search

dotnet / sdk-container-builds

Libraries and build tooling to create container images from .NET projects using MSBuild
https://learn.microsoft.com/en-us/dotnet/core/docker/publish-as-container
MIT License
175 stars 30 forks source link

Add authentication for service connection in Azure DevOps #536

Open Varorbc opened 5 months ago

Varorbc commented 5 months ago

Add authentication for service connection in Azure DevOps

baronfel commented 5 months ago

@Varorbc do you have an example or sample showing this not working? We currently support authentication via Azure Managed Identities, and my understanding was that this was the enabler for AzDo connections.

Varorbc commented 5 months ago

@baronfel 

/usr/share/dotnet/sdk/8.0.100/Containers/build/Microsoft.NET.Build.Containers.targets(202,5): error CONTAINER1013: Failed to push to the output registry: CONTAINER1008: Failed retrieving credentials for "index.docker.io": No matching auth specified for registry 'index.docker.io' in Docker config. [/home/vsts/work/1/s/WebApplication1/WebApplication1.csproj]

azure-pipelines.yml

- task: DotNetCoreCLI@2
  inputs:
    command: publish
    projects: '**/*.csproj'
    publishWebProjects: false
    arguments: --configuration Release /p:PublishProfile=DefaultContainer

WebApplication1.csproj

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <InvariantGlobalization>true</InvariantGlobalization>
    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
    <ContainerRegistry>index.docker.io</ContainerRegistry>
  </PropertyGroup>

  <ItemGroup>
    <ContainerEnvironmentVariable Include="ASPNETCORE_HTTPS_PORTS">
      <Value>8081</Value>
    </ContainerEnvironmentVariable>
  </ItemGroup>

</Project>

image

baronfel commented 5 months ago

I notice that index.docker.io is specified both in your csproj as well as in the service connection - is the service connection URL hard coded in this case? Does pushing to index.docker.io work if you try publishing locally?

Varorbc commented 5 months ago

I notice that index.docker.io is specified both in your csproj as well as in the service connection - is the service connection URL hard coded in this case?

I used to use this task and didn't need to define a registry address in csproj.

Does pushing to index.docker.io work if you try publishing locally?

Okay, but authorization is required. What I'm not sure about now is how to use authorization in the service connection

mmoles-Growlink commented 1 day ago

This Works. The env is required to pass the credentials over.

- task: DotNetCoreCLI@2
    inputs:
      command: 'publish'
      publishWebProjects: false
      projects: '.\MyModule.csproj'
      arguments: '-r linux-arm -c Release /t:PublishContainer'
      zipAfterPublish: false
    env:
      SDK_CONTAINER_REGISTRY_UNAME: $(ACR_USER)
      SDK_CONTAINER_REGISTRY_PWORD: $(ACR_PASSWORD)

An alternative 

- task: AzureCLI@2
    inputs:
      azureSubscription: '<mySubscription>'
      scriptType: 'ps'
      scriptLocation: 'inlineScript'
      inlineScript: |
                az acr login --user ${env:ACR_USER} --password  ${env:vACR_PASSWORD}  --name mycontainers
                dotnet publish ".\MyModule.csproj"  -r linux-arm -c Release /t:PublishContainer