Support dotnet nuget api-key option
What does this MR do and why?
Problem to solve:
Dotnet users should be able to use the NuGet package repository with the following command:
dotnet nuget push **/*.nupkg --source https://gitlab.com/api/v4/projects/1/packages/nuget/index.json --api-key PAT_TOKEN
Solution Details:
When executing
dotnet nuget push **/*.nupkg --source https://gitlab.com/api/v4/projects/1/packages/nuget/index.json --api-key PAT_TOKEN
the .net
client sends a get
request to GitLab NuGet Service Index endpoint to find the upload endpoint in the service response. The problem is that it doesn't send the --api-key
with the request. That would make the request halted as unauthorized.
To solve this, we decided to make the Service Index endpoint public.
After the request to the Service Index is successful, the .net
client sends the package file to the upload endpoint with the --api-key
. In this MR, we are adding the header API key as a new accepted way of authentication. This --api-key
can be:
personal_access_token
deploy_token
-
job_token
if the command is executed using CI/CD.
How to set up and validate locally
- Create a new project on your local instance or use an existing one.
- Ensure you have the NuGet CLI installed (see nuget docs for links to installation pages).
- In a new directory, run
nuget spec
. - Run
nuget pack
in the same directory, you should find a newly generated file namedPackage.1.0.0.nupkg
. - Push the package to your project:
dotnet nuget push Package.1.0.0.nupkg --source http://gdk.test:3000/api/v4/projects/<project_id>/packages/nuget/index.json --api-key <PAT_TOKEN or deploy_token>
- The package should be published successfully.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #214674 (closed)