We use a lot of private NuGet packages in projects and have been using Azure DevOps to host these packages. The idea of using GitHub Actions for more CI/CD work rather than DevOps is attractive as it keeps the code repo and deployment all in the same location. The natural step is to move our NuGet packages to GitHub as well.
A little extra wrinkle is that accessing a DevOps package in Visual Studio is easy because of the integrated authentication but for GitHub you need to store a Personal Access Token (PAT) to authenticate and pull your packages into Visual Studio.
We go to significant lengths to keep secrets out of config files, and this is no different. Putting our PAT in clear text in a NuGet config files is a no go. Fortunately, we can use the “dotnet nuget add source” command in PowerShell which will encrypt our PAT and add our private GitHub package feed into Visual Studio:
A few more useful commands
List all nuget sources on your local machine:
Remove a source:
It’s also worth a quick note that if you add a nuget.config file to your solution it will override your machine sources.
