From f2d59c5b1382b6096c10bc2a707bb2ff4d8f3a63 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 16:50:37 +0000
Subject: [PATCH 1/5] Initial plan
From 18e4b3b210459b3fd89843765f09f9b31d0919cd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 17:00:08 +0000
Subject: [PATCH 2/5] Use SetupNugetSources.sh on Unix and align credential
update behavior
---
eng/common/SetupNugetSources.ps1 | 1 +
eng/common/SetupNugetSources.sh | 27 ++++++++-
.../steps/enable-internal-sources.yml | 57 +++++++++++++------
.../CredentialHandlingTests.cs | 46 +++++++++++++++
4 files changed, 112 insertions(+), 19 deletions(-)
diff --git a/eng/common/SetupNugetSources.ps1 b/eng/common/SetupNugetSources.ps1
index fc8d618014e..8e56db4f965 100644
--- a/eng/common/SetupNugetSources.ps1
+++ b/eng/common/SetupNugetSources.ps1
@@ -25,6 +25,7 @@
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)][string]$ConfigFile,
+ [Alias("CredentialToken")]
$Password
)
diff --git a/eng/common/SetupNugetSources.sh b/eng/common/SetupNugetSources.sh
index b97cc536379..1fa1be017c8 100755
--- a/eng/common/SetupNugetSources.sh
+++ b/eng/common/SetupNugetSources.sh
@@ -181,9 +181,13 @@ PackageSources+=$(grep -oh '"darc-int-[^"]*"' $ConfigFile | tr -d '"')
IFS=$PrevIFS
if [ "$CredToken" ]; then
- for FeedName in ${PackageSources[@]} ; do
+ EscapedCredToken=$(printf '%s' "$CredToken" | sed 's/[&|\\]/\\&/g')
+
+ UpsertCredential() {
+ local FeedName="$1"
+
# Check if there is no existing credential for this FeedName
- grep -i "<$FeedName>" $ConfigFile
+ grep -i "<$FeedName>" "$ConfigFile" > /dev/null
if [ "$?" != "0" ]; then
echo " Inserting credential for feed: $FeedName"
@@ -191,6 +195,25 @@ if [ "$CredToken" ]; then
NewCredential="${TB}${TB}<$FeedName>${NL}${TB}${NL}${TB}${TB}${NL}${TB}${TB}"
sed -i.bak "s|$PackageSourceCredentialsNodeFooter|$NewCredential${NL}$PackageSourceCredentialsNodeFooter|" $ConfigFile
+ return
+ fi
+
+ # Existing credential node should match SetupNugetSources.ps1 behavior and refresh Username/ClearTextPassword.
+ sed -i.bak "/<$FeedName>/,/<\/$FeedName>/ s|||I" "$ConfigFile"
+ sed -i.bak "/<$FeedName>/,/<\/$FeedName>/ s|||I" "$ConfigFile"
+
+ sed -n "/<$FeedName>/,/<\/$FeedName>/p" "$ConfigFile" | grep -i " /dev/null
+ if [ "$?" != "0" ]; then
+ sed -i.bak "/<$FeedName>/a\\${TB}${TB}" "$ConfigFile"
+ fi
+
+ sed -n "/<$FeedName>/,/<\/$FeedName>/p" "$ConfigFile" | grep -i " /dev/null
+ if [ "$?" != "0" ]; then
+ sed -i.bak "/<\/$FeedName>/i\\${TB}${TB}" "$ConfigFile"
fi
+ }
+
+ for FeedName in ${PackageSources[@]} ; do
+ UpsertCredential "$FeedName"
done
fi
diff --git a/eng/common/core-templates/steps/enable-internal-sources.yml b/eng/common/core-templates/steps/enable-internal-sources.yml
index 4085512b690..b34eb8f4ecc 100644
--- a/eng/common/core-templates/steps/enable-internal-sources.yml
+++ b/eng/common/core-templates/steps/enable-internal-sources.yml
@@ -14,33 +14,56 @@ parameters:
steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- ${{ if ne(parameters.legacyCredential, '') }}:
- - task: PowerShell@2
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token
- env:
- Token: ${{ parameters.legacyCredential }}
+ - ${{ if eq(variables['Agent.Os'], 'Windows_NT') }}:
+ - task: PowerShell@2
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $Env:Token
+ env:
+ Token: ${{ parameters.legacyCredential }}
+ - ${{ else }}:
+ - task: Bash@3
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ arguments: $(System.DefaultWorkingDirectory)/NuGet.config $Token
+ env:
+ Token: ${{ parameters.legacyCredential }}
# If running on dnceng (internal project), just use the default behavior for NuGetAuthenticate.
# If running on DevDiv, NuGetAuthenticate is not really an option. It's scoped to a single feed, and we have many feeds that
# may be added. Instead, we'll use the traditional approach (add cred to nuget.config), but use an account token.
- ${{ else }}:
- ${{ if eq(variables['System.TeamProject'], 'internal') }}:
- - task: PowerShell@2
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config
+ - ${{ if eq(variables['Agent.Os'], 'Windows_NT') }}:
+ - task: PowerShell@2
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config
+ - ${{ else }}:
+ - task: Bash@3
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ arguments: $(System.DefaultWorkingDirectory)/NuGet.config
- ${{ else }}:
- template: /eng/common/templates/steps/get-federated-access-token.yml
parameters:
federatedServiceConnection: ${{ parameters.nugetFederatedServiceConnection }}
outputVariableName: 'dnceng-artifacts-feeds-read-access-token'
- - task: PowerShell@2
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $(dnceng-artifacts-feeds-read-access-token)
+ - ${{ if eq(variables['Agent.Os'], 'Windows_NT') }}:
+ - task: PowerShell@2
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $(dnceng-artifacts-feeds-read-access-token)
+ - ${{ else }}:
+ - task: Bash@3
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ arguments: $(System.DefaultWorkingDirectory)/NuGet.config $(dnceng-artifacts-feeds-read-access-token)
# This is required in certain scenarios to install the ADO credential provider.
# It installed by default in some msbuild invocations (e.g. VS msbuild), but needs to be installed for others
# (e.g. dotnet msbuild).
diff --git a/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs b/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs
index accb4518aaf..a2c993c11c0 100644
--- a/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs
+++ b/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs
@@ -3,7 +3,9 @@
using System;
using System.IO;
+using System.Linq;
using System.Threading.Tasks;
+using System.Xml.Linq;
using AwesomeAssertions;
using Microsoft.DotNet.XUnitExtensions;
using Xunit;
@@ -143,6 +145,50 @@ public async Task ConfigWithExistingCredentials_PreservesAndAddsNew()
modifiedConfig.ShouldContainCredentials("dotnet6-internal-transport", "dn-bot", "should add credentials for new transport feed");
}
+ [Fact]
+ public async Task ConfigWithExistingInternalFeedCredentials_UpdatesCredentialValues()
+ {
+ // Arrange
+ var originalConfig = @"
+
+
+
+
+
+
+
+
+
+
+
+
+";
+ var configPath = Path.Combine(_testOutputDirectory, "nuget.config");
+ await Task.Run(() => File.WriteAllText(configPath, originalConfig));
+ var testCredential = "new-password";
+
+ // Act
+ var result = await _scriptRunner.RunScript(configPath, testCredential);
+
+ // Assert
+ result.exitCode.Should().Be(0, "script should succeed, but got error: {result.error}");
+ var modifiedConfig = await Task.Run(() => File.ReadAllText(configPath));
+ modifiedConfig.ShouldContainCredentials("dotnet6-internal", "dn-bot", "should update username for existing internal feed credentials");
+
+ var doc = XDocument.Parse(modifiedConfig);
+ var internalFeedCredentials = doc.Root?.Element("packageSourceCredentials")?.Element("dotnet6-internal");
+ internalFeedCredentials.Should().NotBeNull("credentials for dotnet6-internal should exist");
+
+ internalFeedCredentials!.Elements("add").Count(e => e.Attribute("key")?.Value == "Username")
+ .Should().Be(1, "there should be exactly one username entry");
+ internalFeedCredentials.Elements("add").Count(e => e.Attribute("key")?.Value == "ClearTextPassword")
+ .Should().Be(1, "there should be exactly one password entry");
+
+ var passwordElement = internalFeedCredentials.Elements("add").FirstOrDefault(e => e.Attribute("key")?.Value == "ClearTextPassword");
+ passwordElement.Should().NotBeNull("clear text password should exist");
+ passwordElement!.Attribute("value")?.Value.Should().Be(testCredential, "clear text password should be updated to the provided credential");
+ }
+
[Fact]
public async Task ConfigWithDarcIntFeeds_AddsCredentialsForEnabledFeeds()
{
From 1ba6cbfcf6562fdb2bb6d2dc0804c3cdca4a53b0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 17:16:44 +0000
Subject: [PATCH 3/5] Use runtime OS conditions in enable-internal-sources
template
---
.../steps/enable-internal-sources.yml | 74 +++++++++----------
1 file changed, 37 insertions(+), 37 deletions(-)
diff --git a/eng/common/core-templates/steps/enable-internal-sources.yml b/eng/common/core-templates/steps/enable-internal-sources.yml
index b34eb8f4ecc..f77a2527f32 100644
--- a/eng/common/core-templates/steps/enable-internal-sources.yml
+++ b/eng/common/core-templates/steps/enable-internal-sources.yml
@@ -14,56 +14,56 @@ parameters:
steps:
- ${{ if ne(variables['System.TeamProject'], 'public') }}:
- ${{ if ne(parameters.legacyCredential, '') }}:
- - ${{ if eq(variables['Agent.Os'], 'Windows_NT') }}:
+ - task: PowerShell@2
+ condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $Env:Token
+ env:
+ Token: ${{ parameters.legacyCredential }}
+ - task: Bash@3
+ condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ arguments: $(System.DefaultWorkingDirectory)/NuGet.config $Token
+ env:
+ Token: ${{ parameters.legacyCredential }}
+ # If running on dnceng (internal project), just use the default behavior for NuGetAuthenticate.
+ # If running on DevDiv, NuGetAuthenticate is not really an option. It's scoped to a single feed, and we have many feeds that
+ # may be added. Instead, we'll use the traditional approach (add cred to nuget.config), but use an account token.
+ - ${{ else }}:
+ - ${{ if eq(variables['System.TeamProject'], 'internal') }}:
- task: PowerShell@2
+ condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $Env:Token
- env:
- Token: ${{ parameters.legacyCredential }}
- - ${{ else }}:
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config
- task: Bash@3
+ condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
- arguments: $(System.DefaultWorkingDirectory)/NuGet.config $Token
- env:
- Token: ${{ parameters.legacyCredential }}
- # If running on dnceng (internal project), just use the default behavior for NuGetAuthenticate.
- # If running on DevDiv, NuGetAuthenticate is not really an option. It's scoped to a single feed, and we have many feeds that
- # may be added. Instead, we'll use the traditional approach (add cred to nuget.config), but use an account token.
- - ${{ else }}:
- - ${{ if eq(variables['System.TeamProject'], 'internal') }}:
- - ${{ if eq(variables['Agent.Os'], 'Windows_NT') }}:
- - task: PowerShell@2
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config
- - ${{ else }}:
- - task: Bash@3
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
- arguments: $(System.DefaultWorkingDirectory)/NuGet.config
+ arguments: $(System.DefaultWorkingDirectory)/NuGet.config
- ${{ else }}:
- template: /eng/common/templates/steps/get-federated-access-token.yml
parameters:
federatedServiceConnection: ${{ parameters.nugetFederatedServiceConnection }}
outputVariableName: 'dnceng-artifacts-feeds-read-access-token'
- - ${{ if eq(variables['Agent.Os'], 'Windows_NT') }}:
- - task: PowerShell@2
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $(dnceng-artifacts-feeds-read-access-token)
- - ${{ else }}:
- - task: Bash@3
- displayName: Setup Internal Feeds
- inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
- arguments: $(System.DefaultWorkingDirectory)/NuGet.config $(dnceng-artifacts-feeds-read-access-token)
+ - task: PowerShell@2
+ condition: and(succeeded(), eq(variables['Agent.Os'], 'Windows_NT'))
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $(dnceng-artifacts-feeds-read-access-token)
+ - task: Bash@3
+ condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
+ displayName: Setup Internal Feeds
+ inputs:
+ filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
+ arguments: $(System.DefaultWorkingDirectory)/NuGet.config $(dnceng-artifacts-feeds-read-access-token)
# This is required in certain scenarios to install the ADO credential provider.
# It installed by default in some msbuild invocations (e.g. VS msbuild), but needs to be installed for others
# (e.g. dotnet msbuild).
From 12e7fde928762e290d1b83fc383cda6eff1855ef Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 17:22:50 +0000
Subject: [PATCH 4/5] Revert unneeded SetupNugetSources credential changes
---
eng/common/SetupNugetSources.ps1 | 1 -
eng/common/SetupNugetSources.sh | 27 +----------
.../steps/enable-internal-sources.yml | 4 +-
.../CredentialHandlingTests.cs | 46 -------------------
4 files changed, 4 insertions(+), 74 deletions(-)
diff --git a/eng/common/SetupNugetSources.ps1 b/eng/common/SetupNugetSources.ps1
index 8e56db4f965..fc8d618014e 100644
--- a/eng/common/SetupNugetSources.ps1
+++ b/eng/common/SetupNugetSources.ps1
@@ -25,7 +25,6 @@
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)][string]$ConfigFile,
- [Alias("CredentialToken")]
$Password
)
diff --git a/eng/common/SetupNugetSources.sh b/eng/common/SetupNugetSources.sh
index 1fa1be017c8..b97cc536379 100755
--- a/eng/common/SetupNugetSources.sh
+++ b/eng/common/SetupNugetSources.sh
@@ -181,13 +181,9 @@ PackageSources+=$(grep -oh '"darc-int-[^"]*"' $ConfigFile | tr -d '"')
IFS=$PrevIFS
if [ "$CredToken" ]; then
- EscapedCredToken=$(printf '%s' "$CredToken" | sed 's/[&|\\]/\\&/g')
-
- UpsertCredential() {
- local FeedName="$1"
-
+ for FeedName in ${PackageSources[@]} ; do
# Check if there is no existing credential for this FeedName
- grep -i "<$FeedName>" "$ConfigFile" > /dev/null
+ grep -i "<$FeedName>" $ConfigFile
if [ "$?" != "0" ]; then
echo " Inserting credential for feed: $FeedName"
@@ -195,25 +191,6 @@ if [ "$CredToken" ]; then
NewCredential="${TB}${TB}<$FeedName>${NL}${TB}${NL}${TB}${TB}${NL}${TB}${TB}"
sed -i.bak "s|$PackageSourceCredentialsNodeFooter|$NewCredential${NL}$PackageSourceCredentialsNodeFooter|" $ConfigFile
- return
- fi
-
- # Existing credential node should match SetupNugetSources.ps1 behavior and refresh Username/ClearTextPassword.
- sed -i.bak "/<$FeedName>/,/<\/$FeedName>/ s|||I" "$ConfigFile"
- sed -i.bak "/<$FeedName>/,/<\/$FeedName>/ s|||I" "$ConfigFile"
-
- sed -n "/<$FeedName>/,/<\/$FeedName>/p" "$ConfigFile" | grep -i " /dev/null
- if [ "$?" != "0" ]; then
- sed -i.bak "/<$FeedName>/a\\${TB}${TB}" "$ConfigFile"
- fi
-
- sed -n "/<$FeedName>/,/<\/$FeedName>/p" "$ConfigFile" | grep -i " /dev/null
- if [ "$?" != "0" ]; then
- sed -i.bak "/<\/$FeedName>/i\\${TB}${TB}" "$ConfigFile"
fi
- }
-
- for FeedName in ${PackageSources[@]} ; do
- UpsertCredential "$FeedName"
done
fi
diff --git a/eng/common/core-templates/steps/enable-internal-sources.yml b/eng/common/core-templates/steps/enable-internal-sources.yml
index f77a2527f32..5652c61643b 100644
--- a/eng/common/core-templates/steps/enable-internal-sources.yml
+++ b/eng/common/core-templates/steps/enable-internal-sources.yml
@@ -19,7 +19,7 @@ steps:
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $Env:Token
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $Env:Token
env:
Token: ${{ parameters.legacyCredential }}
- task: Bash@3
@@ -57,7 +57,7 @@ steps:
displayName: Setup Internal Feeds
inputs:
filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.ps1
- arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -CredentialToken $(dnceng-artifacts-feeds-read-access-token)
+ arguments: -ConfigFile $(System.DefaultWorkingDirectory)/NuGet.config -Password $(dnceng-artifacts-feeds-read-access-token)
- task: Bash@3
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
displayName: Setup Internal Feeds
diff --git a/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs b/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs
index a2c993c11c0..accb4518aaf 100644
--- a/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs
+++ b/src/Microsoft.DotNet.SetupNugetSources.Tests/CredentialHandlingTests.cs
@@ -3,9 +3,7 @@
using System;
using System.IO;
-using System.Linq;
using System.Threading.Tasks;
-using System.Xml.Linq;
using AwesomeAssertions;
using Microsoft.DotNet.XUnitExtensions;
using Xunit;
@@ -145,50 +143,6 @@ public async Task ConfigWithExistingCredentials_PreservesAndAddsNew()
modifiedConfig.ShouldContainCredentials("dotnet6-internal-transport", "dn-bot", "should add credentials for new transport feed");
}
- [Fact]
- public async Task ConfigWithExistingInternalFeedCredentials_UpdatesCredentialValues()
- {
- // Arrange
- var originalConfig = @"
-
-
-
-
-
-
-
-
-
-
-
-
-";
- var configPath = Path.Combine(_testOutputDirectory, "nuget.config");
- await Task.Run(() => File.WriteAllText(configPath, originalConfig));
- var testCredential = "new-password";
-
- // Act
- var result = await _scriptRunner.RunScript(configPath, testCredential);
-
- // Assert
- result.exitCode.Should().Be(0, "script should succeed, but got error: {result.error}");
- var modifiedConfig = await Task.Run(() => File.ReadAllText(configPath));
- modifiedConfig.ShouldContainCredentials("dotnet6-internal", "dn-bot", "should update username for existing internal feed credentials");
-
- var doc = XDocument.Parse(modifiedConfig);
- var internalFeedCredentials = doc.Root?.Element("packageSourceCredentials")?.Element("dotnet6-internal");
- internalFeedCredentials.Should().NotBeNull("credentials for dotnet6-internal should exist");
-
- internalFeedCredentials!.Elements("add").Count(e => e.Attribute("key")?.Value == "Username")
- .Should().Be(1, "there should be exactly one username entry");
- internalFeedCredentials.Elements("add").Count(e => e.Attribute("key")?.Value == "ClearTextPassword")
- .Should().Be(1, "there should be exactly one password entry");
-
- var passwordElement = internalFeedCredentials.Elements("add").FirstOrDefault(e => e.Attribute("key")?.Value == "ClearTextPassword");
- passwordElement.Should().NotBeNull("clear text password should exist");
- passwordElement!.Attribute("value")?.Value.Should().Be(testCredential, "clear text password should be updated to the provided credential");
- }
-
[Fact]
public async Task ConfigWithDarcIntFeeds_AddsCredentialsForEnabledFeeds()
{
From 205374e6dd6ef420adea3c47e9e70eab61fc9d4a Mon Sep 17 00:00:00 2001
From: Matt Mitchell
Date: Tue, 2 Jun 2026 14:43:02 -0700
Subject: [PATCH 5/5] Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
eng/common/core-templates/steps/enable-internal-sources.yml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/eng/common/core-templates/steps/enable-internal-sources.yml b/eng/common/core-templates/steps/enable-internal-sources.yml
index 5652c61643b..51af9a01709 100644
--- a/eng/common/core-templates/steps/enable-internal-sources.yml
+++ b/eng/common/core-templates/steps/enable-internal-sources.yml
@@ -26,8 +26,9 @@ steps:
condition: and(succeeded(), ne(variables['Agent.Os'], 'Windows_NT'))
displayName: Setup Internal Feeds
inputs:
- filePath: $(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh
- arguments: $(System.DefaultWorkingDirectory)/NuGet.config $Token
+ targetType: inline
+ script: |
+ "$(System.DefaultWorkingDirectory)/eng/common/SetupNugetSources.sh" "$(System.DefaultWorkingDirectory)/NuGet.config" "$Token"
env:
Token: ${{ parameters.legacyCredential }}
# If running on dnceng (internal project), just use the default behavior for NuGetAuthenticate.