Search code examples
azure-devopsazure-artifacts

How to log into Azure DevOps Artifact feed without token

I have a Azure DevOps artifact feed that we set up. In the same project as the artifact I have created a gradle build and using a token as the password I can access the artifact feed to have it access artifacts. Someone in my department thinks that there might be a way to access the artifact repo without a token. I tried using System.AccessToken but it did not work. Perhaps there is a different way to set up the artifact?

Here is my gradle.build file:

    credentials { 
        username "Testuser" 
        DevOps Services_ENV_ACCESS_TOKEN") : vstsMavenAccessToken 
        //password "<using raw token works>"
        //password System.getenv("SYSTEM_ACCESSTOKEN")
        password System.getenv("TOKEN")
    }

Here is my azure-pipelines.yml where I define the variables I use in the build.gradle file. token is a environment variable that I have set to the my actual token (which works). If I swap it and use the System.AccessToken it does not work:

steps:
- task: Gradle@2
  inputs:
    workingDirectory: ''
    gradleWrapperFile: 'gradlew'
    gradleOptions: '-Xmx3072m'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.11'
    jdkArchitectureOption: 'x64'
    publishJUnitResults: true
    testResultsFiles: '**/TEST-*.xml'
    tasks: 'build'
  env:
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)
    TOKEN: $(token)

Stay well and thanks for any help or insight!

Solution

  • How to log into Azure DevOps Artifact feed without token

    Just as what you tried, using $(System.AccessToken) should work fine. Just share my steps and some key points which you should pay attention to.

    Configuration:

    Here is part of my build.gradle file, and I applied the $(System.AccessToken) to publish package to my feed:

    publishing {
    publications {
        myPublication(MavenPublication) {
            groupId 'com.microsoft.core'
            artifactId 'mock='
            version "${version}"
            artifact "build/libs/mock-${version}.jar"
        }
    }
    // Repositories *to* which Gradle can publish artifacts
    repositories {
        maven {
            url 'https://pkgs.dev.azure.com/{org name}/_packaging/{project name}/{feed name}/v1'
            credentials {
               username "Azure DevOps Services"  
               //password System.getenv("AZURE_ARTIFACTS_ENV_ACCESS_TOKEN") != null ? System.getenv("AZURE_ARTIFACTS_ENV_ACCESS_TOKEN") : vstsMavenAccessToken
               password System.getenv("SYSTEM_ACCESSTOKEN")
            }
        }
    }
}

    The part of YAML definition:

    - task: Gradle@2
  displayName: Gradle Publish
  inputs:
    workingDirectory: ''
    gradleWrapperFile: 'gradlew'
    gradleOptions: '-Xmx3072m'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.8'
    jdkArchitectureOption: 'x64'
    publishJUnitResults: true
    tasks: 'publish'
  condition: always()
  env:
    SYSTEM_ACCESSTOKEN: $(System.AccessToken)

    You can see my publish log and it published successfully:

    enter image description here

    Except the above script configuration, you also make configuration on your feed setting. Because the pipeline actual using Collection/project service account to access and perform actions in feed.

    Please go feed setting, search and add Project Collection Build Service ({org name}) and {Porject name} Build Service ({org name}) into this permission setting. And assign them Owner role.

    Now, re-build your pipeline and you will see it could succeed to access feed.