DevOps - Pipeline and Workflow Examples

This repository contains a rich set of CI-CD demos where I show you how to:

• Connect to private nuget feeds; Azure, GitHub packages, and custom (eg Telerik).
• Build .NET apps and publish to a container registry; Docker, Azure, GitHub, etc.

Although I use Telerik's NuGet server because I have a license, these demos are good for any private feed type; just use your source URL and credentials instead!

Table of Contents

• CI Systems
• Build Badges
• Videos
  • Authenticating in Azure DevOps
• Tips and Troubleshooting
  • Walkthrough: Use GitHub Secrets
  • Example: Update package source dynamically
  • Example Using Telerik NuGet Keys
  • Dockerfile: Using Secrets
• Related Blog Posts
  • Blog: DevOps and Telerik NuGet Packages
  • Blog: Announcing Telerik NuGet Keys

CI Systems

Badges

Project	Azure DevOps	GitHub Actions	GitLab CI
ASP.NET AJAX
ASP.NET Core			n/a
ASP.NET Blazor
WPF (net48)
WinForms (net48)
Console
UWP
WinUI 3
.NET MAUI
Xamarin.Forms
Kendo Angular

Bonus Notes

• Docker and DockerHub integration:
  • The workflows/main_build-aspnetcore.yml uses a Dockerfile to build and publish a Linux image to DockerHub => lancemccarthy/myaspnetcoreapp.
    • Ex. docker run -d -p 8080:8080 lancemccarthy/myaspnetcoreapp:latest
    • Ex. docker run -d -p 8080:8080 lancemccarthy/myblazorapp:latest
  • For a real-world example, visit Akeyless Web Target's docker-publish.yml, which builds and publishes the lancemccarthy/secretsmocker container image to Docker Hub.
    • Ex. docker run -d -p 8080:80 lancemccarthy/secretsmocker:latest
• Azure DevOps: All statuses are for classic pipelines, except the Console project, which uses Azure DevOps YAML pipelines.

Videos

Azure DevOps with Telerik NuGet Server

The following 4 minute video takes you though all the steps on adding a private NuGet feed as a Service Connection and consuming that service in three different pipeline setups.

• 0:09 Add a Service connection to the Telerik server
• 1:14 Classic pipeline for .NET Core
• 1:47 Classic .NET Framework pipeline
• 2:25 YAML pipeline setup for .NET Core

Tips and Troubleshooting

GitHub Actions: Using Secrets to Set Environment Variables

A common problem to run into is to think that the environment variable is the same thing as the GitHub Secret (or Azure DevOps pipeline variable). In this demo, I intentionally named the secrets a different name than the environment variable name so that it is easier for you to tell the difference.

However, I know that not everyone has the time to watch the video and just copy/paste the YAML instead. This will cause you to hit a roadblock because you missed the part about setting up the GitHub secret, Azure DevOps pipeline variable or . Here is a 2 screenshot crash-course on how to get back on track.

In your YAML, you probably have done this:

That mean you must also have the secrets in your Settings > Secrets list

Powershell: Update Package Source Dynamically

You could also dynamically update the credentials of a Package Source defined in your nuget.config file This is a good option when you do not want to use a packageSourceCredentials section that uses environment variables.

# Updates a source named 'Telerik' in the nuget.config
dotnet nuget update source "Telerik" --source "https://nuget.telerik.com/v3/index.json" --configfile "src/nuget.config" --username '${{ secrets.MyTelerikEmail }}' --password '${{ secrets.MyTelerikPassword }}' --store-password-in-clear-text

That command will look through the nuget.config for a package source with the key Telerik and then add/update the credentials for that source.

The --store-password-in-clear-text switch is important. It does not mean the password is visible, rather it means that you're using the password text and not a custom encrypted variant. For more information, please visit https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials

Using Telerik NuGet Keys

You can use the same approach in the previous section. Everything is exactly the same, except you use api-key for the username and the NuGet key for the password.

Please visit the Announcing NuGet Keys blog post for more details how ot create the key and how to use it.

dotnet nuget update source "Telerik" --source "https://nuget.telerik.com/v3/index.json" --configfile "src/nuget.config" --username 'api-key' --password '${{ secrets.MyNuGetKey }}' --store-password-in-clear-text

IMPORTANT: Protect your key by storing it in a GitHub Secret, then use the secret's varible name in the command

Dockerfile: Using Secrets

When using a Dockerfile to build a .NET project that uses the Telerik NuGet server, you'll need a safe and secure way to handle your crednetials. This can be done my mounting a Docker secret, which is a 1-liner in theDockerfile. Let's walkthrough through the highlights.

In your GitHub Actions workflow, you can set a secret in the same step that you build/publish the container. In the following YAML, notice we're using a GitHub Actions Secret to set a Docker secret: telerik_key=${{ secrets.TELERIK_NUGET_KEY }}

    - uses: docker/build-push-action@v3
      with:
        secrets: |
          telerik_key=${{ secrets.TELERIK_NUGET_KEY }}
     ...

Now, insdie the Dockerfie itself, we can mount that secret:

# Here we use a docker secret to update the 'Telerik_Feed' package source, then restore then build
RUN --mount=type=secret,id=telerik_key \
  echo $(cat /run/secrets/telerik_key)

Now that the secret's value is available (/run/secrets/telerik_key in this case), it can be used in subsequent dotnet commands. For example here, I update the Telerik package source's credentials.

dotnet nuget update source "Telerik_Feed" -s "https://nuget.telerik.com/v3/index.json" -u "api-key" -p $(cat /run/secrets/telerik_key) --configfile "./NuGet.Config" --store-password-in-clear-text \

For a complete demo, see the complete Dockerfile and the complete workflow.