Best way to authenticate in Azure DevOps YAML pipeline to access my Azure DevOps package feed (used by Paket commands)

0
votes

When calling Paket install via a command line step the script issues an unauthorized exception (401) when trying to access my Azure DevOps package feed (with upstream sources).

Running the build steps on my local system works using the Git Credentials Manager to login and authenticate for resolving and publishing packages via my Azure DevOps package feed.

I am aiming at a solution in which I do not have to specify the plain user name and password in the Azure DevOps Yaml script file. So far I have tried to authenticate via a private access token using the "az devops login" command but until now I failed to get it running.

I also read about Azure DevOps "Service connections" but this seems to be overkill for my problem.

Yaml script without authentication logic:

trigger:
- develop

pool:
  vmImage: 'windows-latest'

variables:
  solution: './*.sln'
  buildPlatform: 'Any CPU'
  buildConfiguration: 'Release'

steps:
- task: NuGetToolInstaller@1

- task: CmdLine@2
  inputs:
    script: 'InstallPackages.cmd'

- task: NuGetCommand@2
  inputs:
    restoreSolution: '$(solution)'

- task: VSBuild@1
  inputs:
    solution: '$(solution)'
    platform: '$(buildPlatform)'
    configuration: '$(buildConfiguration)'

- task: VSTest@2
  inputs:
    platform: '$(buildPlatform)'
    configuration: '$(buildConfiguration)'

Paket version 5.215.0
Resolving packages for group Main:
Performance:
 - Resolver: 544 milliseconds (1 runs)
    - Runtime: 111 milliseconds
    - Blocked (retrieving package versions): 433 milliseconds (1 times)
 - Average Request Time: 57 milliseconds
 - Number of Requests: 4
 - Runtime: 1 second
Paket failed with
-> Unable to retrieve package versions for 'Microsoft.VisualStudio.Threading.Analyzers'
...
-> Could not load resources from 'https://worues.pkgs.visualstudio.com/_packaging/Fact4CoreFeed/nuget/v3/index.json': Unauthorized (401)
3
azure-devopspaket
See: paraesthesia.com/archive/2019/02/07/… I'd recommend option 2.jessehouwing

3 Answers

0
votes

Best way to authenticate in Azure DevOps YAML pipeline to access my Azure DevOps package feed (used by Paket commands)

If you do not want to specify the plain user name and password in the Azure DevOps Yaml script file, you could authenticate via a private access token in the nuget.config file.

The sample nuget.config now looks like:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="VSTSFeed" value="https://dev.azure.com/_packaging/FeedName/nuget/v3/index.json " />
  </packageSources>
  <activePackageSource>
    <add key="All" value="(Aggregate source)" />
  </activePackageSource>
  <packageSourceCredentials>
    <VSTSFeed>
      <add key="Username" value="%USER_VARIABLE%" />      
      <add key="ClearTextPassword" value="%PAT%" />
    </VSTSFeed>
  </packageSourceCredentials>
</configuration>

Note: Since the password key is "ClearTextPassword", it's a terrible idea and a security concern if you're saving nuget.config with a clear PAT, so it's best to create variable to store PAT in the variables tab and change the variable type to secret.

Hope this helps.

0
votes

I've been doing this usually, it allows you to use native auth, so you dont have to configure auth in the nuget.config:

- task: DotNetCoreCLI@2
  displayName: Dotnet restore
  inputs:
    command: restore
    projects: '$(Parameters.RestoreBuildProjects)'
    feedsToUse: select
    vstsFeed: feed_name_goes_here
0
votes

the only way that worked was passing the token via the Paket.dependencies file, e.g.

framework: netstandard2.0, netcoreapp2.2 strategy: max storage: none source https://worues.pkgs.visualstudio.com/_packaging/Fact4CoreFeed/nuget/v3/index.json username: "anonymous" password: "" ...

When switching the token access rights back from full to Read/Write rights for package feeds it still worked. Not sure why it did not in the first place.

Thanks for your help