使用Docker在本地使用我的项目执行构建.dockerfile
,我无法访问带有401 Unauthorized的私有ADO Artifacts。
我已经在所有可访问的组织中为我的ADO帐户生成了“打包(读取)” PAT,并且尚未过期。
这可以在ADO Build Pipeline中使用“ npmAuthenticate”任务并将其指向项目的.npmrc
,但在本地,Docker无法进行身份验证。
FROM node:12 AS clientBuilder
ARG NPM_TOKEN
ADD . /client
WORKDIR /client
RUN wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS '{"endpointCredentials": [{"endpoint":"https://<ADO FEED>/nuget/v3/index.json", "username":"docker", "password":"'${NPM_TOKEN}'"}]}'
# the following line fails to authenticate
RUN npm ci
registry=<PROVIDED BY ADO ARTIFACTS>
always-auth=true
docker build . --build-arg NPM_TOKEN=<PAT>
以上结果如下:
Step 9/18 : RUN echo ${VSS_NUGET_EXTERNAL_FEED_ENDPOINTS}
---> Running in 6407b058be7d
{"endpointCredentials": [{"endpoint":"https://*****/nuget/v3/index.json", "username":"docker", "password":"*****"}]}
Step 11/18 : RUN npm ci
---> Running in 33a180c7b4c1
npm ERR! code E401
npm ERR! Unable to authenticate, need: Bearer authorization_uri=https://****, Basic realm="https://pkgsprodeus21.pkgs.visualstudio.com/", TFS-Federated
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2020-12-07T19_21_50_935Z-debug.log
The command '/bin/sh -c npm ci' returned a non-zero code: 1
我注意到的是,如果我使用.npmrc
与用户中提供的相同的凭据来配置项目.npmrc
,则可以正常工作。显然,我不希望该项目.npmrc
具有任何身份验证信息。
如果你需要的信息比我上面提供的更多,请告诉我。
这是我过去用来对私有Azure DevOps NuGet和NPM feed进行身份验证的基本“ devtools”图像。对于NPM,PAT需要使用Base64编码,而对于NuGet,则不需要。有点奇怪 我不能保证没有更好的方法可以做到这一点。
ARG SDKVersion=3.1
FROM mcr.microsoft.com/dotnet/core/sdk:${SDKVersion} AS build-env
# Contains NPM/NodeJS for webpack and all appropriate PATs/configuration for pulling NPM and NuGet packages from private feeds
ARG NugetPAT
ARG B64PAT
ARG SDKVersion=3.1
ENV Configuration Release
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS \
"{\"endpointCredentials\": [{\"endpoint\":\"https://pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/nuget/v3/index.json\", \"username\":\"docker\", \"password\":\"${NugetPAT}\"}]}"
RUN curl -L https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
RUN apt-get update -yq \
&& apt-get install curl gnupg -yq \
&& curl -sL https://deb.nodesource.com/setup_12.x | bash \
&& apt-get install nodejs -yq
WORKDIR /app
RUN echo '<?xml version="1.0" encoding="UTF-8"?><configuration><packageSources><add key="public" value="https://api.nuget.org/v3/index.json" /><add key="projectname-common" value="https://pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/nuget/v3/index.json" /></packageSources></configuration>' > NuGet.config
RUN echo \; begin auth token > /root/.npmrc && \
echo //pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/npm/registry/:username=orgname >> /root/.npmrc && \
echo //pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/npm/registry/:_password=${B64PAT} >> /root/.npmrc && \
echo //pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/npm/registry/:email=npm requires email to be set but doesn''t use the value >> /root/.npmrc && \
echo //pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/npm/:username=orgname >> /root/.npmrc && \
echo //pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/npm/:_password=${B64PAT} >> /root/.npmrc && \
echo //pkgs.dev.azure.com/orgname/projectname/_packaging/projectname-common/npm/:email=npm requires email to be set but doesn''t use the value >> /root/.npmrc && \
echo \; end auth token >> /root/.npmrc
感谢Daniel,这有助于解决问题。我在dockerfile文件中添加了一行,以将NPM_TOKEN参数转换为base64:
RUN echo -n ${NPM_TOKEN} | base64 > ~/.token64
然后.npmrc
,您在概述中引用了根中的编码令牌,现在可以访问我的私有ADO feed。谢谢!@ gt-downunder很高兴为您提供帮助!我花了几个小时才第一次开始工作。严重的疼痛。