Azure Artifacts - Universal Packages - Error: An unexpected error occurred while trying to push the package

Question

Devops folks,

I am pushing the build pipeline output to Azure Artefacts - Universal packages for a full stack .net application. The application builds successfully and produces an output in $(Build.ArtifactStagingDirectory)

Would like to publish all these build outputs to UniversalPackages and let release pipeline take it over from there.

I have checked for below things:

1. Permission - Project Collection Build Service - Contributor Role.

2. Task Configuration Confirmed below "UniversalPackages"

 - task: UniversalPackages@0
    inputs:
      command: 'publish'
      publishDirectory: '$(Build.ArtifactStagingDirectory)/**/*.nupkg'
      feedsToUsePublish: 'internal'
      vstsFeedPublish: '123456fg-test-1234-1234-31161a66dc4d/b92b3313-ab41-4044-test-e94146618efb'
      vstsFeedPackagePublish: 'Text here-Services-Package'
      versionOption: 'minor'
      packagePublishDescription: 'Contains some text here)'
      verbosity: 'Trace'

sorry for YAML indenting issues,

Below is the pipeline log

2020-04-04T02:36:03.9835393Z Publishing package: test, version: 0.0.1 using feed id: 76a3991f-e6fc-767b-a0dc-90e38c54e558, project: 7813b7e3-bbf1-4355-9263-31161a66dc4d 

2020-04-04T02:36:04.0147395Z [command]D:\ABCAgent\_work\_tool\artifacttool\0.2.151\x64\ArtifactTool.exe universal publish --feed 76a3991f-e6fc-767b-a0dc-90e38c54e558 --service https://dev.azure.com/QWERTY/ --package-name test --package-version 0.0.1 --path D:\AzureAgentBuild\_work\1\a --patvar UNIVERSAL_PUBLISH_PAT --verbosity None --description "" --project 7813b7e3-bbf1-4355-9263-31161a66dc4d 

2020-04-04T02:36:09.2875733Z {"@t":"2020-04-04T02:36:08.7883701Z","@m":"[GetDedupManifestArtifactClientAsync] Try 1/5, non-retryable exception caught. Throwing. Details:\r\nNo LastRequestResponse on exception VssServiceResponseException: Forbidden","@i":"b2d31574","@l":"Warning","@x":"Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Forbidden\r\n ​

Answer 1

Microsoft.VisualStudio.Services.WebApi.VssServiceResponseException: Forbidden

This permission error can be converted as 403 error code, which means the account does not have enough operation permission to publish package to universal package.

You said you had assign 'Project Collection Build Service' with 'Contributor' role. BUT, this is not a solution for all scenario. It only available while the build pipeline is using 'Project Collection Build Service' account, a collection level service account. There still has another scenario, the pipeline may using project-level service account.

---

You can with the methods I shared in this answer. Check this to get another similar issue and explanation.

Method 1:

Please go Feed settings => Permissions, add your project-level build service account and assign it Contributor role. Its account name should like {Project Name} Build Service ({Org Name}).

Re-run your pipeline to see whether it can run successfully.

Method 2:

Go Project settings => Settings, and make sure Limit job authorization scope to current project is disabled:

Only it disabled, the service account that pipeline used is collection-level one. At this time, your original permission configuration would be available now.

Answer 2

After playing around with permission for pipelines build service, the root cause was found to be with proxy being blocking the universal package with a forbidden error.

We just removed the proxy from the on-prem, self-hosted build agent and used Azure Express Route to route the traffic. This simple change fixed the issue.

Answer 3

Also, you can doublecheck in the Billing options if the Artifact free space is used up. I fixed it using this option.