actions
NUGET_AUTH_TOKEN does not work for official NuGet repository
Description: I tried publishing the package using source-url and NUGET_AUTH_TOKEN, but it failed with the error API key not found.
warn : No API Key was provided and no API Key could be found for 'https://www.nuget.org/api/v2/package'. To save an API Key for a source use the 'setApiKey' command.
Pushing Bluehill.Hangul.2.1.0-gh-actions-test.1.nupkg to 'https://www.nuget.org/api/v2/package'...
PUT https://www.nuget.org/api/v2/package/
Unauthorized https://www.nuget.org/api/v2/package/ 303ms
error: Response status code does not indicate success: 401 (An API key must be provided in the 'X-NuGet-ApiKey' header to use this service).
Task version: v4
Platform:
- [X] Ubuntu
- [ ] macOS
- [ ] Windows
Runner type:
- [X] Hosted
- [ ] Self-hosted
Repro steps:
https://github.com/na1307/Bluehill.Hangul/blob/9702f8b7432c8cbf088a829cef16c661a40c4efa/.github/workflows/dotnet.yml
Expected behavior: The package should publish normally.
Actual behavior: The package won't be published with an error about missing an API key.
Hello @na1307, Thank you for creating this issue and we will look into it :)
Hi @na1307, The issue occurs because an API key was not correctly provided when attempting to push the package to NuGet. We were able to reproduce the issue by providing an incorrect API key. We suspect that the issue is due to one of the following reasons:
- Missing API Key: The API key was not provided in the command, leading to an unauthorized request.
- Incorrect API Key: An incorrect or expired API key was used, resulting in a 401 Unauthorized error.
To resolve this issue, please follow these steps:
- Ensure that the API key is correctly set in your NuGet configuration.
- If the API key is missing or incorrect, generate a new API key
- Store the API key as a secret in your GitHub repository settings.
- Modify your workflow file to include the API key when pushing the package.
env:
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
Following these steps will ensure that the correct API key is used when pushing the package in your GitHub Actions workflow.
Hi @na1307, Just a gentle reminder regarding this issue, If you have any updates or need further assistance, Please let us know.
Hi @na1307, Just a gentle reminder regarding this issue, If you have any updates or need further assistance, Please let us know.
Hi @na1307, we have successfully pushed the package to NuGet. A screenshot is attached for your reference. Here are the steps that helped us publish the package:
- Regenerate the API Key: The API key might expire, so be sure to regenerate it by logging in to nuget.org, navigating to your API keys, and regenerating the key.
- Rename the .csproj File: Change the name of the .csproj file and update the corresponding files before attempting to publish the package again.
- Check the Permissions:
- Verify API Key Scope on NuGet.org: Log in to your NuGet.org account, go to your profile, select "API Keys," and ensure the scope of the API key includes the "Push" permission.
- Inspect Workflow Permissions: Ensure your GitHub Actions workflow has the necessary permissions to use the API key:
permissions:
contents: read
packages: write
Please follow the above steps to resolve your issue and let us know if you are still facing any problems.
According to README.md:
- uses: actions/setup-dotnet@v4
with:
dotnet-version: 3.1.x
- name: Publish the package to nuget.org
run: dotnet nuget push */bin/Release/*.nupkg -k $NUGET_AUTH_TOKEN -s https://api.nuget.org/v3/index.json
env:
NUGET_AUTH_TOKEN: ${{ secrets.NUGET_TOKEN }}
Note: It's the only way to push a package to nuget.org feed for macOS/Linux machines due to API key config store limitations.
Sorry, I found out that the way to publish packages to GPR and nuget.org is different. I followed the README.md instructions and it was published normally.
Hi @na1307 , Since it has been successfully published, we are proceeding to close this issue. Please feel free to contact us in case of any further concerns. Thank You !