-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Update private-packages.md nuget section #16942
Conversation
Co-authored-by: whitesource-for-github-com[bot] <50673670+whitesource-for-github-com[bot]@users.noreply.github.com>
Co-authored-by: whitesource-for-github-com[bot] <whitesource-for-github-com[bot]@users.noreply.github.com>
@@ -324,6 +324,18 @@ npmRegistries: | |||
For each known NuGet registry, Renovate searches for `hostRules` with `hostType=nuget` and matching host. | |||
For those found, a command similar to the following is run: `dotnet nuget add source ${registryInfo.feedUrl} --configfile ${nugetConfigFile} --username ${username} --password ${password} --store-password-in-clear-text` | |||
|
|||
password should be encoded to base64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
password should be encoded to base64 | |
The `password` must be base64 encoded. |
I think we mean must instead of should here. Or do we mean "We recommend you use base64 encoding, because other methods are wrong/dangerous?"
Are users allowed to use another encoding, or will that break things?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
according to rhys's comments in the discussion its a must , but im not sure and that's what im trying to clarify here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials
in renovate we recommend encryption, but if you look at the link you will see
If a non-encrypted password is passed for password the error message ["The parameter is incorrect" will occur](https://github.com/NuGet/Home/issues/3245).
its not clear if its base 64 or not, but it should be encrypted i guess,
apparently there's another parameter called: ClearTextPassword
for storing the actual password not encrypted.
i'm not 100% sure how this is implemented so might need help here from @rarkins @viceice
if they cant answer this then i will have to investigate further
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we can remove this message for now, it's not necessary as in my example i wrote : Encrypted PAT token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it needs to be plain text password or an API key, depends on the registry.
renovate encryption can be used, but never use base64 encoding.
that can maybe required by some custom registry, but not some i know / use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@viceice if you have experience here, would you please add some info to the documentation to make it clearer for users?
i've noticed we lack private packages handling documentation for most managers and it's costing us a lot of discussions and time
i thought adding an example would help, but not sure how much, that's all i got from the discussion mentioned above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's maybe a mixup here regarding the npm password, where it's base64 encoded in .npmrc
but we need it non-encoded in hostRules
. I have no opinion on nuget passwords
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm simply use this host rule for my proget
server and it works for npm
and nuget
datasources, SERVICE_USER_PSW
is the plain text password passed via environment.
{
matchHost: 'https://proget.domain.test/',
username: 'service-user',
password: process.env.SERVICE_USER_PSW,
},
gitea nuget sample, they use plain password or PAT.
I think there's maybe a mixup here regarding the npm password, where it's base64 encoded in
.npmrc
but we need it non-encoded inhostRules
. I have no opinion on nuget passwords
Yes, seemd to wrongly mixed up from npmrc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in the discussion #10998 they say they use PAT,
and it has 3 thumps up from other ppl too
is PAT the encrypted PAT token from renovate?
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
🎉 This PR is included in version 32.156.1 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Changes
according to #10998
added an example
Context
I've had trouble finding documentation about nuget private packages handling, and it only appears partially in the discussion i posted above, rhys asked in a comment to add it to the docs, but no one did.
Documentation (please check one with an [x])
How I've tested my work (please tick one)
I have verified these changes via: