Hi,
In my project we enabled Nuget PackageSourceMapping recently. It took a while, I think because of the dependency caching, but now all of our signing tasks are failing with an error saying The --add-source option cannot be combined with package source mapping..
Since we already have the default, public Nuget feed configured, I wonder why a new source is added anyway.
Maybe it would be possible to ignore the Nuget.Config file for nuget commands by this action?
Or maybe easier, could the action move the path outside of my repo, before installing dependencies?
Our Nuget.Config in the root of our repo looks like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="nuget" value="https://api.nuget.org/v3/index.json" />
<add key="my-internal-feed" value="https://nuget.pkg.github.com/my-cool-org/index.json" />
</packageSources>
<packageSourceMapping>
<packageSource key="my-internal-feed">
<package pattern="MyInternalDependency" />
</packageSource>
<packageSource key="nuget">
<package pattern="*" />
</packageSource>
</packageSourceMapping>
</configuration>
These are the logs:
Run azure/artifact-signing-action@v1.2.0
Run if ($env:RUNNER_OS -ne 'Windows') {
Run $defaultPath = $env:PSModulePath -split ';' | Select-Object -First 1
Run actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7
Cache hit for: TrustedSigning-0.5.8
Received 23694 of 23694 (100.0%), 0.1 MBs/sec
Cache Size: ~0 MB (23694 B)
"C:\Program Files\Git\usr\bin\tar.exe" -xf D:/a/_temp/0efefa79-17bb-4ca7-bd9c-9a68c4a809f3/cache.tzst -P -C D:/a/telani/telani --force-local --use-compress-program "zstd -d"
Cache restored successfully
Cache restored from key: TrustedSigning-0.5.8
Run actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7
Cache hit for: Microsoft.Windows.SDK.BuildTools-10.0.26100.4188
Received 25165824 of 43521604 (57.8%), 23.8 MBs/sec
Received 43521604 of 43521604 (100.0%), 34.1 MBs/sec
Cache Size: ~42 MB (43521604 B)
"C:\Program Files\Git\usr\bin\tar.exe" -xf D:/a/_temp/fe4bbe15-49ad-433a-8e2f-a2b1384b0ce6/cache.tzst -P -C D:/a/telani/telani --force-local --use-compress-program "zstd -d"
Cache restored successfully
Cache restored from key: Microsoft.Windows.SDK.BuildTools-10.0.26100.4188
Run actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7
Cache hit for: Microsoft.Trusted.Signing.Client-1.0.95
Received 19454495 of 27843103 (69.9%), 18.5 MBs/sec
Received 27843103 of 27843103 (100.0%), 23.0 MBs/sec
Cache Size: ~27 MB (27843103 B)
"C:\Program Files\Git\usr\bin\tar.exe" -xf D:/a/_temp/f2349e3e-5567-4cb5-bae4-1b23314e3d45/cache.tzst -P -C D:/a/telani/telani --force-local --use-compress-program "zstd -d"
Cache restored successfully
Cache restored from key: Microsoft.Trusted.Signing.Client-1.0.95
Run actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7
Cache not found for input keys: SignCli-0.9.1-beta.25330.2
Run $params = @{}
Checking for required dependencies.
Build tools package installed: True
Trusted signing package installed: True
Sign CLI package installed: False
Installing required dependencies.
Found existing package source: https://www.nuget.org/api/v2/
Installing package: sign 0.9.1-beta.24469.1
The --add-source option cannot be combined with package source mapping. To use an additional source, update your NuGet configuration file's source mapping settings. Learn more: https://aka.ms/nuget-package-source-mapping
Exception: Failed to install package: sign 0.9.1-beta.24469.1
Error: Process completed with exit code 1.
Hi,
In my project we enabled Nuget PackageSourceMapping recently. It took a while, I think because of the dependency caching, but now all of our signing tasks are failing with an error saying
The --add-source option cannot be combined with package source mapping..Since we already have the default, public Nuget feed configured, I wonder why a new source is added anyway.
Maybe it would be possible to ignore the Nuget.Config file for nuget commands by this action?
Or maybe easier, could the action move the path outside of my repo, before installing dependencies?
Our Nuget.Config in the root of our repo looks like this:
These are the logs: