We have improved the experience with PowerShellGet and private NuGet feeds by focusing on pain points using an Azure Artifacts feed. We addressed pain points by enabling/documenting the following features:
- Non-PAT authentication for package management
- Credential persistence in Register-PSRepository
These improvements will effect the following cmdlets:
- Register-PSRepository
- Set-PSRepository
- Find-Module/Script
- Install-Module/Script
- Update-Module/Script
- Save-Module/Script
- Publish-Module/Script
What is Azure Artifacts and Why would I use it?
Azure Artifacts is an Azure DevOps service which introduces the concept of multiple feeds that you can use to organize and control access to your packages. In other words it is a place for storing and sharing packages with controlled access through Azure DevOps. A common use scenario for Azure Artifacts with PowerShellGet is for organizations which need a controlled access feed for sharing their private internal packages and vetted external packages within their organization. Package owners may also want to use Azure Artifacts as part of their CI/CD pipeline in Azure DevOps. For more information on Azure Artifacts, check out their documentation.
Getting started with Azure Artifacts with PowerShellGet
Since these fixes were introduced into PackageManagement, verify you have at least version 1.4.4 of the PackageManagement module
to do this run Get-InstalledModule PackageManagement
. If you do not have this version 1.4.4 or higher run the command
Update-Module PackageManagement
and then refresh your PowerShell session. You should also ensure you have an up to date version of PowerShellGet (at least 2.2.1).
The next step is to create an Azure Artifacts feed, since Azure Artifacts is an Azure DevOps service you will need to create an Azure DevOps account if you don’t already have one.
Once you gave an account you can create an Azure Artifacts feed. To do this, follow these steps. Return here for instructions on how to connect to the feed and publish packages.
The other component you will need is the Azure Artifacts credential provider. The credential provider comes pre-installed with Visual studio, so if you have VS 15.9, you don’t need to install anything. Otherwise the steps for installing the credential provider, which are platform dependent are provided here.
To register your feed as a PSRepository you will need a name, source location, and publish location. The name is what you will call the PSRepository and can be anything you chose in this example we call it “myAzArtifactsRepo”. Your source location, and publish location will be the same uri and will be the format: “https://pkgs.dev.azure.com/’yourorganizationname’/_packaging/’yourfeedname’/nuget/v2“.
You are now ready to register your Az DevOps feed as a PSRepository using the following command:
Register-PsRepository myAzArtifactsRepo -SourceLocation "https://pkgs.dev.azure.com/'yourorganizationname'/_packaging/'yourfeedname'/nuget/v2" -PublishLocation "https://pkgs.dev.azure.com/'yourorganizationname'/_packaging/'yourfeedname'/nuget/v2"
When you run this command you will be prompted with a device flow url which will allow you to authenticate the repository. In general you have three main options for authentication:
-
- Register the repository without the -Credential parameter [see above] and use the device flow url.
- Explicitly provide a credential. To do this use the -Credential parameter when you register the PSRepository and provide a personal access token (PAT). For more information on how to get a PAT check out the documentation. Note that if you chose this method the credentials will not be cached.
- Configure an environment variable with your credentials. To do set the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS variable to
{"endpointCredentials": [{"endpoint":"https://pkgs.dev.azure.com/'yourorganizationname'/_packaging/'yourfeedname'/nuget/v2", "username":"yourusername", "password":"accesstoken"}]}
Note may need to restart the agent service or the computer before the environment variables are available to the agent. For assistance with this step check out the Artifacts Credential Provider GitHub.
Let’s publish a PowerShell Gallery package to our Azure DevOps feed. To do this, you need to first save the module then, publish it using the following commands:
<code>Save-Module -Name SHiPS -Repository PSGallery -Path '.' Publish-Module -path "path\to\module"\SHiPS -Repository myAzArtifactsRepo -NuGetApiKey <key-- any arbitrary string> </code>
Now that we have some packages let’s find and install them:
Find-module -name SHiPS -Repository myAzArtifactsRepo
Install-Module -name SHiPS -Repository myAzArtifactsRepo
Now that you can manage packages on your feed, you may want to share it with other users. To manage the access to your feed use the feed settings in Azure Artifacts. For more information on this check out the documentation.
Getting Feedback
If you encounter any issues we would love to hear about it on our GitHub page. Please file an issue letting us know what we can do to make your experience better.
Using the Azure Artifacts Credential Manager still does not work with PowerShellGet 2.2.1 and PackageManagement 1.4.5 to authenticate without the -Credential parameter. Looks like it was addressed here: https://github.com/PowerShell/PowerShellGet/issues/499
Any update?
This doesn’t seem to work with PowerShell Core. I get “WARNING: Unable to resolve package source”. If I try on Windows PowerShell it is fine.
It doesn’t work on Linux.
I suppose that PowerShellGet being a core module it should be multi platform.
Any plan to add support to Linux and MacOS?
Thanks for this post Sydney.
I recently finished a blog post on publishing PowerShell Modules to Azure Artifacts, including this script: https://adamrushuk.github.io/example-azure-devops-release-pipeline-for-powershell-modules/#publish-azdoartifactfeedps1
I created that script a while back for VSTS when there were also credential issues, but it still works for Azure DevOps. I believe the latest versions of PowerShellGet / PackageManagement sorted some issues out.
Looks like 2.1.5 was just released and I’m now able to invoke Register-PSRepository and Update-Module as expected, with the latter requiring Credential parameter to be specified.
Following the instructions posted for registering Azure Devops feed as a PS repo only gives me the error: The specified Uri ‘https://pkg.dev.azure.com/yourorganization/_packaging/yourfeed/nuget/v2’ for parameter ‘SourceLocation’ is an invalid Web Uri. Please ensure that it meets the Web Uri requirements. I swapped out yourorganization and yourfeed with actual values and specified the -Credential parameter.
At first glance, version 2.1.4 appears to have broken PAT-based authentication. Prior to this version, I have been able to update my private module hosted in an Azure Devops nuget feed. Interestingly, a cmd window from VS2019’s CredentialProvider.Microsoft.exe came up twice while I invoked Update-Module or Set-PSrepository. Why would these two independent modules be interacting with each other?
Cannot ReproAfter registering the feed, if I `Find-Module` I get prompted again for “devicelogin” and it creates **another** PAT token. If I then `Find-Module` for a _different_ module, it prompts me **_again_** … and again, and again.What do I have to do to make the credentials stick? Because without sticky credentials, it doesn’t seem like you’ve actually fixed anything!
Note that if users only have the PackageManagement module version that was installed with PowerShell, Update-Module will not work since it wasn’t installed with PSGet. You’ll initially need to use Install-Module.