Azure Pipelines Hosted Agent Can't Access DevOps project Feed

4
votes

I have an Azure DevOps project (just one).

I have a Build Pipeline set to run in the "Hosted VS2017" Agent Pool. This Agent Pool appears to be in the [MyProject]\Build Administrators, Contributors, Project Administrators, and Release Administrators roles.

I also have an Artifacts nuget feed in the DevOps project. It has [MyProject]\Project Valid Users set as "Reader" role. It appears that Project Valid Users has all of the Agent Pool's roles mentioned above as members.

I have an azure-pipelines.yml script that adds that adds the artifacts feed as a nuget source right at the beginning:

# Add nuget source
- powershell: Invoke-RestMethod "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" -OutFile "$env:UserProfile/nuget.exe"
- script: '%UserProfile%\nuget.exe sources Add -Name "devops" -Source "https://pkgs.dev.azure.com/MyProject/_packaging/feed/nuget/v3/index.json"'

The build yml then dot a dotnet build but fails inside NuGet.targets with:

Unable to load the service index for source https://pkgs.dev.azure.com/MyProject/_packaging/feed/nuget/v3/index.json.
Response status code does not indicate success: 401 (Unauthorized).

how can I make this work? My build needs packages from other builds that are on that artifacts feed...

3
azure-devopsazure-pipelinesazure-pipelines-build-taskazure-artifacts

3 Answers

7
votes

There is a better alternative imo. You can continue using your script to dotnet restore. Simply add a task just before that with NuGetAuthenticate@0

steps:
- task: NuGetAuthenticate@0
- script: dotnet restore --no-cache --force

this task will authenticate the pipeline with the nuget feeds that require so and are found at the NuGet.config file.

More info here

Notice that when the nuGet feed is within Azure DevOps there is nothing else required. If the feed is external you can configure at your Azure DevOps a nuGet Service Connections (at the link there is further info).

1
votes

Use the built-in tasks for installing and running NuGet and you won't have authentication problems.

1
votes

Use the dotnet task's restore command. If you're using a single Azure Artifacts feed, just select it from the dropdown in the task (instead of the PowerShell you mentioned). If multiple feeds (doesn't look like it from your question, but just in case), you'll need to check in a NuGet.config that references all of those feeds, then point the task to that config.

You may also need to pass the '--no-restore' flag to your 'dotnet build' command.

If you still encounter issues, ensure the correct build identity has access to your feed.