GitHub Packages feeds always need to be authenticated. This means if your feed is public you still have to authenticate on your development machine and build server just like you would if it was a private feed.
To setup the feed locally a Personal Access Token needs to be created with the repo
and read:packages
scopes.
If you're going to be publishing packages with this token you'll also need the write:packages
scope.
Next you'll add this source to your profile's nuget.config
using your GitHub username and the PAT as your password.
dotnet nuget add source \
https://nuget.pkg.github.com/xt0rted/index.json \
--name github-xt0rted \
--username gh-username
--password ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If you're consuming packages from the same repo that they were published from you can use the runner provided GITHUB_TOKEN
, otherwise we'll need to use a PAT with repo
and read:packages
scopes.
First you'll need to add a repository secret (in this example GPR_READ_TOKEN
) with your PAT.
Next you'll configure the action workflow to use it.
- name: Setup .NET Core
uses: actions/setup-dotnet@v1
with:
source-url: https://nuget.pkg.github.com/xt0rted/index.json
env:
NUGET_AUTH_TOKEN: ${{ secrets.GPR_READ_TOKEN }}
If you're publishing a package to GPR you can use the runner provided GITHUB_TOKEN
instead of a PAT with the write:packages
scope.
Due to how NuGet handles api token authentication you need to specify the token in the command.
If you're only publishing packages it's not necessary to add the source in the actions/setup-dotnet
step.
- name: Publish to GPR
shell: bash
run: |
dotnet nuget push "./artifacts/*.nupkg" \
--api-key ${{ secrets.GITHUB_TOKEN }} \
--source https://nuget.pkg.github.com/${{ github.repository_owner }}