azure-pipelines.yaml:无法验证组织范围的提要 [英] azure-pipelines.yaml: Cannot authenticate organization scoped feed

问题描述

我有一个.npmrc文件:

I'm having a .npmrc file:

registry=https://XXX.pkgs.visualstudio.com/_packaging/YYY/npm/registry/
always-auth=true

还有我的azure-pipelines.yaml:

And my azure-pipelines.yaml:

trigger:
- master

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: NodeTool@0
  inputs:
    versionSpec: '10.x'
  displayName: 'Install Node.js'

- task: Npm@1
  inputs:
    command: 'install'
  displayName: 'npm install'

我的供稿具有项目集合构建服务"作为贡献者".

My feed has 'Project Collection Build Service' as 'Contributor'.

但是我一直得到这个:

/opt/hostedtoolcache/node/10.19.0/x64/bin/npm install
npm ERR! code E403
npm ERR! 403 403 Forbidden - GET https://XXX.pkgs.visualstudio.com/_packaging/YYY/npm/registry/ansi-regex - Forbidden
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.
npm ERR! 403 
npm ERR! 403 It was specified as a dependency of 's'
npm ERR! 403 

推荐答案

我的供稿具有项目集合构建服务"作为贡献者".

My feed has 'Project Collection Build Service' as 'Contributor'.

通常，这不是通用解决方案，它仅在服务帐户且所使用的管道为Project Collection Build Service时可用. Project Collection Build Service是组织级的构建服务帐户

As normal, this is not a general solution, it only available while the service account that the pipeline used is Project Collection Build Service. Project Collection Build Service is a organization-level build service account

恐怕您的管道在使用project-level build service account.

I'm afraid your pipeline here is using project-level build service account.

这里有两种可以考虑使用的方法.

Here has 2 method you can consider to use.

方法1 :

请转到Feed settings => Permissions，添加您的项目级别的构建服务帐户，并将其分配为Contributor角色.其帐户名应为{Project Name} Build Service ({Org Name}).

Please go Feed settings => Permissions, add your project-level build service account and assign it Contributor role. Its account name should like {Project Name} Build Service ({Org Name}).

重新运行管道以查看其是否可以成功运行.

Re-run your pipeline to see whether it can run successfully.

方法2 :

转到项目设置=>设置，并确保已禁用Limit job authorization scope to current project:

Go Project settings => Settings, and make sure Limit job authorization scope to current project is disabled:

仅禁用，管道使用的服务帐户是集合级别的一个.目前，您的原始权限配置现在可用.

Only it disabled, the service account that pipeline used is collection-level one. At this time, your original permission configuration would be available now.

最后，这不是我所期望的，您是否正在面对我们的事件.不确定，但希望您只是遇到权限问题.

At last, which is not what I expected, is you are facing our event. Not sure, but hoping you are just facing permission issue.

这篇关于azure-pipelines.yaml:无法验证组织范围的提要的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！