Gitea NuGet Feed Validation

Purpose

Validate that Gitea can be used as the package registry for cross-repo consumption in greenfield.

Validated Environment

Date: 2026-02-25
Gitea URL: http://192.168.10.100:3000
Organization feed: http://192.168.10.100:3000/api/packages/AgileWebs/nuget/index.json
Auth mode: Basic auth using Gitea login + token

Prerequisites

AGILE_GITEA_URL is set
AGILE_GITEA_TOKEN is set
Account has package publish permissions in AgileWebs

Required NuGet Source Configuration

Because the current feed is HTTP, source entries must allow insecure connections.

<packageSources>
  <clear />
  <add key="gitea-org" value="http://192.168.10.100:3000/api/packages/AgileWebs/nuget/index.json" allowInsecureConnections="true" />
  <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</packageSources>
<packageSourceCredentials>
  <gitea-org>
    <add key="Username" value="<gitea-login>" />
    <add key="ClearTextPassword" value="<gitea-token>" />
  </gitea-org>
</packageSourceCredentials>

Smoke Test Result

The following flow was executed successfully:

Create temporary package AgileWebs.Nuget.Smoke.
Pack and push to org feed.
Create clean consumer project.
Restore consumer with package from Gitea feed.

Result: PASS

Troubleshooting

Error: NuGet requires HTTPS sources.
- Cause: HTTP feed without insecure override.
- Fix: add allowInsecureConnections="true" in nuget.config.
Error: 401 Unauthorized on push/restore.
- Cause: invalid token or missing package permission.
- Fix: validate token with GET /api/v1/user and retry.

Operational Recommendation

Keep this setting only while feed is HTTP.
Move feed to HTTPS to remove insecure source exception.

1.8 KiB Raw Blame History