Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

patch user-level NuGet.Config before invoking dotnet/nuget tools #8748

Merged
merged 8 commits into from
Jan 11, 2024
Merged

patch user-level NuGet.Config before invoking dotnet/nuget tools #8748

merged 8 commits into from
Jan 11, 2024

Conversation

brettfo
Copy link
Contributor

@brettfo brettfo commented Jan 9, 2024

When dependabot is launched, private NuGet feed credentials might be passed in via the credentials object. These credentials are used to query NuGet, but when the C# command line tool is launched, these credentials are not passed through. Since the command line tool may start other dotnet or NuGet processes, the proper way to propagate credentials is to patch the user-level NuGet.Config file located at ~/.nuget/NuGet/NuGet.Config. This patching is handled in a wrapper function that ensures the original config file is restored after calling the command line tool. In production this file restore shouldn't matter, because a single dependabot run launches a new container then it's discarded, but when running locally it's best to restore this file.

Fixes #8721.

@brettfo brettfo requested a review from a team as a code owner January 9, 2024 19:49
@github-actions github-actions bot added the L: dotnet:nuget NuGet packages via nuget or dotnet label Jan 9, 2024
JoeRobich
JoeRobich approved these changes Jan 9, 2024
View reviewed changes
Copy link
Contributor

@JoeRobich JoeRobich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@brettfo brettfo force-pushed the dev/brettfo/private-nuget-feeds branch from c7cc03e to f5778b5 Compare January 10, 2024 00:09
@jurre jurre merged commit 5b30364 into main Jan 11, 2024
63 checks passed
@jurre jurre deleted the dev/brettfo/private-nuget-feeds branch January 11, 2024 09:17
@mburumaxwell mburumaxwell mentioned this pull request Jan 12, 2024
Closed
@brettfo brettfo mentioned this pull request Jan 26, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deivid-rodriguez deivid-rodriguez deivid-rodriguez left review comments

@edgarrs edgarrs edgarrs left review comments

@bdragon bdragon bdragon approved these changes

@JoeRobich JoeRobich JoeRobich approved these changes

@ryanbrandenburg ryanbrandenburg Awaiting requested review from ryanbrandenburg

Assignees
No one assigned
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

honor nuget-feed sources from dependabot.yml
6 participants
@brettfo @bdragon @JoeRobich @deivid-rodriguez @edgarrs @jurre