Jfrog .NET Core task should allow executing dotnet tool and/or any 'custom' command which may use an authenticated artifactory feed

[fourpastmidnight]

Is your feature request related to a problem? Please describe

I recently installed an Azure DevOps Server extension that, unfortunately, has an unnecessarily high Build Agent version demand, which means that we cannot use the extension's tasks in our build environment. However, the same "tool" is available as a dotnet tool.

We purchased Artifactory to be our sole provider of all external artifacts so that we can manage and maintain what is being introduced into our environment. Since dotnet tools are hosted on Nuget.Org, it should be a simple matter of executing dotnet tool install --tool-path <Path>. The only problem is, we also force authenticated connections to Artifactory. So, we can't use the command dotnet tool install --tool-path <path> --add-source <SOURCE> because there's no way to authenticate with Artifactory. BUT, we do have this Jfrog Azure DevOps extension installed and are using it for Nuget restore and package pushing.

Unfortunately, it's not possible using the JFrogDotNetCore@1 task to select anything for the command parameter other than restore or Nuget push. Why not? All you're doing is passing through the command to dotnet <COMMAND> and adding the appropriate sources, fully authenticated from the Service Endpoint Connection that associated with the task?

Describe the solution you'd like to see

Allow any dotnet <COMMAND> command to run which may require the use of an authenticated Artifactory feed to overcome limitations of the current dotnet ability to work with authenticated feeds such as Artifactory. You could either expand the current list to include tool, and/or (and in my opinion, even better) add a custom item that allows you to specify the command to run and any other arguments to be used (where this task would provide the proper sources to the command (e.g. as in the case with dotnet tool which has an --add-source <SOURCE> option)).

Describe alternatives you've considered

Now I'll need to manually setup a nuget.config file with an unobfuscated password/access token simply to use dotnet tool using my Artifactory feed as a source. This is NOT ideal. What's the point of having the Artifactory Service Connection available for only restores and pushes??

[fourpastmidnight]

So, what I had to do to make this work, is

1. Export our CA certificate that's the trust anchor for JFrog (because our build agents are older and don't use a version of NodeJS that work with the Windows Certificate Store)
2. Create a nuget.config file specifying the URL to the artifactory feed, and add credentials using plaintext password (because dotnet tool won't use encrypted passwords!). Luckily, I can supply an environment variable for the password variable populated via a secure build pipeline variable. BUT, I had a lot of trouble getting this to work because the password contained characters which needed to be encoded for XML.
3. Use the DotNetCoreCLI@2 task to execute dotnet tool install.

This should have been as easy as:

1. Use Jfrog Tools Installer Task
2. Use Jfrog Dotnet Core task using a custom command that allows me to essentially use dotnet tool and provide arguments to be passed to dotnet tool where the JFrog extension does the "heavy lifting" of creating the NuGet.config file as it already does for package restore and pushs.
3. profit.

Same number of steps, sure, but the complexity of my solution was much more difficult. I should have had this done in 5 minutes. Instead, it took a few hours to get all the pieces in place. 😢