Reputation: 153
How to use private packages in Azure Pipelines During CI/CD builds
I am using Azure CI/CD pipelines for Flutter build. In my Pubspec yaml file, I have dependencies that are private to my project and the code is hosted in same azure devops project but in different repository. During Build (i.e. Flutter Packages get) it gives me error saying Authentication failed?. I tried with PAT token where in prior to flutter build task i used git command to set that token, but it didn't solve the issue. Can anyone help me out?
Upvotes: 3
Views: 3147
Answers (3)
Reputation: 111
A more or less generic setup.
Suppose we have pubspec.yaml with the dependency:
dependencies:
flutter:
sdk: flutter
my_package:
git:
url: "[email protected]:v3/my-organization/my-project/my-package"
ref: v1.0.1
Pay attention at the beginning of the url: git@. You don't have to specify the username here.
Setup:
- Generate a new ssh key pair on your machine:
ssh-keygen -t rsa. Let's useid_rsa_azure_pipeline,id_rsa_azure_pipeline.pubas an output examples. - Add the public key
id_rsa_azure_pipeline.pubto your Azure DevOps profile. This will associate the public key generated in the previous step with your user ID and will allow the pipeline interact with SSH later. - Add the secure key
id_rsa_azure_pipelineas a Secure File to the Project's Library. This file will used by pipeline to install SSH key in runtime. - Use provided template (or grab the steps from it) before interracting with Flutter tasks. Pay attention: you don't have to specify
knownHostsEntryandsshPublicKeyinsideInstallSSHKey@0task while we setup trusted hosts automatically.
Install_SSH_key.step.template.1.0.0.yml
parameters:
- name: InstallSSHKey
displayName: 'Enables the step. If true, project Library must include private key as a Secret File.'
type: boolean
default: false
- name: SSHHost
displayName: 'SSH host name or IP address'
type: string
default: 'ssh.dev.azure.com'
- name: SSHSecureKey
displayName: 'The name of the RSA private key uploaded as Secure File in the project Library.'
type: string
default: 'id_rsa_azure_pipeline'
steps:
- script: |
ssh-keyscan -H ${{parameters.SSHHost}} >> ~/.ssh/known_hosts
displayName: 'Trust SSH host'
condition: eq( ${{parameters.InstallSSHKey}}, true )
- task: InstallSSHKey@0
displayName: "Installing SSH Key"
condition: eq( ${{parameters.InstallSSHKey}}, true )
inputs:
knownHostsEntry: ${{parameters.SSHHost}}
sshKeySecureFile: ${{parameters.SSHSecureKey}}
Upvotes: 0
Reputation: 51103
A private feed is created with permissions such that only you have access.
The build agent run with user(build service account), give to this user permissions in the feed. From Feed settings->Permissions, assign your build service account owner permission.
Also verify the token is working, make sure you have selected sufficient scopes for this token to authorize for your specific tasks.
Besides try adding a variable system.debug with a value of true you’ll get more information in the failure. That might help pinpoint the problem.
Upvotes: 0
Reputation: 624
I am open to being shown a better way but these are the steps I took to solve this issue a little while ago.
Assuming you are referencing the package in your pubspec.yaml using git over ssh on azure devops like:
repo_name:
git:
ref: 'tag or other identifier'
url: [email protected]:v3/you/project/repo_name
- Generate a new ssh key pair on your machine.
- Upload the private key to the library secure files section on azure devops.
- Add the install ssh key task to your azure pipelines build, using the key pair generated in the previous steps and referencing the private key uploaded to the secure files library. link
- Upload the public key to your list of public keys. (This step I'm not 100% sure is necessary but I did it initially and things have worked so I haven't changed removed it)
So in my azure-pipelines.yaml the install ssh key step looks kinda like this where id_rsa is the name of the private key in my secure files.
- task: InstallSSHKey@0
inputs:
knownHostsEntry: 'vs-ssh.visualstudio.com, ...etc'
sshPublicKey: 'ssh-rsa ...etc'
sshKeySecureFile: id_rsa
Upvotes: 3
Related Questions
- Azure build pipeline with dependency on private AZ repo
- How to access a private repository from a pipeline Azure Devops?
- Flutter Pipeline in Azure DevOps
- flutter build pipeline with azure devops
- How to get access to private repository of the same project inside an Azure pipeline on Ubuntu?
- Issue with Flutter commands from CI/CD pipelines
- Consuming Package From Private Azure Artifacts In Azure DevOps Server
- How to create Azure Cloud Service package from MsBuild in azure pipeline
- Adding files to build package artifacts
- How to use private npm package feed on visual studio team services build and release management