5

NuGet restore fails 404 from feed on another project in same organization.

When using nuget restore from a pipeline the feed inside a different project is not found.

SanBen
  • 2,581
  • 26
  • 35

2 Answers2

11

After searching for a long time, these are the steps necessary to make it work consistently:

Setup permissions

  • Make sure to add Build Service of the consuming project to the permissions of the feed
  • Make sure the consuming project has these two settings disabled
    • Project settings (bottom left) --> Pipelines --> Settings
      • Limit job authorization scope to current project for non-release pipelines
      • Limit job authorization scope to current project for release pipelines

Setup build pipeline

  • Use the .Net Core CLI Task
  • Ideally you would use a nuget.config file and make sure to check it in
  • Set the feedsToUse to 'config'

azure-pipelines.yml

- task: DotNetCoreCLI@2
      displayName: DotNetCore-Restore
      inputs:
        command: 'restore'
        projects: '$(PathToSolution)'
        feedsToUse: 'config'
        nugetConfigPath: '$(PathToNugetConfig)/nuget.config'
        includeNuGetOrg: true

nuget.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="feed_name" value="feed_url" />
  </packageSources>
</configuration>

There is no need to add an authenticate task to the pipeline as the dotnet command does this by itself... However:

Most dotnet commands, including build, publish, and test include an implicit restore step. This will fail against authenticated feeds, even if you ran a successful dotnet restore in an earlier step, because the earlier step will have cleaned up the credentials it used.

SanBen
  • 2,581
  • 26
  • 35
  • Thanks for sharing your solution here, would you please accept your solution as the answer? So it would be helpful for other members who get the same issue to find the solution easily. Have a nice day:) – Hugh Lin Apr 28 '20 at 09:53
  • This doesn't seem to work for `dotnet add package`, as indicated by your last quote from MS documentation. – Lars Pellarin Jun 08 '20 at 12:06
  • 1
    I have add the project-level build identity as a Reader or Contributor according to this [post](https://stackoverflow.com/a/60315376/6169330) but still with no luck, until I toggled off this option *Limit Job authorization scope to current project* – Junlong Wang Apr 06 '21 at 04:41
0

You can refer to this doc to setup Azure Artifacts Credential Provider for usage across various tooling.

kartheekp-ms
  • 130
  • 2