Update cli-ref-sources.md #3380
Conversation
Adding some clarifying items when interacting with a custom/private Azure DevOps NuGet feed.
|
Learn Build status updates of commit 790db2d: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
@microsoft-github-policy-service agree |
|
Team Review: Rather than have our own wording for instructions, we'd prefer just a link to https://learn.microsoft.com/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows so that the information stays up-to-date |
|
I just fought the nuget commands for about three weeks until I figured out putting the PAT in for the password is what I needed to do. I reviewed pretty much all of these links, so I suppose I can tweak this PR to only have the nuget commands, and include a link to the PAT link you referenced. Would that be acceptable? |
|
Learn Build status updates of commit c89ef40: 💡 Validation status: suggestions
docs/reference/cli-reference/cli-ref-sources.md
For more details, please refer to the build report. Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them. For any questions, please:
|
|
Learn Build status updates of commit a24b434:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/reference/cli-reference/cli-ref-sources.md | View | Details |
docs/reference/cli-reference/cli-ref-sources.md
- Line 61, Column 91: [Warning: file-not-found - See documentation]
Invalid file link: '../../organizations/accounts/use-personal-access-tokens-to-authenticate'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
|
Learn Build status updates of commit 751eac6:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/reference/cli-reference/cli-ref-sources.md | View | Details |
docs/reference/cli-reference/cli-ref-sources.md
- Line 61, Column 91: [Warning: file-not-found - See documentation]
Invalid file link: 'azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
|
Learn Build status updates of commit 84fdbff: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
@jeffkl - can there be any movement on this PR, please? |
|
@OliaG @donnie-msft @zivkan I noticed you on other PR's that were merged, so I thought tagging you three might get some movement on this PR. TIA! 😄 |
|
My feedback is that while Azure Artifacts is an important implementation of a NuGet feed, and probably the most used server implementation by .NET projects, I personally don't like it being explicitly being called out. .NET has a policy to not give the impression that you need to use Azure to host .NET apps, and I feel like NuGet should not give the impression that you should use Azure DevOps over other NuGet servers. If we do call out Azure Artifacts specifically, why not add GitHub Package Repository as well? In which case, what about GitLab's package repository? Artifactory? Myget? Or the other servers listed in our "hosting" docs page I think it would better instead to link to https://learn.microsoft.com/nuget/consume-packages/consuming-packages-authenticated-feeds where we already have this snippet:
|
|
@zivkan |
|
I messaged a .NET PM earlier today, and the feedback I got is that it's fine to use Azure DevOps as an example, but it should be clear that this is a common requirement across many services. Don't make it sound in any way specific to Azure DevOps. So, something along the lines that "Many NuGet feeds, like Azure Artifacts, do not allow you to provide your password here. You need to create a token with the relevant scopes, and provide that token as the password to NuGet. See your feed's documentation for more details". However, I just remembered that Azure Artifacts (DevOps), we recommend using their credential provider. So honestly, I'm not sure that an example of using a PAT with Azure Artifacts is a good example, because it's better to use the cred provider and avoid needing to manage the secret yourself. Although, if you're using a CI pipeline that is not Azure Pipelines, but are using Azure Artifacts as your feed, then you will need to manage PATs. If you're using Azure Pipelines, you should use the I see on Azure Artifact's docs for using it with NuGet, several pages list the credential provider as a prerequisite, and the project setup for dotnet has a screenshot of the web UI, which has in bold text instructing you to ensure you have the latest version of the credential provider installed. But a quick search doesn't find any mention of PATs or access tokens. I'll pass your feedback onto them. Feel free to also propose any improvements to the "using authenticated feeds" doc. There might not be examples, but if you were blocked for a month, I hope at some point you would have chosen to read the full docs, rather than searching for specific keywords. It did mention Azure DevOps, so that should have been searchable, but maybe we need to add Azure Artifacts as well, since different people use different names. |
|
In my case, I'm using Github Actions to trigger a workflow that then publishes a NuGet package to the Azure DevOps feed, so I don't think a cred manager would matter. I like the suggestion of "Many NuGet feeds, like Azure Artifacts, do not allow you to provide your password here. You need to create a token with the relevant scopes, and provide that token as the password to NuGet. See your feed's documentation for more details", and then also submit another, simpler, nuget sources example to https://learn.microsoft.com/en-us/azure/devops/artifacts/nuget/publish?view=azure-devops -- I honestly can't recall which page finally got me working successfully in my pipeline, but it did eventually boil down to the example I was trying to publish here. The 'nuget sources' options... The examples on the devops page I linked added to my confusion, I suppose. What is published: There's no indication there as to what should be in the nuget.config file, so that tripped me up. What finally worked for me: In the end, the I suppose I will still push to suggest having the nuget sources add example on this PR, and I can remove the other notes. Sounds like I should submit a PR over on Publish and restore NuGet packages from the command line (NuGet.exe) which is really aligned to my use case. |
|
I edited this to only have the example that I was suggesting. Thoughts? |
|
Learn Build status updates of commit e0e82d5: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
@zivkan Nudging my last edit. TIA. |
Adding some clarifying items when interacting with a custom/private Azure DevOps NuGet feed.