Nuget.org server API has described here, but i can't find any information how to update my nuget API key which allows pushing packages. Is this available?
I want to set up this in my private CI server to forget about renewing keys every year.
Related
The project I'm working on currently deploys our private node packages via github packages. Our current workflow is for each developer to create and maintain their own personal access token, and then we use a central account's PAT for automation in AWS.
I was wondering if it's possible to authenticate with github packages without the use of Actions or PAT's?
As of 2022-07-30
No, it is not possible to use github packages without a personal access token (PAT):
It is not possible to upload without a PAT (which makes sense as it prevents random people to upload binaries to your package repo);
It is not possible to download without a PAT (not even publicly available packages can be used);
As early as 2019-10-20, people have requested github to remove PATs as a requirement for mainly downloading public packages.
The idea is that users of libraries should not need to have a github account to access a developer's package.
Sadly, the request for pat-less package downloads was not granted by Github to this day.
If you want a package registry without a hassle, it might be wise to look for other registries, such as MavenCentral or JitPack (not necessarily meant for node packages),
or host a service yourself.
I even had to link a cached webpage, as the original question has been removed from Github community along with a bunch of related questions.
Another question on github, stating pat-less access to packages is still on the roadmap for "fall 2021" is here.
I could not find what the current status of this feature is.
Edit: It is possible to download binaries without a PAT for public repositories using jitpack.io. Jitpack builds the given jar/aar on their servers.
You can add jitpack as a repository to your build system, and use the jitpack-specified URL to reference releases, branches, or specific commits.
Sadly, there is no way to refer to packages (yet).
However, this system allows your users to use your code without needing PATs nor a Github account.
I'd like to offer an alternative.
You may use a Gradle plugin of mine (magik, I was exactly in your shoes) to easier the consumption of artifacts from your Github Packages for Gradle clients.
It require you to save your read-only PAT on the repo itself, so that the users don't have to deal with any authentication (apart using the plugin above mentioned)
Is there a way through the API or CLI I can retrieve that newly created uses API key?
I have used an Ansible Role to setup/configure Nexus Sonatype.
https://github.com/ansible-ThoTeam/nexus3-oss#example-playbook
I re-run the role everytime i need a new repository, and it also creates a new user that has full access to that new repository.
I am trying to fully provision nexus via ansible, so I am trying not to take a pause, manually login to Nexus, and grab the API key from the GUI if possible, and update my ansible playbook.
Thank you!
This is not possible at this time via APIs provided by Nexus Repository (3). See https://issues.sonatype.org/browse/NEXUS-25154 for more information.
I am trying to publish a NuGet package to a NuGet feed I created in Azure Devops. I have experience in doing these kind of things (I published on NuGet.org) but for some reason I do not understand, it is not working when I try to do this for my employer.
When I click "Connect To Feed", I see this explanation:
This clearly shows where to put my package path and where to put the source. However, it does not show where to put the API key I generated.
But I gave it a try and typed (after generating the package file):
dotnet nuget push --source "Test" --api-key az ClassLibrary1.1.0.0.nupkg
This was not working (401)
I really do not understand this part of the explanation: "API Key (any string will do)". Why possibly "any string will do". I need a valid API key.... Not "any string".
After that I tried to publish in way I have good experience with (when publishing nuget.org public nuget packages). In this statement, the source and key are clearly specified.
Here is how I did it:
Also that does not work. I got a 401 again.
My API key that should give me access (and thus prevents a 401) should be fine. This is how I generated the API key:
Most likely, there is something wrong with the way I specified my API key, not with the API key itself. So how do I specify it correctly in my command-line statement in order to successfully publish my package?
There are a few steps you'll have to take before you can push to your NuGet feed locally:
Install the Azure Artifact Credential Provider: https://go.microsoft.com/fwlink/?linkid=2099625
Run dotnet restore --interactive, this will prompt you for credentials
Run dotnet nuget push --source "BackgroundJobs" --api-key anyapikey <package-path>
Note: You can use any API key.
I'm experimenting with the DevExpress.Blazor Controls. Also I like to get my CICD workflow going right from getgo so that any issues crop up sooner rather than later. Since the project is OSS hosted on Github we will be using GitHub actions
To install the DevExpress.Blazor control, I need to add a unique URL as my Nuget Feed
While there is a DevExpress link [https://docs.devexpress.com/GeneralInformation/400604/installation/install-devexpress-controls-using-nuget-packages/integrate-nuget-to-popular-continuous-integration-systems] that lists how to configure various CICD unfortunately Github actions is missing out. The closest approximation is Azure DevOps but it mentions to tag the Nuget Feed in an unencrypted Nuget.config file. This would expose my Authorization Key. Is there any recommended way to ensure this is done in a secure manner?
If you do not want to store the auth key in the NuGet.config file (i.e., in the repository), it is possible to hide unique NuGet feed in Azure DevOps Build pipeline
In my node project I would like to use both NPM and Github registries. The reason is that I use some packages as request or async, but I've made my own packages which are stored on Github Packges Registry.
I've tried to add #USERNAME:registry=https://npm.pkg.github.com/ in .npmrc, but I still need an authtoken. There is the problem: as it's for a continuous integration I don't want to use a token linked to a specific user.
So what could I do ?
Edit: I'm using Circle CI for my workflows.
You can use the default GITHUB_TOKEN associated with the repository that your workflow runs in.
If you are using a GitHub Actions workflow, you can use a GITHUB_TOKEN to publish and consume packages in the GitHub Package Registry without needing to store and manage a personal access token.
ref: https://help.github.com/en/github/managing-packages-with-github-package-registry/configuring-npm-for-use-with-github-package-registry#authenticating-to-github-package-registry
If you are not using GitHub Actions and running your build in a different CI tool then I don't think you have any choice but to use a Personal Access Token tied to a user account.