azure-pipelines.yaml:无法验证组织范围的提要 [英] azure-pipelines.yaml: Cannot authenticate organization scoped feed
问题描述
我有一个.npmrc文件:
I'm having a .npmrc file:
registry=https://XXX.pkgs.visualstudio.com/_packaging/YYY/npm/registry/
always-auth=true
还有我的azure-pipelines.yaml:
And my azure-pipelines.yaml:
trigger:
- master
pool:
vmImage: 'ubuntu-latest'
steps:
- task: NodeTool@0
inputs:
versionSpec: '10.x'
displayName: 'Install Node.js'
- task: Npm@1
inputs:
command: 'install'
displayName: 'npm install'
我的供稿具有项目集合构建服务"作为贡献者".
My feed has 'Project Collection Build Service' as 'Contributor'.
但是我一直得到这个:
/opt/hostedtoolcache/node/10.19.0/x64/bin/npm install
npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://XXX.pkgs.visualstudio.com/_packaging/YYY/npm/registry/ansi-regex - Forbidden
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.
npm ERR! 403
npm ERR! 403 It was specified as a dependency of 's'
npm ERR! 403
推荐答案
我的供稿具有项目集合构建服务"作为贡献者".
My feed has 'Project Collection Build Service' as 'Contributor'.
通常,这不是通用解决方案,它仅在服务帐户且所使用的管道为Project Collection Build Service
时可用. Project Collection Build Service
是组织级的构建服务帐户
As normal, this is not a general solution, it only available while the service account that the pipeline used is Project Collection Build Service
. Project Collection Build Service
is a organization-level build service account
恐怕您的管道在使用project-level build service account
.
I'm afraid your pipeline here is using project-level build service account
.
这里有两种可以考虑使用的方法.
Here has 2 method you can consider to use.
方法1 :
请转到Feed settings
=> Permissions
,添加您的项目级别的构建服务帐户,并将其分配为Contributor
角色.其帐户名应为{Project Name} Build Service ({Org Name})
.
Please go Feed settings
=> Permissions
, add your project-level build service account and assign it Contributor
role. Its account name should like {Project Name} Build Service ({Org Name})
.
重新运行管道以查看其是否可以成功运行.
Re-run your pipeline to see whether it can run successfully.
方法2 :
转到项目设置=>设置,并确保已禁用Limit job authorization scope to current project
:
Go Project settings => Settings, and make sure Limit job authorization scope to current project
is disabled:
仅禁用,管道使用的服务帐户是集合级别的一个.目前,您的原始权限配置现在可用.
Only it disabled, the service account that pipeline used is collection-level one. At this time, your original permission configuration would be available now.
最后,这不是我所期望的,您是否正在面对我们的事件.不确定,但希望您只是遇到权限问题.
At last, which is not what I expected, is you are facing our event. Not sure, but hoping you are just facing permission issue.
这篇关于azure-pipelines.yaml:无法验证组织范围的提要的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!