5

NuGet restore fails 404 from feed on another project in same organization.

When using nuget restore from a pipeline the feed inside a different project is not found.

Improve this question

2 Answers 2

Reset to default
12

After searching for a long time, these are the steps necessary to make it work consistently:

Setup permissions

  • Make sure to add Build Service of the consuming project to the permissions of the feed
  • Make sure the consuming project has these two settings disabled
    • Project settings (bottom left) --> Pipelines --> Settings
      • Limit job authorization scope to current project for non-release pipelines
      • Limit job authorization scope to current project for release pipelines

Setup build pipeline

  • Use the .Net Core CLI Task
  • Ideally you would use a nuget.config file and make sure to check it in
  • Set the feedsToUse to 'config'

azure-pipelines.yml

- task: DotNetCoreCLI@2
      displayName: DotNetCore-Restore
      inputs:
        command: 'restore'
        projects: '$(PathToSolution)'
        feedsToUse: 'config'
        nugetConfigPath: '$(PathToNugetConfig)/nuget.config'
        includeNuGetOrg: true

nuget.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="feed_name" value="feed_url" />
  </packageSources>
</configuration>

There is no need to add an authenticate task to the pipeline as the dotnet command does this by itself... However:

Most dotnet commands, including build, publish, and test include an implicit restore step. This will fail against authenticated feeds, even if you ran a successful dotnet restore in an earlier step, because the earlier step will have cleaned up the credentials it used.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for sharing your solution here, would you please accept your solution as the answer? So it would be helpful for other members who get the same issue to find the solution easily. Have a nice day:)
This doesn't seem to work for dotnet add package, as indicated by your last quote from MS documentation.
I have add the project-level build identity as a Reader or Contributor according to this post but still with no luck, until I toggled off this option Limit Job authorization scope to current project
0

You can refer to this doc to setup Azure Artifacts Credential Provider for usage across various tooling.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.