sdk-container-builds icon indicating copy to clipboard operation
sdk-container-builds copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Add authentication for service connection in Azure DevOps

Open Varorbc opened this issue 1 year ago • 5 comments

Add authentication for service connection in Azure DevOps

Varorbc avatar Jan 12 '24 07:01 Varorbc

@Varorbc do you have an example or sample showing this not working? We currently support authentication via Azure Managed Identities, and my understanding was that this was the enabler for AzDo connections.

baronfel avatar Jan 12 '24 13:01 baronfel

@baronfel

/usr/share/dotnet/sdk/8.0.100/Containers/build/Microsoft.NET.Build.Containers.targets(202,5): error CONTAINER1013: Failed to push to the output registry: CONTAINER1008: Failed retrieving credentials for "index.docker.io": No matching auth specified for registry 'index.docker.io' in Docker config. [/home/vsts/work/1/s/WebApplication1/WebApplication1.csproj]

azure-pipelines.yml

- task: DotNetCoreCLI@2
  inputs:
    command: publish
    projects: '**/*.csproj'
    publishWebProjects: false
    arguments: --configuration Release /p:PublishProfile=DefaultContainer

WebApplication1.csproj

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <InvariantGlobalization>true</InvariantGlobalization>
    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
    <ContainerRegistry>index.docker.io</ContainerRegistry>
  </PropertyGroup>

  <ItemGroup>
    <ContainerEnvironmentVariable Include="ASPNETCORE_HTTPS_PORTS">
      <Value>8081</Value>
    </ContainerEnvironmentVariable>
  </ItemGroup>

</Project>

image

Varorbc avatar Jan 15 '24 02:01 Varorbc

I notice that index.docker.io is specified both in your csproj as well as in the service connection - is the service connection URL hard coded in this case? Does pushing to index.docker.io work if you try publishing locally?

baronfel avatar Jan 15 '24 02:01 baronfel

I notice that index.docker.io is specified both in your csproj as well as in the service connection - is the service connection URL hard coded in this case?

I used to use this task and didn't need to define a registry address in csproj.

Does pushing to index.docker.io work if you try publishing locally?

Okay, but authorization is required. What I'm not sure about now is how to use authorization in the service connection

Varorbc avatar Jan 15 '24 02:01 Varorbc

This Works. The env is required to pass the credentials over.

- task: DotNetCoreCLI@2
    inputs:
      command: 'publish'
      publishWebProjects: false
      projects: '.\MyModule.csproj'
      arguments: '-r linux-arm -c Release /t:PublishContainer'
      zipAfterPublish: false
    env:
      SDK_CONTAINER_REGISTRY_UNAME: $(ACR_USER)
      SDK_CONTAINER_REGISTRY_PWORD: $(ACR_PASSWORD)

An alternative

- task: AzureCLI@2
    inputs:
      azureSubscription: '<mySubscription>'
      scriptType: 'ps'
      scriptLocation: 'inlineScript'
      inlineScript: |
                az acr login --user ${env:ACR_USER} --password  ${env:vACR_PASSWORD}  --name mycontainers
                dotnet publish ".\MyModule.csproj"  -r linux-arm -c Release /t:PublishContainer

mmoles-Growlink avatar Jul 01 '24 17:07 mmoles-Growlink