dev.azure.com/MY_FEED/nuget/v3/index.json" -s "https://api.nuget.org/v3/index.json"
COPY . .
WORKDIR "/src"
RUN dotnet build "xxx.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "xxx.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "xxx.dll"]
然后在Azure中的build args文本框中,我有以下内容:
NUGET_PAT=xxxxxxxxxxxxxxxxxxxxxxxxx
我还将PAT令牌设置为本论坛帖子中所述的以下权限:
- 构建:阅读
- 已连接的服务器(访问端点):已连接的服务器
- 打包(创建、读取、更新和删除提要和包):读取
nuget.config
直接复制到容器中,最终得到的都是未经授权的401
我还将username
设置为“username”,因为大多数示例都暗示它不是必需的
我做错了什么?您可以尝试以下格式,看看它是否有效:
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"https://pkgs.dev.azure.com/org/_packaging/MY_FEED/nuget/v3/index.json\", \"password\":\"${NUGET_PAT}\"}]}"
您还可以尝试另一种选择,查看以下博客了解解决方案2:
此解决方案基于动态构建一个Nuget.Config文件,该文件使用构建过程中定义的变量。例如:
Docker文件:
FROM mcr.microsoft.com/dotnet/core/aspnet:2.2-stretch-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM microsoft/dotnet:2.2-sdk AS build
ARG ARTIFACTS_ENDPOINT
ARG ACCESS_TOKEN
ARG USER
WORKDIR /src
COPY / /src/Services/MyApi/
WORKDIR /src/Services/MyApi/
RUN echo "<?xml version='1.0' encoding='utf-8'?><configuration><packageSources><add key='MyFeed' value='$ARTIFACTS_ENDPOINT' /></packageSources><packageSourceCredentials><ByThey><add key='Username' value='$USER' /><add key='ClearTextPassword' value='$ACCESS_TOKEN' /></ByThey></packageSourceCredentials></configuration>" > NuGet.Config
RUN dotnet restore MyApi.csproj -nowarn:msb3202,nu1503
FROM build AS publish
RUN dotnet build MyApi.csproj --no-restore -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyApi.dll"]
您可以尝试以下格式以查看其是否有效:
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"https://pkgs.dev.azure.com/org/_packaging/MY_FEED/nuget/v3/index.json\", \"password\":\"${NUGET_PAT}\"}]}"
您还可以尝试另一种选择,查看以下博客了解解决方案2:
此解决方案基于动态构建一个Nuget.Config文件,该文件使用构建过程中定义的变量。例如:
Docker文件:
FROM mcr.microsoft.com/dotnet/core/aspnet:2.2-stretch-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM microsoft/dotnet:2.2-sdk AS build
ARG ARTIFACTS_ENDPOINT
ARG ACCESS_TOKEN
ARG USER
WORKDIR /src
COPY / /src/Services/MyApi/
WORKDIR /src/Services/MyApi/
RUN echo "<?xml version='1.0' encoding='utf-8'?><configuration><packageSources><add key='MyFeed' value='$ARTIFACTS_ENDPOINT' /></packageSources><packageSourceCredentials><ByThey><add key='Username' value='$USER' /><add key='ClearTextPassword' value='$ACCESS_TOKEN' /></ByThey></packageSourceCredentials></configuration>" > NuGet.Config
RUN dotnet restore MyApi.csproj -nowarn:msb3202,nu1503
FROM build AS publish
RUN dotnet build MyApi.csproj --no-restore -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyApi.dll"]
您可以尝试以下格式以查看其是否有效:
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"https://pkgs.dev.azure.com/org/_packaging/MY_FEED/nuget/v3/index.json\", \"password\":\"${NUGET_PAT}\"}]}"
您还可以尝试另一种选择,查看以下博客了解解决方案2:
此解决方案基于动态构建一个Nuget.Config文件,该文件使用构建过程中定义的变量。例如:
Docker文件:
FROM mcr.microsoft.com/dotnet/core/aspnet:2.2-stretch-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM microsoft/dotnet:2.2-sdk AS build
ARG ARTIFACTS_ENDPOINT
ARG ACCESS_TOKEN
ARG USER
WORKDIR /src
COPY / /src/Services/MyApi/
WORKDIR /src/Services/MyApi/
RUN echo "<?xml version='1.0' encoding='utf-8'?><configuration><packageSources><add key='MyFeed' value='$ARTIFACTS_ENDPOINT' /></packageSources><packageSourceCredentials><ByThey><add key='Username' value='$USER' /><add key='ClearTextPassword' value='$ACCESS_TOKEN' /></ByThey></packageSourceCredentials></configuration>" > NuGet.Config
RUN dotnet restore MyApi.csproj -nowarn:msb3202,nu1503
FROM build AS publish
RUN dotnet build MyApi.csproj --no-restore -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyApi.dll"]
下面是我在Azure管道中使用Docker
build
和push
任务的最后一个Dockerfile
:
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
EXPOSE 80
# run the azure credential provider and let it do its magic
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
# personal access token arg
ARG NUGET_PAT
# link to azure feed arg
ARG AZURE_FEED
# set env var for azure credential provider
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS \
"{\"endpointCredentials\": [{\"endpoint\":\"${AZURE_FEED}\", \"username\":\"docker\", \"password\":\"${NUGET_PAT}\"}]}"
# debug env vars to make sure things are getting set correctly
RUN printenv
# restore private and public nuget feed
COPY ["xxx.csproj", "."]
RUN dotnet restore -s "${AZURE_FEED}" -s "https://api.nuget.org/v3/index.json"
# build
COPY . .
WORKDIR "/src"
RUN dotnet build "xxx.csproj" -c Release -o /app/build
# publish
FROM build AS publish
RUN dotnet publish "xxx.csproj" -c Release -o /app/publish
# run
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "xxx.dll"]
我还发现最好在Azure中使用
Azure\u提要
和NUGET\u PAT
创建一个变量组,这样个人访问令牌和提要就可以在其他管道中共享了。这里是最后一个Dockerfile
在Azure管道中使用Docker构建
和推送
任务:
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
EXPOSE 80
# run the azure credential provider and let it do its magic
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
# personal access token arg
ARG NUGET_PAT
# link to azure feed arg
ARG AZURE_FEED
# set env var for azure credential provider
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS \
"{\"endpointCredentials\": [{\"endpoint\":\"${AZURE_FEED}\", \"username\":\"docker\", \"password\":\"${NUGET_PAT}\"}]}"
# debug env vars to make sure things are getting set correctly
RUN printenv
# restore private and public nuget feed
COPY ["xxx.csproj", "."]
RUN dotnet restore -s "${AZURE_FEED}" -s "https://api.nuget.org/v3/index.json"
# build
COPY . .
WORKDIR "/src"
RUN dotnet build "xxx.csproj" -c Release -o /app/build
# publish
FROM build AS publish
RUN dotnet publish "xxx.csproj" -c Release -o /app/publish
# run
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "xxx.dll"]
我还发现最好在Azure中使用
Azure\u提要
和NUGET\u PAT
创建一个变量组,这样个人访问令牌和提要就可以在其他管道中共享了。这里是最后一个Dockerfile
在Azure管道中使用Docker构建
和推送
任务:
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
EXPOSE 80
# run the azure credential provider and let it do its magic
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | sh
# personal access token arg
ARG NUGET_PAT
# link to azure feed arg
ARG AZURE_FEED
# set env var for azure credential provider
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS \
"{\"endpointCredentials\": [{\"endpoint\":\"${AZURE_FEED}\", \"username\":\"docker\", \"password\":\"${NUGET_PAT}\"}]}"
# debug env vars to make sure things are getting set correctly
RUN printenv
# restore private and public nuget feed
COPY ["xxx.csproj", "."]
RUN dotnet restore -s "${AZURE_FEED}" -s "https://api.nuget.org/v3/index.json"
# build
COPY . .
WORKDIR "/src"
RUN dotnet build "xxx.csproj" -c Release -o /app/build
# publish
FROM build AS publish
RUN dotnet publish "xxx.csproj" -c Release -o /app/publish
# run
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "xxx.dll"]
我还发现最好在Azure中使用
Azure\u FEED
和NUGET\u PAT
创建一个变量组,这样就可以在其他管道中共享个人访问令牌和FEED。感谢您回答我的问题。我将尝试这两种解决方案,但在我这么做之前,请您澄清用户名,因为我不确定您是否需要它,如果需要,我如何知道它是什么?是在我的订阅源中,还是在我注册到azure devops的onmicrosoft电子邮件中@之前的名称。您可以在以下链接中看到用户名是可选的:。此外,您还可以尝试在运行dotnet命令之前使用该任务。我刚刚运行了上述内容,它们都会导致401
未经授权。我甚至在我原来的dockerfile中添加了一些我在这里找到的locale
东西:为什么它不断抛出401
,我现在没有主意了。谢谢,我刚刚尝试了nuget身份验证任务,收到了另一个401
,你仔细检查了端点了吗?它应该看起来像https://pkgs.dev.azure.com/org/_packaging/MY_FEED/nuget/v3/index.json
。感谢您回答我的问题。我将尝试这两种解决方案,但在我这么做之前,请您澄清用户名,因为我不确定您是否需要它,如果需要,我如何知道它是什么?是在我的订阅源中,还是在我注册到azure devops的onmicrosoft电子邮件中@之前的名称。您可以在以下链接中看到用户名是可选的:。此外,您还可以尝试在运行dotnet命令之前使用该任务。我刚刚运行了上述内容,它们都会导致401
未经授权。我甚至在我原来的dockerfile中添加了一些我在这里找到的locale
东西:为什么它不断抛出401
,我现在没有主意了。谢谢,我刚刚尝试了nuget身份验证任务,收到了另一个401
,你仔细检查了端点了吗?它应该看起来像https://pkgs.dev.azure.com/org/_packaging/MY_FEED/nuget/v3/index.json
。感谢您回答我的问题。我将尝试这两种解决方案,但在我这么做之前,请您澄清用户名,因为我不确定您是否需要它,如果需要,我如何知道它是什么?是在我的订阅源中,还是在我注册到azure devops的onmicrosoft电子邮件中@之前的名称。您可以在以下链接中看到用户名是可选的:。此外,您还可以尝试在运行dotnet命令之前使用该任务。我刚刚运行了上述内容,它们都会导致401
未经授权。我甚至在我原来的dockerfile中添加了一些我在这里找到的locale
东西:为什么它不断抛出401
,我现在没有主意了。谢谢,我刚刚尝试了nuget身份验证任务,收到了另一个401
,你仔细检查了端点了吗?它应该看起来像https://pkgs.dev.azure.com/org/_packaging/MY_FEED/nuget/v3/index.json
。