I'm currently trying to add a Azure Devops artefact feed to Teamcity so I can pull dependencies built in Azure to our legacy Teamcity build server. I understand that I can use the Nuget Feed Credentials build feature to handle the authentication of this with an access token.
What I'm struggling with is that this build feature appears to need to be added to each build individually. Is there a way to handle this authentication centrally so I don't need to modify every build config where I want to use this feed?
The solution endded up being to create a build configuration template and use that to handle the auth.
Create new build configuration template on the root project
Add Nuget feed credentials step to the build configuration template (username can be anything, password should be a PAT which can read the feed)
Apply the new build configuration template to the root project
The end result of this is all your projects will have the same nuget authentication config.
Related
I need to implement a salesforce DevOps solution using Jenkins as deployment tool, Github as version control and SFDX as cli to be used as in deployment build steps.
Can anyone list out the step by step procedure once the tool(GitHub, Jenkins, salesforce, SFDX) are ready. I understood to include SFDX script or commands in build steps in Jenkins but have few queries too:
How can I deploy the entire release branch using Jenkins to target org.
How can I deploy specific components based on package.xml to target org.
Also, anyone has SFDX script to be used as reference.
I have setup salesforce, Jenkins, GitHub & SFDX tool on windows currently.
Tried deploying a set of components to target org but was not sure whether we have to create a SFDX project separately that will be committed to GitHub and will have to convert the code to metadata item.
Expectation would be to deploy salesforce components from GitHub release branch to salesforce target or using Jenkins pipeline or job.
I have created a Project scoped nuget feed in azure dev. I have some developers that I want them to be able to list/restore and read nuget packages so that they can add them in the projects they are working on.
I have added them in my organization (they are using an email address like outlook.com and gmail.com) without any project access and then from the nuget feed permissions I gave the permissions as Readers
When they try to run nuget list they get
Unable to load the service index for source https://pkgs.dev.azure.com/myorganizationname/e1f090d9-f848-428b-b774-7fd9dfc873ef/_packaging/Nuget-Test-Feed/nuget/v3/index.json.
Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/e1f090d9-f848-428b-b774-7fd9dfc873ef' does not exist, or you do not have permission to access it. (DevOps Activity ID: 09410946-865a-4d69-9b05-f1fd1d668891)).
Why they are not be able to access this feed?
Project nuget feed in azure dev cannot be accessed from reader
That is because the Project-scoped feeds inherit the visibility of the project.
So, if the user is not added to the project, will not access the feed.
To resolve this issue, please try to add the user to the project.
As test, I add my test use as Project Readers:
Then my test user could access the feed:
I'm experimenting with the DevExpress.Blazor Controls. Also I like to get my CICD workflow going right from getgo so that any issues crop up sooner rather than later. Since the project is OSS hosted on Github we will be using GitHub actions
To install the DevExpress.Blazor control, I need to add a unique URL as my Nuget Feed
While there is a DevExpress link [https://docs.devexpress.com/GeneralInformation/400604/installation/install-devexpress-controls-using-nuget-packages/integrate-nuget-to-popular-continuous-integration-systems] that lists how to configure various CICD unfortunately Github actions is missing out. The closest approximation is Azure DevOps but it mentions to tag the Nuget Feed in an unencrypted Nuget.config file. This would expose my Authorization Key. Is there any recommended way to ensure this is done in a secure manner?
If you do not want to store the auth key in the NuGet.config file (i.e., in the repository), it is possible to hide unique NuGet feed in Azure DevOps Build pipeline
I am using Azure CI/CD pipelines for Flutter build. In my Pubspec yaml file, I have dependencies that are private to my project and the code is hosted in same azure devops project but in different repository. During Build (i.e. Flutter Packages get) it gives me error saying Authentication failed?. I tried with PAT token where in prior to flutter build task i used git command to set that token, but it didn't solve the issue. Can anyone help me out?
I am open to being shown a better way but these are the steps I took to solve this issue a little while ago.
Assuming you are referencing the package in your pubspec.yaml using git over ssh on azure devops like:
repo_name:
git:
ref: 'tag or other identifier'
url: you#vs-ssh.visualstudio.com:v3/you/project/repo_name
Generate a new ssh key pair on your machine.
Upload the private key to the library secure files section on azure devops.
Add the install ssh key task to your azure pipelines build, using the key pair generated in the previous steps and referencing the private key uploaded to the secure files library. link
Upload the public key to your list of public keys. (This step I'm not 100% sure is necessary but I did it initially and things have worked so I haven't changed removed it)
So in my azure-pipelines.yaml the install ssh key step looks kinda like this where id_rsa is the name of the private key in my secure files.
- task: InstallSSHKey#0
inputs:
knownHostsEntry: 'vs-ssh.visualstudio.com, ...etc'
sshPublicKey: 'ssh-rsa ...etc'
sshKeySecureFile: id_rsa
A private feed is created with permissions such that only you have access.
The build agent run with user(build service account), give to this user permissions in the feed. From Feed settings->Permissions, assign your build service account owner permission.
Also verify the token is working, make sure you have selected sufficient scopes for this token to authorize for your specific tasks.
Besides try adding a variable system.debug with a value of true you’ll get more information in the failure. That might help pinpoint the problem.
I am trying to configure the Azure Artifacts Credential Provider to allow me to connect to Azure DevOps and publish NuGet packages to the Artifacts feed. I have installed the credential provider on my build server. However every time that I run the build I get the following error:
Am I supposed to pass in a PAT to the Credential Provider or is the account that is running the build need to have access to Azure DevOps so that it can generate credentials? The documentation was a little unclear to me about how this works. My TeamCity instance is a little out of date so maybe I need to work on getting that upgraded first.
Please, add NuGet Credentials Provider build feature for your build configuration. Specify an URL for the feed (the same way as you did in NuGet Publish build step), a valid username + PAT (not a password in there).
The accepted answer seems to no longer be working. On TeamCity 2019.1.4 running on Windows Server 2016 and using .NET Core 2.2.105:
[push] WARNING: The credential plugin model used by 'C:\TeamCity\buildAgent\plugins\nuget-agent\bin\credential-provider\CredentialProvider.TeamCity.exe' is deprecated. Please contact the provider of the plugin for an alternative. More information about the recommended plugin model can be found at 'https://aka.ms/nuget-cross-platform-authentication-plugin'.
[17:18:31][push] Please provide credentials for: https://pkgs.dev.azure.com/org/project/_packaging/feed/nuget/v3/index.json
[17:18:31][push] Unable to load the service index for source https://pkgs.dev.azure.com/org/project/_packaging/feed/nuget/v3/index.json.
[17:18:31][push] Response status code does not indicate success: 401 (Unauthorized).
Manually installing and running the https://github.com/microsoft/artifacts-credprovider works from the command line if I log in to the server and set the env vars for non-interactive use, but does not work within the context of a TeamCity Build job.
Is there a newer TeamCity runner than can handle authentication for dotnet nuget push to Azure Artifacts?