-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
builds-1.6
-
None
-
Improvement
-
False
-
-
False
-
-
Description of problem:
I'm trying to set the proxy mirror for the S2I to Azure Artifacts. Since Azure Artifacts requires authentication, I had to mount nuget.config as a secret in the Build. I'm looking for a similar approach as for the standard BuildConfig, which works fine:
```
kind: BuildConfig
apiVersion: build.openshift.io/v1
metadata:
name: web-api-2
namespace: ci
spec:
output:
to:
kind: DockerImage
name: 'quay.io/pminkows/web-api-2:0.0.1'
pushSecret:
name: quay-auth
strategy:
type: Source
sourceStrategy:
from:
kind: ImageStreamTag
namespace: openshift
name: 'dotnet:9.0-ubi8'
source:
type: Git
git:
uri: 'https://github.com/piomin/web-api-2.git'
contextDir: src/WebApi.App
secrets:
- secret:
name: azure-artifacts-secret
destinationDir: /opt/app-root/src/
runPolicy: Serial
```
Our customer wants to switch OpenShift Build Shipwritght, b ut this is a blocker for them, since they use Azure Artifacts as artifacts repository and mirror.
Prerequisites (if any, like setup, operators/versions):
OpenShift Build operator installed.
Steps to Reproduce
Prepare the following `Build` object:
```
apiVersion: shipwright.io/v1beta1
kind: Build
metadata:
name: sample-dotnet-build
namespace: ci
spec:
output:
image: 'image-registry.openshift-image-registry.svc:5000/ci/web-api-2:latest'
paramValues:
- name: builder-image
value: 'registry.access.redhat.com/ubi8/dotnet-90:latest'
source:
contextDir: src/WebApi.App
git:
url: 'https://github.com/piomin/web-api-2.git'
type: Git
strategy:
kind: ClusterBuildStrategy
name: source-to-image-2
volumes:
- name: azure-artifacts-secret
secret:
secretName: azure-artifacts-secret
```
I also modified the strategy by adding a new volume and volume mounts to achieve the same behaviour as for OpenShift Build v1:
```
volumeMounts:
- mountPath: /s2i
name: s2i
- mountPath: /etc/pki/entitlement
name: etc-pki-entitlement
- mountPath: /opt/app-root/src/
name: azure-artifacts-secret
readOnly: true
workingDir: /s2i
volumes:
- emptyDir: {}
name: s2i
- emptyDir: {}
name: etc-pki-entitlement
overridable: true
- name: azure-artifacts-secret
overridable: true
secret:
secretName: azure-artifacts-secret
```
Here's my nuget.config, which is stored under nuget.config key in my azure-artifacts-secret:
```
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="pminkows" value="https://pkgs.dev.azure.com/pminkows/_packaging/pminkows/nuget/v3/index.json" />
</packageSources>
<packageSourceCredentials>
<pminkows>
<add key="Username" value="pminkows" />
<add key="ClearTextPassword" value="<MY_TOKEN>" />
</pminkows>
</packageSourceCredentials>
</configuration>
```
Actual results:
nuget.config is completely ignored inside the Shipwright build, but it is honored in the `BuildConfig` build. The build is failed since the required library is placed only in Azure Artifacts
Expected results:
Build is succeeded, the mirror is set for the build.
Reproducibility (Always/Intermittent/Only Once):
always
Acceptance criteria:
Definition of Done:
Build Details:
Additional info (Such as Logs, Screenshots, etc):
step-source-default
2025/11/12 15:26:52 Info: ssh (/usr/bin/ssh): OpenSSH_8.7p1, OpenSSL 3.2.2 4 Jun 2024
2025/11/12 15:26:52 Info: git (/usr/bin/git): git version 2.47.3
2025/11/12 15:26:52 Info: git-lfs (/usr/bin/git-lfs): git-lfs/3.6.1 (GitHub; linux amd64; go 1.23.9 (Red Hat 1.23.9-1.el9_6) X:strictfipsruntime)
2025/11/12 15:26:52 /usr/bin/git -c safe.directory=/workspace/source clone -h
2025/11/12 15:26:52 /usr/bin/git -c safe.directory=/workspace/source submodule -h
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source clone --quiet --no-tags --single-branch --depth 1 – https://github.com/piomin/web-api-2.git /workspace/source
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source -C /workspace/source submodule update --init --recursive --depth 1
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source -C /workspace/source rev-parse --abbrev-ref HEAD
2025/11/12 15:26:53 Successfully loaded https://github.com/piomin/web-api-2.git (master) into /workspace/source
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source -C /workspace/source rev-parse --verify HEAD
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source -C /workspace/source log -1 --pretty=format:%an
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source -C /workspace/source show --no-patch --format=%ct
2025/11/12 15:26:53 /usr/bin/git -c safe.directory=/workspace/source -C /workspace/source rev-parse --abbrev-ref HEAD
step-s2i-generate
[INFO] Adding S2I env var: KUBERNETES_SERVICE_PORT_HTTPS=443
[INFO] Adding S2I env var: NSS_SDB_USE_CACHE=no
[INFO] Adding S2I env var: container=oci
[INFO] Adding S2I env var: KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443
[INFO] Adding S2I env var: SSL_CERT_DIR=/tekton-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs
[INFO] Adding S2I env var: KUBERNETES_PORT_443_TCP_PROTO=tcp
[INFO] Adding S2I env var: KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1
[INFO] Adding S2I env var: KUBERNETES_PORT=tcp://172.30.0.1:443
[INFO] Adding S2I env var: KUBERNETES_PORT_443_TCP_PORT=443
[INFO] Running S2I build with 18 environment variables
Application dockerfile generated in /s2i/Dockerfile
step-buildah
[INFO] Creating registries config file...
[INFO] Building image image-registry.openshift-image-registry.svc:5000/ci/web-api-2:latest
STEP 1/9: FROM registry.access.redhat.com/ubi8/dotnet-90:latest
Trying to pull registry.access.redhat.com/ubi8/dotnet-90:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob sha256:8c8f181aaa5f9c2fdbb82bd10bfed7e2ecd90e482daf03b5a72a2df7d5e2858a
Copying blob sha256:c8c24bf4ef435ee29d7495ca732a4d82374c1a11c25ca6aae12f997f45ca5a26
Copying blob sha256:9abb5e74a5f821b8cab5d489b7a3ebe6bad4b3ee1eb3e7748583419f1ec6c43a
Copying config sha256:2686d48a4222af19efa514806c5fe13f7d33d461c5e6d6889122b321227f0ddb
Writing manifest to image destination
Storing signatures
STEP 2/9: LABEL "io.k8s.display-name"="image-registry.openshift-image-registry.svc:5000/ci/web-api-2:latest" "io.openshift.s2i.build.image"="registry.access.redhat.com/ubi8/dotnet-90:latest" "io.openshift.s2i.build.source-location"="/workspace/source/src/WebApi.App"
STEP 3/9: ENV KUBERNETES_SERVICE_PORT_HTTPS="443" NSS_SDB_USE_CACHE="no" container="oci" KUBERNETES_PORT_443_TCP="tcp://172.30.0.1:443" SSL_CERT_DIR="/tekton-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs" KUBERNETES_PORT_443_TCP_PROTO="tcp" KUBERNETES_PORT_443_TCP_ADDR="172.30.0.1" KUBERNETES_PORT="tcp://172.30.0.1:443" KUBERNETES_PORT_443_TCP_PORT="443"
STEP 4/9: USER root
STEP 5/9: COPY upload/src /tmp/src
STEP 6/9: RUN chown -R 1001:0 /tmp/src
STEP 7/9: USER 1001
STEP 8/9: RUN /usr/libexec/s2i/assemble
---> Installing application source...
Using SDK: 9.0.111
---> Restoring application dependencies...
Determining projects to restore...
/opt/app-root/src/WebApi.App.csproj : warning NU1603: WebApi.App depends on WebApi.Library (>= 1.0.1) but WebApi.Library 1.0.1 was not found. WebApi.Library 1.1.5.1 was resolved instead.
/opt/app-root/src/WebApi.App.csproj : warning NU1608: Detected package version outside of dependency constraint: Pomelo.EntityFrameworkCore.MySql 8.0.2 requires Microsoft.EntityFrameworkCore.Relational (>= 8.0.2 && <= 8.0.999) but version Microsoft.EntityFrameworkCore.Relational 9.0.8 was resolved.
Restored /opt/app-root/src/WebApi.App.csproj (in 3.37 sec).
---> Publishing application...
/opt/app-root/src/WebApi.App.csproj : warning NU1603: WebApi.App depends on WebApi.Library (>= 1.0.1) but WebApi.Library 1.0.1 was not found. WebApi.Library 1.1.5.1 was resolved instead.
/opt/app-root/src/WebApi.App.csproj : warning NU1608: Detected package version outside of dependency constraint: Pomelo.EntityFrameworkCore.MySql 8.0.2 requires Microsoft.EntityFrameworkCore.Relational (>= 8.0.2 && <= 8.0.999) but version Microsoft.EntityFrameworkCore.Relational 9.0.8 was resolved.
/opt/app-root/src/Controllers/VersionController.cs(2,14): error CS0234: The type or namespace name 'Library' does not exist in the namespace 'WebApi' (are you missing an assembly reference?) [/opt/app-root/src/WebApi.App.csproj]
/opt/app-root/src/Controllers/VersionController.cs(10,26): error CS0246: The type or namespace name 'VersionService' could not be found (are you missing a using directive or an assembly reference?) [/opt/app-root/src/WebApi.App.csproj]
subprocess exited with status 1
subprocess exited with status 1
Error: building at STEP "RUN /usr/libexec/s2i/assemble": exit status 1
