DotNetCoreRestoreSettings doesn't support keys?

[mausch]

Hi! https://cakebuild.net/api/Cake.Common.Tools.DotNetCore/DotNetCoreAliases/6E238F91 doesn't mention any API keys.
I need to set API keys to restore from the GitHub package registry.

I browsed around and found https://cakebuild.net/api/Cake.Common.Tools.NuGet.Restore/NuGetRestoreSettings/ , that seems to be old/deprecated/duplicate?

Also found https://stackoverflow.com/a/38818942 which as a workaround manipulates nuget sources, but that's from 2016...

Many thanks

[augustoproiete]

DotNetCoreRestore is simply a wrapper around dotnet restore that comes with the .NET SDK.

dotnet restore does not support API keys directly. It relies on the existing NuGet sources that you set up previously on the machine (e.g. via dotnet nuget) and/or through a nuget.config file you can add to your repo with your nuget sources.

Option 1: dotnet nuget add source

dotnet nuget add source <nuget server> --name <name> --username xxx --password xxx --store-password-in-clear-text

If you wanted to call dotnet nuget via Cake, you can call via DotNetCoreNuGetAddSource and can use DotNetCoreNuGetHasSource to check if a source already exists before trying to create it. All the dotnet nuget Cake wrappers are documented here: https://cakebuild.net/dsl/dotnetcore/#NuGet

Option 2: nuget.config

The other route is creating a nuget.config at the root of your repository that looks something like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
    <add key="your-custom-feed" value="https://..." protocolVersion="3" />
  </packageSources>
  <activePackageSource>
    <add key="All" value="(Aggregate source)" />
  </activePackageSource>
  <packageSourceCredentials>
    <your-custom-feed>
      <add key="Username" value="xxx" />
      <add key="ClearTextPassword" value="xxx" />
    </your-custom-feed>
  </packageSourceCredentials>
</configuration>

---

• dotnet nuget add source documentation: https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file
• nuget.config documentation: https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file

[devlead]

The underlying SDK CLI dotnet restore command doesn't support specifying an API key
https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-restore#arguments

It can use either interactive or key present per source in implicit/specified nuget config file.

The dotnet nuget command can be used here i.e.

dotnet nuget add source --username USERNAME --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/OWNER/index.json"

https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry#authenticating-to-github-packages

This is available in Cake using the DotNetCoreNuGetUpdateSource alias, example:

var settings = new DotNetCoreNuGetSourceSettings
{
    Source = "https://www.example.com/nugetfeed",
    UserName = "username",
    Password = "password",
    StorePasswordInClearText = true
};

DotNetCoreNuGetUpdateSource("example", settings);

https://cakebuild.net/api/Cake.Common.Tools.DotNetCore/DotNetCoreAliases/F55178ED

If you're using github actions you can add token as a secret environment variable something like

steps:
  - name: Run Cake Script 
    run: dotnet cake 
    env:
      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

And you can then access token as environment variable GITHUB_TOKEN

[mausch]

dotnet restore does not support API keys directly.

Ah yeah, every few months I trip on this and then forget that this is the underlying cause.
Thank you both 👍

[nick5454]

I solved my issue by putting a Nuget,config in the build folder, so any nugets needed to run before i'm able to add sources also `

	<!-- Automatically check for missing packages during build in Visual Studio -->
	<add key="automatic" value="True" />
</packageRestore>

<!--
	Used to specify the default Sources for list, install and update.
	See: nuget.exe help list
	See: nuget.exe help install
	See: nuget.exe help update
-->
<packageSources>
	<add key="NuGet official package source" value="https://api.nuget.org/v3/index.json" />
	<add key="smarts" value="https://pkgs.dev.azure.com/name/_packaging/name/nuget/v3/index.json" />
</packageSources>

<!-- Used to store credentials -->
<packageSourceCredentials>
	<smarts>
		<add key="Username" value="VSTS" />
		<add key="ClearTextPassword"  value="%NUGET_AUTH_TOKEN%" />
	</smarts>
</packageSourceCredentials>

<!-- Used to disable package sources  -->
<disabledPackageSources />

<!--
	Used to specify default API key associated with sources.
	See: nuget.exe help setApiKey
	See: nuget.exe help push
	See: nuget.exe help mirror
-->
<!--<apikeys>
	<add key="https://MyRepo/ES/api/v2/package" value="encrypted_api_key" />
</apikeys>-->

<!--
	Used to specify trusted signers to allow during signature verification.
	See: nuget.exe help trusted-signers
-->

`

THis works for me very well