Menu
Updated 20-Feb-2020
Summary
Azure DevOps pipeline build not able to find NuGet package from our private feed under Artifacts.
Our Azure DevOps environment
In Azure, we have our company "space": dev.azure.com/OurCompany
Under that, we have multiple Projects, so for example, imagine these three:
RED
RED holds all our common helper code are DLLs consumed by applications in GREEN and BLUE. These are made available as NuGet packages.
Under RED's Artifacts, we see an "organisational scoped feed" called "OurCompany". We understood that we couldn't use this because these NuGet packages need to be available to everyone in OurCompany, which means not only on Azure, but also on our DeskTop machines in our Corporate network (where we run Visual Studio). The "organisational scoped feed" I don't think is exposed to our Corporate Network.
We therefore created a new Feed under RED's Artifacts. When I view Permissions, I see the following entries:
Corporate
So, back in Corporate, we add the NuGet package feed to our Visual Studio and it can then pull the NuGet packages down from Azure.
GREEN and BLUE
In here we have our products. We create a build Pipeline and we add a NuGet restore step:
- task: NuGetCommand@2
displayName: 'Restore for Our Application'
inputs:
command: 'restore'
restoreSolution: '**/*.sln'
feedsToUse: 'select'
vstsFeed: '{Guid1}/{Guid2}'
The two Guids were filled in when we picket the Azure Artifacts feed from the drop-down.
GREEN or BLUE NuGet Restore Failure
So this is where we run into our issue. When the NuGet restore step executes, it fails with the following message:
Unable to find version 'nnnn.n.n' of package 'TheNuGetPackage'.
The log output is vast, but the salient lines appear to be:
2020-02-18T18:36:35.2838118Z [command]C:\hostedtoolcache\windows\NuGet\5.4.0\x64\nuget.exe sources Add -NonInteractive -Name {Guid2} -Source https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json
-ConfigFile d:\a\1\Nuget\tempNuGet_356.config 2020-02-18T18:36:35.7513495Z Package source with Name: {Guid2} added successfully. 2020-02-18T18:36:41.1671856Z [CredentialProvider.183638]Command-line v0.1.20+a5d37185a1a95acb4f0g997b9c23cab99508: "d:\a\_tasks\NuGetCommand_333b11bd-d341-40d9-bdbd-b32d5ce6f23b\2.164.0\CredentialProviderV2\plugins\netfx\CredentialProvider.Microsoft\CredentialProvider.Microsoft.exe"
-Plugin 2020-02-18T18:36:41.1673979Z [CredentialProvider]Handling 'Request' 'GetAuthenticationCredentials'. Time elapsed in ms: 3 - Payload: {"Uri":"https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json","IsRetry":false,"IsNonInteractive":true,"CanShowDialog":true} 2020-02-18T18:36:41.1674299Z [CredentialProvider]Handling auth request, Uri: https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json, IsRetry: False, IsNonInteractive: True, CanShowDialog: True 2020-02-18T18:36:41.1674465Z [CredentialProvider]URI: https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json 2020-02-18T18:36:41.1674818Z [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTaskServiceEndpoint.VstsBuildTaskServiceEndpointCredentialProvider, cannot provide credentials for https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json 2020-02-18T18:36:41.1675261Z [CredentialProvider]VstsBuildTaskCredentialProvider - https://dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1675425Z [CredentialProvider]VstsBuildTaskCredentialProvider - https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1675722Z [CredentialProvider]VstsBuildTaskCredentialProvider - https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1676021Z [CredentialProvider]VstsBuildTaskCredentialProvider - https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1676161Z [CredentialProvider]VstsBuildTaskCredentialProvider - Matched prefix: https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1676330Z [CredentialProvider]VstsBuildTaskCredentialProvider - Found credentials for endpoint https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json 2020-02-18T18:36:41.1680820Z https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json: Unable to load the service index for source https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json. 2020-02-18T18:36:41.1680996Z Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/{Guid1}' does not exist, or you do not have permission to access it. (DevOps Activity ID: 0628EDE7-6E7E-465D-A6AE-7B6B0AA065D2)).
This looks like a permissions thing to me. But what seems odd is that the Artifact Feed in RED was discoverable when creating the Pipeline Build YAML when we then don't have permissions to use it.
I did try adding permissions to the Feed in RED. Clicking on the "Add users/groups". I found the following and added them as either Reader or Contributor, but with no success.
So:
Update #1
Verbose error message from Restore step
https://api.nuget.org/v3/index.json: Package 'Package1.nnnn.n.n' is not found on source 'https://api.nuget.org/v3/index.json'.
https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json: Unable to load the service index for source https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json. Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/{Guid1}' does not exist, or you do not have permission to access it. (DevOps Activity ID: {Guid})).
715
Search for NuGet, and then select Add to add the task to your pipeline. Name your task and select Restore from the Command. Select Feed(s) I select here, and select your feed from the dropdown menu. If you want to use your own config file, select Feeds in my NuGet.
Connect to feedSelect Artifacts, and then select your feed from the dropdown menu. Select Connect to feed. Select NuGet.exe. Follow the instructions in Project setup to set up your nuget.
You can store all the following package types in a single feed: npm, NuGet, Maven, Python, and Universal packages.
Finally, I found the problem. I wonder if this is a bug, or just poorly documented....(or maybe I just didn't interpret it correctly).
As per Leo Lui-MSFT's suggestion above (documented by Microsoft), I'd added the permissions to the NuGet feed, and this didn't work. However, I was intrigued by his sentence:
If you've changed your builds to run at project scope
Personally, I hadn't, so I got with our System Administrator and we went through all the possible settings. Eventually, we found it - it wasn't something I had the ability to change.
So in my example above, BLUE and GREEN are the two projects that are trying to use the NuGet package in RED's Artifact feed.
So picking BLUE (or GREEN), in the bottom left hand corner of Azure DevOps you'll see a link "Project Settings". Under "Pipelines > Settings" there are four settings. We had to change the following to be:
Limit job authorization scope to current project = false
Hope that helps!
85
Azure DevOps Project pipeline not able to access Artifact Feed in different project
I think you are going the right ways. There is known issue about the project scope feed.
As the document Package permissions in Azure Pipelines stated:
To use packages from a feed in Azure Pipelines, the appropriate build identity must have permission to your feed. By default, the Project Collection Build Service is a Contributor. If you've changed your builds to run at project scope, you'll need to add the project-level build identity as a Reader or Contributor, as desired. The project-level build identity is named as follows:
[Project name] Build Service ([Organization name]) (e.g. FabrikamFiber Build Service (codesharing-demo))
You could check this thread for some more details.
Hope this helps.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
