Use token to restore nuget package from private repo owned by my company

[ranouf]

Hi,

I'm trying to restore nuget packages from a private repo in the same company.

I created the Github app with these permissions to allow reading on Packages

in my API solution, I configured the yml worklow using you action to generate a token:

    - uses: actions/create-github-app-token@v1
      id: app-token
      with: 
        app-id: ${{ vars.APP_ID }}
        private-key: ${{ secrets.PRIVATE_KEY }}
        # optional: owner not needed IF the app has access to the repo running the workflow
        #   if you get 'RequestError [HttpError]: Not Found 404', pass in owner
        #repositories: ${{ github.event.repository.name }}

then I update the current nuget source:

     # Set SK nuget source Credentials #NUGET_AUTH_TOKEN: ${{ secrets.AZURE_DEVOPS_PAT }}
    - name: Restore .NET project Dependencies
      run: dotnet nuget update source SKDotNetPackages --source "https://nuget.pkg.github.com/SK/index.json" --username "SK-API" --password ${{ steps.app-token.outputs.token }} --store-password-in-clear-text 

note that SK-API is the name of the current API Repo

And restore the packages in my API Solution

      # Restore .NET project Dependencies
    - name: Restore .NET project Dependencies
      run: find . -name '*.csproj' -exec dotnet restore {} \;

Which generates the error:

warning Undefined: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

Do you know what I missed in the configuration?

[jawilson]

As of now you can only use a PAT to access GitHub Package services. There are some community discussion posts about it.

[gr2m]

Good to know, thank you @jawilson! I'll close the issue as there is nothing actionable for us to do. If more folks run into this problem, we could start documenting known limitations in the README though