Azure DevOps 项目管道无法从不同项目中的工件源访问 NuGet 包 [英] Azure DevOps Project pipeline not able to access NuGet package from Artifact Feed in different Project

问题描述

2020 年 2 月 20 日更新

Updated 20-Feb-2020

总结

Azure DevOps 管道构建无法从我们在 Artifacts 下的私有源中找到 NuGet 包.

Azure DevOps pipeline build not able to find NuGet package from our private feed under Artifacts.

我们的 Azure DevOps 环境

在 Azure 中，我们有自己的公司空间":dev.azure.com/OurCompany

In Azure, we have our company "space": dev.azure.com/OurCompany

在此之下，我们有多个项目，例如，想象一下这三个:

Under that, we have multiple Projects, so for example, imagine these three:

• 绿色:这包含某种类型的应用程序
• 蓝色:这包含不同类型的应用程序
• 红色:这是我们的通用"辅助代码

红色

RED 保存了我们所有常见的帮助程序代码，它们是由绿色和蓝色应用程序使用的 DLL.这些以 NuGet 包的形式提供.

RED holds all our common helper code are DLLs consumed by applications in GREEN and BLUE. These are made available as NuGet packages.

在 RED 的 Artifacts 下，我们看到了一个名为OurCompany"的组织范围提要".我们知道我们不能使用它，因为这些 NuGet 包需要对 OurCompany 中的每个人可用，这意味着不仅在 Azure 上，而且在我们公司网络(我们运行 Visual Studio 的地方)中的桌面计算机上.我认为组织范围内的 Feed"不会暴露给我们的企业网络.

Under RED's Artifacts, we see an "organisational scoped feed" called "OurCompany". We understood that we couldn't use this because these NuGet packages need to be available to everyone in OurCompany, which means not only on Azure, but also on our DeskTop machines in our Corporate network (where we run Visual Studio). The "organisational scoped feed" I don't think is exposed to our Corporate Network.

因此，我们在 RED 的 Artifacts 下创建了一个新的 Feed.当我查看权限时，我看到以下条目:

We therefore created a new Feed under RED's Artifacts. When I view Permissions, I see the following entries:

• {我}:(所有者)
• [我们的公司]项目集合管理员:(所有者)
• [RED]项目管理员:(所有者)
• RED 构建服务(我们的公司):(贡献者)
• 项目集合构建服务(我们的公司):(贡献者)
• [RED]Contributors(贡献者)

企业

因此，回到 Corporate，我们将 NuGet 包源添加到我们的 Visual Studio，然后它可以从 Azure 中提取 NuGet 包.

So, back in Corporate, we add the NuGet package feed to our Visual Studio and it can then pull the NuGet packages down from Azure.

绿色和蓝色

这里有我们的产品.我们创建了一个构建管道并添加了一个 NuGet 还原步骤:

In here we have our products. We create a build Pipeline and we add a NuGet restore step:

- task: NuGetCommand@2
  displayName: 'Restore for Our Application'
  inputs:
    command: 'restore'
    restoreSolution: '**/*.sln'
    feedsToUse: 'select'
    vstsFeed: '{Guid1}/{Guid2}'

当我们从下拉菜单中选择 Azure Artifacts 提要时，两个 Guid 已填写.

The two Guids were filled in when we picket the Azure Artifacts feed from the drop-down.

绿色或蓝色 NuGet 还原失败

这就是我们遇到问题的地方.当 NuGet 还原步骤执行时，它失败并显示以下消息:

So this is where we run into our issue. When the NuGet restore step executes, it fails with the following message:

Unable to find version 'nnnn.n.n' of package 'TheNuGetPackage'.

日志输出很大，但突出的几行似乎是:

The log output is vast, but the salient lines appear to be:

2020-02-18T18:36:35.2838118Z [command]C:hostedtoolcachewindowsNuGet5.4.0x64
uget.exe sources Add -NonInteractive -Name {Guid2} -Source https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json
-ConfigFile d:a1Nuget	empNuGet_356.config 2020-02-18T18:36:35.7513495Z Package source with Name: {Guid2} added successfully. 2020-02-18T18:36:41.1671856Z     [CredentialProvider.183638]Command-line v0.1.20+a5d37185a1a95acb4f0g997b9c23cab99508: "d:a\_tasksNuGetCommand_333b11bd-d341-40d9-bdbd-b32d5ce6f23b2.164.0CredentialProviderV2plugins
etfxCredentialProvider.MicrosoftCredentialProvider.Microsoft.exe"
-Plugin 2020-02-18T18:36:41.1673979Z     [CredentialProvider]Handling 'Request' 'GetAuthenticationCredentials'. Time elapsed in ms: 3 - Payload: {"Uri":"https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json","IsRetry":false,"IsNonInteractive":true,"CanShowDialog":true} 2020-02-18T18:36:41.1674299Z     [CredentialProvider]Handling auth request, Uri: https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json, IsRetry: False, IsNonInteractive: True, CanShowDialog: True 2020-02-18T18:36:41.1674465Z     [CredentialProvider]URI: https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json 2020-02-18T18:36:41.1674818Z     [CredentialProvider]Skipping NuGetCredentialProvider.CredentialProviders.VstsBuildTaskServiceEndpoint.VstsBuildTaskServiceEndpointCredentialProvider, cannot provide credentials for https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json 2020-02-18T18:36:41.1675261Z     [CredentialProvider]VstsBuildTaskCredentialProvider - https://dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1675425Z     [CredentialProvider]VstsBuildTaskCredentialProvider - https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1675722Z    [CredentialProvider]VstsBuildTaskCredentialProvider - https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1676021Z    [CredentialProvider]VstsBuildTaskCredentialProvider - https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1676161Z    [CredentialProvider]VstsBuildTaskCredentialProvider - Matched prefix: https://pkgs.dev.azure.com/OurCompany/ 2020-02-18T18:36:41.1676330Z    [CredentialProvider]VstsBuildTaskCredentialProvider - Found credentials for endpoint https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json 2020-02-18T18:36:41.1680820Z   https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json: Unable to load the service index for source https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json. 2020-02-18T18:36:41.1680996Z   Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/{Guid1}' does not exist, or you do not have permission to access it. (DevOps Activity ID: 0628EDE7-6E7E-465D-A6AE-7B6B0AA065D2)).

这对我来说似乎是一个权限问题.但奇怪的是，当我们没有权限使用它时，在创建管道构建 YAML 时可以发现 RED 中的 Artifact Feed.

This looks like a permissions thing to me. But what seems odd is that the Artifact Feed in RED was discoverable when creating the Pipeline Build YAML when we then don't have permissions to use it.

我确实尝试在 RED 中为 Feed 添加权限.单击添加用户/组".我找到了以下内容并将它们添加为读者或贡献者，但没有成功.

I did try adding permissions to the Feed in RED. Clicking on the "Add users/groups". I found the following and added them as either Reader or Contributor, but with no success.

1. [绿色] 绿色团队
2. 绿色建造服务

所以:

1. 我是否以错误的方式处理这个问题?如果是这样，我应该怎么做(我以为我已经非常严格地遵循了 Azure DevOps 说明)
2. 我这样做对吗?如果是这样，我错过了什么?

更新 #1

来自恢复步骤的详细错误消息

Verbose error message from Restore step

https://api.nuget.org/v3/index.json:包Package1.nnnn.nn"是在源 'https://api.nuget.org/v3/index.json'.
https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json:无法加载源的服务索引https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json.响应状态代码不表示成功:404(未找到 -VS800075:带有 id 的项目'vstfs:///Classification/TeamProject/{Guid1}' 不存在，或者你没有权限访问它.(DevOps 活动 ID:{Guid})).

https://api.nuget.org/v3/index.json: Package 'Package1.nnnn.n.n' is not found on source 'https://api.nuget.org/v3/index.json'.
https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json: Unable to load the service index for source https://pkgs.dev.azure.com/OurCompany/{Guid1}/_packaging/{Guid2}/nuget/v3/index.json. Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/{Guid1}' does not exist, or you do not have permission to access it. (DevOps Activity ID: {Guid})).

推荐答案

终于找到了问题所在.我想知道这是否是一个错误，或者只是记录不完整....(或者我可能只是没有正确解释它).

Finally, I found the problem. I wonder if this is a bug, or just poorly documented....(or maybe I just didn't interpret it correctly).

根据上面 Leo Lui-MSFT 的建议(由 Microsoft 记录)，我已将权限添加到 NuGet 提要，但这不起作用.然而，我对他的话很感兴趣:

As per Leo Lui-MSFT's suggestion above (documented by Microsoft), I'd added the permissions to the NuGet feed, and this didn't work. However, I was intrigued by his sentence:

如果您已将构建更改为在项目范围内运行

If you've changed your builds to run at project scope

就我个人而言，我没有，所以我联系了我们的系统管理员，我们完成了所有可能的设置.最终，我们找到了它 - 这不是我有能力改变的.

Personally, I hadn't, so I got with our System Administrator and we went through all the possible settings. Eventually, we found it - it wasn't something I had the ability to change.

因此，在我上面的示例中，BLUE 和 GREEN 是尝试在 RED 的 Artifact 提要中使用 NuGet 包的两个项目.

So in my example above, BLUE and GREEN are the two projects that are trying to use the NuGet package in RED's Artifact feed.

因此选择蓝色(或绿色)，在 Azure DevOps 的左下角，您将看到项目设置"链接.在管道 > 设置"下有四个设置.我们必须将以下内容更改为:

So picking BLUE (or GREEN), in the bottom left hand corner of Azure DevOps you'll see a link "Project Settings". Under "Pipelines > Settings" there are four settings. We had to change the following to be:

将工作授权范围限制为当前项目= false

Limit job authorization scope to current project = false

希望有帮助！

这篇关于Azure DevOps 项目管道无法从不同项目中的工件源访问 NuGet 包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！