Project nuget feed in azure dev cannot be accessed from reader - azure-devops

I have created a Project scoped nuget feed in azure dev. I have some developers that I want them to be able to list/restore and read nuget packages so that they can add them in the projects they are working on.
I have added them in my organization (they are using an email address like outlook.com and gmail.com) without any project access and then from the nuget feed permissions I gave the permissions as Readers
When they try to run nuget list they get
Unable to load the service index for source https://pkgs.dev.azure.com/myorganizationname/e1f090d9-f848-428b-b774-7fd9dfc873ef/_packaging/Nuget-Test-Feed/nuget/v3/index.json.
Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/e1f090d9-f848-428b-b774-7fd9dfc873ef' does not exist, or you do not have permission to access it. (DevOps Activity ID: 09410946-865a-4d69-9b05-f1fd1d668891)).
Why they are not be able to access this feed?

Project nuget feed in azure dev cannot be accessed from reader
That is because the Project-scoped feeds inherit the visibility of the project.
So, if the user is not added to the project, will not access the feed.
To resolve this issue, please try to add the user to the project.
As test, I add my test use as Project Readers:
Then my test user could access the feed:

Related

Restoring NuGet packages from another organization as an upstream feed in Azure DevOps

I have a project within one DevOps organization that has a dependency on a couple of NuGet packages that are hosted in a feed in another organization. Both organizations share the same Azure Active Directory tenant.
Following along with the documentation provided here I created a new view in my source feed called "Shared". On the setup for the view I have "All feeds and people in organizations associated with my Azure Active Directory" checked:
I then promoted both NuGet packages to that view:
In the other organization I have this feed set up to use the Shared view as an upstream source from another organization:
In my projects azure-pipelines Yaml file I have the following section for restoring packages:
And the associated nuget.config file looks like this:
The feed it is using is the one that belongs to the organization the project is in. My assumption based on the documentation is that the restore operation will look for the those 2 packages in the upstream source if they can not be found in the local feed or the public NuGet feed. However I am getting the following error during the restore process when running a build:
For each of these 2 packages I am getting:
No packages exist with this id in source(s): feed-{FeedName}, NuGet
All other packages restore fine. I've tried many variations of my build script and upstream settings to no avail. I'm pretty sure I have everything set up as the documentation has dictated. The docs don't really go into how your pipeline and nuget.config should be set so perhaps I have something incorrect there?
I had a comparable issue in the past with restoring packages. As possible solution, which worked in my case, I could suggest you try explicitly specifying Azure Artifacts Feed Id you're pulling packages from:
vstsFeed: {FEED_ID}

How to use a public Azure feed

Azure documentation says that in a public project you can create a public feed. I did so and also scoped the feed to the organisation rather than project scoped, so that CICD for private projects can push packages to it.
However, selecting the feed and clicking on the "Connect to feed" button, then clicking the dotnet options, produces this.
Adding that nuget.config to a project then attempting to add a package from the feed fails. If we take the URL from the nuget.config and request it using a browser we get a 401 Forbidden.
Why?
Why is authentication required? It's supposed to be a public feed. Does public mean "any AAD identity, not just the ones for this organisation" ?
I can also reproduce your issue on my side, the cause of the issue is that you selected the Scope with Organization when you creating the feed.
According to the doc:
Only project-scoped feeds can be made public.
To fix the issue, just select the Scope with Project when creating the feed, it will work fine.

Azure Artifacts - Sharing project-scoped feeds with other projects

We have a number of projects within my organisation. One such project has created a project-scoped Azure Artifact feed that they wish to share with our other projects.
However, when the other projects access their Artifacts page, from the feed drop-down they can only see the "Organization scoped feeds" and nothing under "Project-scoped feeds". What do we need to do make this feed visible and available to the other projects, particularly for use in their pipelines.
I'm at a loss, as I've drawn a complete blank so far.
According to the doc: To see a project-scoped feed in the list you have to be navigated to the project the feed is scoped to. We could know that we cannot see the project-scoped feed in another project.
particularly for use in their pipelines.
When connecting to a private project scoped feed from an Azure DevOps pipeline that is in the same organization but in a different project, the project that the feed is scoped to must allow access to the other project's build service. The build service must also be separately added to the feed permissions, regardless of the scope of the feed.
Add build service account: Build service account is Project Collection Build Service (Org name), we need configure feed permission in the project-scoped feed for this service. then we could access the project-scoped feed in the pipeline.
We also need open project settings->settings and ensure the option Limit job authorization scope to current project for non-release pipelines and Limit job authorization scope to current project for release pipelines is disabled. We could refer to the pic below.
Then we could access and use the project-scoped feed in another project pipeline.
Project-scoped feeds can't be 'shared' with other projects per se, but that doesn't really restrict how they are used. You can certainly have identities with permission to both, including build identities. Make sure the identity has "Read project-level information" permission in the project security settings for the project which contains the feed, as well as appropriate permissions on the feed itself. You can think of it similarly to Git repos -- you don't see other projects' Git repos, but there's nothing stopping you from using Git repos in multiple projects if you have permission to access them.
Another option is Upstream Sources.
This is a very old post. But, in case, someone is still facing the problem and the above solutions have not worked like me then please follow as below.
Step One:
Select project hosting the feed
Select Project settings
Select Permissions
Select groups tab
Select Contributors
Select Members tab
Click Add
Select [Name of the project Consuming the Feed] Build Services ([Organization Name]) ex: FeedConsumer Build Services (xyz)
Click Save
Step Two:
Select project hosting the feed
Select Artifacts
Select your feed.
Select Feed Settings
Select Permissions
Click Add Users/Groups button
Select [Name of the project Consuming the Feed] Build Services ([Organization Name]) ex: FeedConsumer Build Services (xyz)
Select the role as a contributor
Click Save
Step Four:
Add nuGet.config file to the consumer project's root path where there is a .csproj or .sln file.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="[Feed Name]" value="https://pkgs.dev.azure.com/[Company Name]/[Project Name]/_packaging/[Feed Name]/nuget/v3/index.json" />
</packageSources>
</configuration>
Follow these steps to get the above xml
Select project hosting the feed
Select Artifacts
Select the required feed
Click Connect to Feed
Select NuGet.exe
It should be there in Project Setup
This should allow you to use the feed in one project to another project without giving you an unauthorized error. Happy Coding!!
Reference: https://learn.microsoft.com/en-us/azure/devops/artifacts/how-to/project-scoped-feeds-pipeline-project-permissions?view=azure-devops

Deploy shiny app on shinyapp.io with package in private organization repo

I'm trying to deploy a shiny app to the shinyapps.io server, but keep getting an error relating to a custom-built package that is hosted in a private github repo owned by our organization (note that I have replaced the actual name of the package, company name, and private repo name in the error below):
error: Building package: [PACKAGE NAME]
################################ Begin Task Log
################################
################################# End Task Log
#################################
Error: Unhandled Exception: Child Task 530176316 failed: Error building
image: Error fetching [PACKAGE NAME] (1.0.2) source. Error accessing GitHub
repository ORGANIZATION/PRIVATE_REPO. HTTP 404: Not Found
I know the repo link is good, because installing via devtools::install_github("ORGANIZATION/PRIVATE_REPO, auth_token = token works.
I'm an admin for the organization page, and also made sure that token has both repo and admin:org scope.
I've also made sure to tick "Private Repository Access" in my shinyapps.io account page as stated here.
Anyone have any thoughts on what I might be doing wrong??
Thanks!
Create an .Rprofile file in your project folder that you would intend to deploy.
You would need to set that repo options in the .Rprofile. and add your private github link. Something like
# A sample .Rprofile file with two different package repositories.
local({
r <- getOption("repos")
r["CRAN"] <- "https://cran.rstudio.com/"
r["mycompany"] <- "http://rpackages.mycompany.com/"
options(repos = r)
})
This is well explained here. Package management in RStudio Connect.
It is necessary to enable private access to the repo in the shinyapps.io dashboard as shown here
But you also need to give the proper permissions to the organization from github -> settings -> applications
Select shinyapps from the applications list
And then grant access to the specific organization
And you are done!
rsconnect will automatically detect the source of the repo, provided it as installed with the auth_token parameter using devtools::install_github
Just in case, I found the above answer to allow for specific corporate repositories, not installing from a private github repo. For that, this link has this to say:
Go to Account >> Profile, then under github LINK the accounts, and allow private repo access.

Using Azure Powershell or the xpat cli how do I connect my web site to a github hook

Using the portal:
Using the portal at https://manage.windowsazure.com/ this is easy. From a newly created azure web site:
Go to the dashboard
On the quick glance options on the right, click "Set up deployment from source control"
On the "where is your source code?" option, select Github
Authorize, then choose the repo name and branch.
BINGO: now pushes to that branch will trigger a deployment of that branch onto the azure website. Lovely.
Here's the problem:
I cannot for the life of me see how to do this from the command line (using the xpat-cli installed using npm: "npm install azure-cli -g")
It seems like I should be typing something like:
azure site deployment github --verbose --githubusername [username] --githubrepository [username/reponame] [sitename]
Because the help for "azure site deployment github" says it will: "Link a website to a github account for deployment"
Doesn't seem to work though...
If I then type:
azure site show [sitename]
The output says the source control is "LocalGit" instead of github - which is what it says if I do it the portal way above.
Source Control
data: --------------
data: Type: LocalGit
Any ideas?
Depending on your use case the solution will be different.
Assuming you have the same github source but want to deploy to multiple different Azure websites
Potential Solution: Make use of the Deploy to Azure Button See details here: https://azure.microsoft.com/blog/2014/11/13/deploy-to-azure-button-for-azure-websites-2/
Assuming you have various repositories that you want to deploy to Azure: Potential Solution: I am assuming that you will be the person deploying it. The workflow will be as follows:
A. Download files from Github to local folder See here
B. Publish your local folder into a new/existing Azure site. See here, or here. There are other github repositories to get some scripts right away
I understand this doesnt directly hook your system to do direct pull, but its one way to do it.
There is also:
http://www.imtraum.com/blog/streamline-git-with-powershell/
https://gallery.technet.microsoft.com/scriptcenter/a-GitHub-Repository-265c0b49
Both documents I found describing how to set up continuous deployment from GitHub say that you can configure the repo and branch with an Azure Resource Manager template, but you have to enter your credentials and complete the authorization process in the portal.
The script used in this tutorial will automatically configure
continuous publishing from your GitHub repository. This requires that
your GitHub credentials are already stored in Azure, otherwise the
scripted deployment will fail when attempting to configure source
control settings for the web apps.
To store your GitHub credentials in Azure, create a web app in the
Azure preview portal and configure GitHub deployment. You only need to
do this once.
I'd also suggest posting your xpat-cli problem as an issue on their GitHub repo.