I have a project repository on Gitlab.com which builds, using a NuGet package from another project i have on GitLab.com. To build (and restore), i added the NuGet repositorie(s) with 'dotnet nuget add source ...' and the option --store-password-in-clear-text. I used the CICD variable $CI_JOB_TOKEN as password. That worked ok for some time. But since about last week, it says:
error NU1301: Unable to load the service index for source ...
I also tried not adding the source via dotnet nuget add source, but use a NuGet.Config. But with the same result. On my local Windows machine it works fine with the exact same sources (also with NuGet.Config).
What could be wrong here now since last week?
Edit: When it try to open the NuGet repo Url in Browser, i get a correct JSON response. The package name and version are correctly spelled and existing in the repository.
Edit2: i use this image for cicd runner: mcr.microsoft.com/dotnet/sdk:7.0
No idea anyone? On another gitlab project i experienced, that a referenced NuGet package could "not be found". It seems only NuGet packages from my own repos on gitlab.com show this behaviour.
Edit3: I investigated a bit further.
I went into my build container, installed nuget and tried to inspect the repository.
But for the gitlab source, it always tells me:
WARNING: The remote server returned an error: (404) Not Found.
I used exactly the url as shown in Gitlab package info. The URLs look like:
https://gitlab.com/api/v4/groups/<groupnr>/packages/nuget/index.json
https://gitlab.com/api/v4/projects/<projectnr>/packages/nuget/index.json
So folks, i think i found an answer or at least a solution/workaround.
I'm not very satisfied with this, but it works.
It seems as if Gitlab, in the free tier, no longer allows authentication for retrieving from its own Nuget repositories (probably only at the group level) via job token. Pushing to the project level repository still works. This has definitely been possible so far. Now this seems to be reserved for the paid versions. If I create a corresponding token, I can also retrieve my NuGet packages from my GitLab registry again. Of course I have to store this token somewhere. I'm currently doing this in a secured group variable. Overall, however, I think this is a worse solution. Gitlab should actually have an interest in a secure solution and not limit an existing option for the sake of profit!
If anyone knows a better solution, please let me know.