In our company, we have a private repo on Github where we have our internal nuget packages. On my laptop, on another API solution, I can restore the nuget packages using my github credentials.
I'm configuring the github actions to check the PR and deploy the API but when I want to restore nugets, I have an 403 error:
Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
I have read many documentations and posts on Stack overflow explaining how to use a PAT. But this is not the solution I want to use. I don't want the worklow linked to my account. If I'm not there anymore in the company I want the workflow to continue to work.
So I decided to use the Github App, here are the permissions:
I'm able to generate the token using:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
Then I add the nuget source using the token
- name: Restore .NET project Dependencies
run: dotnet nuget update source SKDotNetPackages --source "https://nuget.pkg.github.com/sidekick-interactive/index.json" --username ${{ github.event.pull_request.user.login }} --password ${{ steps.app-token.outputs.token }} --store-password-in-clear-text
but when I restore the nugets using:
- name: Restore .NET project Dependencies
run: find . -name '*.csproj' -exec dotnet restore {} \;
it generates a 403 error.
Do you have any idea how to restore nuget from private github feed using Github App and no PAT?