I am facing an issue with a GitHub Actions workflow that involves dotnet restore. The repository is hosted on GitHub, and I’m trying to restore NuGet packages from a GitHub Packages source.
Here’s a snippet of my GitHub Actions workflow YAML:
name: Build .NET 7 + Pack + Push NuGet
on:
workflow_dispatch: # Allow running the workflow manually from the GitHub UI
push:
branches:
- "main" # Run the workflow when pushing to the main branch
pull_request:
branches:
- "main" # Run the workflow for all pull requests
release:
types:
- published # Run the workflow when a new GitHub release is published
env:
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
DOTNET_NOLOGO: true
NuGetDirectory: ${{ github.workspace }}/out
defaults:
run:
shell: pwsh
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: read
steps:
- uses: actions/labeler@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN}}
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Get all history to allow automatic versioning using MinVer
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: 7.0.x
- name: Add GitHub NuGet Source
id: add-nuget-source
run: |
dotnet nuget add source https://nuget.pkg.github.com/user/index.json -n github -u user -p ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text
continue-on-error: true
- name: Restaurando Dependências
run: dotnet restore
#if: success() && steps.add-nuget-source.outputs.result == '0'
- name: Build do Projeto
run: dotnet build -c Release -o out
#- name: Test
# run: dotnet test --no-build --verbosity normal
# Publish the NuGet package as an artifact, so they can be used in the following jobs
- uses: actions/upload-artifact@v3
with:
name: nuget
if-no-files-found: error
retention-days: 7
path: ${{ env.NuGetDirectory }}/*.nupkg
run_test:
name: Rodando os Testes Unitários
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v3
- name: Setup .NET
uses: actions/setup-dotnet@v3
- name: Run tests
run: dotnet test --configuration Release
deploy:
# Publish only when creating a GitHub Release
# https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository
# You can update this logic if you want to manage releases differently
# if: github.event_name == 'release'
runs-on: ubuntu-latest
needs: [run_test]
# Download the NuGet package created in the previous job
steps:
- uses: actions/download-artifact@v3
with:
name: nuget
path: ${{ env.NuGetDirectory }}
- name: Publicando os pacotes Nuget
run: |
cd out
dotnet nuget push "*.nupkg" --api-key "${{ secrets.NUGET_APIKEY }}" --source "${{ secrets.NUGET_SERVER }}" --skip-duplicate
The issue occurs during the dotnet restore step with the following error:
/usr/share/dotnet/sdk/8.0.100/NuGet.targets(156,5): warning : Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
Retrying ‘FindPackagesByIdAsync’ for source ‘https://nuget.pkg.github.com/user/download/package/index.json’.
Additional Information:
The NuGet packages are stored in a GitHub repository, and I have configured the workflow to use the GitHub token for authentication.
The issue seems to be related to authentication during the dotnet restore step.
I would appreciate any guidance on how to properly configure the GitHub Actions workflow to resolve this issue.
Thank you for your assistance!
2
Answers
I got the same exact error message and managed to solve it by updating the
ClearTextPassword
in thepackageSourceCredentials
for github in the nuget.config with an active token that has theread:packages
permission.I’m using a package references to the org vs a repo.
You can use the nuget source add, as you did, but use a generated user PAT and store it in your repo or org actions/secrets instead of using GITHUB_TOKEN.
Odd for me that dotnet nuget push can use an api-key parameter that accepts GITHUB_TOKEN but dotnet restore seems not to be able to that token. Even with permissions: packages:read granted on the build steps does not work.