Configuring nuget for visual-studio-generated docker build

Question

Visual Studio now generates Dockerfile for dotnet projects, and we are using it (with slight tweaks) for our continuous integration.

However that Dockerfile does not have any provision for configuring nuget. It even only copies the .csproj file from context before running dotnet restore to avoid re-running that step during development.

But our project requires some modules from internal, password-protected repository, so I need to provide package sources and credentials to the dotnet restore command inside.

What is the best current practice for injecting a (environment-specific) nuget configuration?

Answer 1

This is documented here: https://github.com/dotnet/dotnet-docker/blob/main/documentation/scenarios/nuget-credentials.md.

To summarize, there are a variety of ways in which this can be done:

• Use a multi-stage build to protect nuget.config that contains hard-coded credentials. Only recommended if you ensure that credentials are kept out of source code control and the nuget.config file is ephemeral.
• Passing secrets by file with BuildKit. This is similar to the previous option but makes use of Dockerfile secrets to provide access to the nuget.config file.
• Use environment variables in nuget.config. In this scenario, the nuget.config file would reference environment variables for its credential values. The environment variables would then be set by the build machine when executing a docker build.
• Use the Azure Artifact Credential Provider. This is only possible if you make use of Azure Artifacts for your package feed.

No matter which option you choose, be sure that credentials are never stored within an image layer that is published.