Skip to content

Documentation is incorrect for private NuGet feed + Azure Pipelines scenario #7088

Open
Task
Open
Documentation is incorrect for private NuGet feed + Azure Pipelines scenario#7088
Task
Assignees
lbussell
Labels
area-documentationneeds-more-info
@lbussell

Description

@lbussell
lbussell
opened on Mar 16, 2026

Discussed in #7067

Originally posted by mturczyn March 7, 2026
In documentation/scenarios/nuget-credentials.md it is mentioned we can use Nuget Authenticate task in Azure pipelines

- task: Docker@2
  displayName: 'build container'
  inputs:
    command: 'build'
    dockerfile: '**/Dockerfile'
    arguments: '--build-arg FEED_ACCESSTOKEN=$(VSS_NUGET_ACCESSTOKEN)'

But that do not work (even echoing showed it as empty). I guess that might be due to the fact that VSS_NUGET_ACCESSTOKEN is secret value.

I wonder if I am correct about my assumption, or is there something I could do better? Something I have missed?

My workaround currently is to have custom task with docker build and push commands that accepts correctly VSS_NUGET_ACCESSTOKEN secret through environment variables

parameters:
  - name: acrServer
    type: string
  - name: containerRepository
    type: string
  - name: dockerfile
    type: string
  - name: buildContext
    type: string
  - name: dockerRegistryServiceConnection
    type: string
  - name: tags
    type: object # array
    default: []
  - name: push
    type: boolean

steps:
  - task: NuGetAuthenticate@1
    name: NuGetAuthenticate
    displayName: "Authenticate with NuGet feed"

  - task: Docker@2
    displayName: Login to ACR
    inputs:
      containerRegistry: ${{ parameters.dockerRegistryServiceConnection }}
      command: login

  - script: |
      # Build array of full image URLs
      IMAGE_URLS=()
      for tag in ${{ join(' ', parameters.tags) }}; do
        IMAGE_URLS+=("${{ parameters.acrServer }}/${{ parameters.containerRepository }}:$tag")
      done

      # Build docker build arguments
      BUILD_ARGS=""
      for image_url in "${IMAGE_URLS[@]}"; do
        BUILD_ARGS="$BUILD_ARGS -t $image_url"
      done

      docker build \
        --build-arg FEED_ACCESSTOKEN="$FEED_ACCESSTOKEN" \
        $BUILD_ARGS \
        -f ${{ parameters.dockerfile }} \
        ${{ parameters.buildContext }}

      # Push all images (if push is enabled)
      if [ "${{ parameters.push }}" == "True" ]; then
        for image_url in "${IMAGE_URLS[@]}"; do
          echo "Pushing image: $image_url"
          docker push "$image_url"
        done
      else
        echo "Push disabled - only building images"
      fi
    displayName: Build and Push to ACR
    env:
      FEED_ACCESSTOKEN: $(VSS_NUGET_ACCESSTOKEN) # secret mapped here, not as parameter
```</div>

Metadata

Metadata

Assignees

Labels

area-documentationneeds-more-info

Type

Task

Projects

.NET Docker

Status

Current Release

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions