Search code examples
azure-devopsazure-pipelinesazure-pipelines-build-taskazure-pipelines-yamlazure-artifacts

Azure DevOps Artifact Feed, error 403 on push package from azure pipeline

I'm facing a permission issue.

I'm developing a yaml pipeline in Azure DevOps, that uses templates from an other repository under the same project.

Those templates are pretty simple.

  • dotnet restore -OR- npm install
  • dotnet publish and push folder to universal package feed -OR- dotnet pack and push nupkg to nuget feed
parameters:
- name: jobName
  type: string
- name: projectPath
  type: string
- name: projectName
  type: string
- name: filesToDelete
  type: object

jobs:
- job:
  displayName: ${{ parameters.jobName }}
  steps:

  - task: DotNetCoreCLI@2
    displayName: Dotnet build
    inputs:
      command: 'build'
      projects: '${{ parameters.projectPath }}/${{ parameters.projectName }}.csproj'
      arguments: '-c Debug'

  - task: DotNetCoreCLI@2
    displayName: Dotnet pack
    inputs:
      command: 'pack'
      packagesToPack: '${{ parameters.projectPath }}/${{ parameters.projectName }}.csproj'
      packDirectory: 'Pub'
      nobuild: true
      versioningScheme: 'off'
      verbosityPack: 'Normal'

  - task: DotNetCoreCLI@2
    displayName: Dotnet push nuget
    inputs:
      command: 'push'
      packagesToPush: 'Pub/*.nupkg'
      nuGetFeedType: 'internal'
      publishVstsFeed: '<devops project/<devops feed>'

Target is a project scoped feed, and the pipeline runs under a self-hosted agent (but even with microsoft-hosted ones I have the same issue).

Problem comes on push step, where I get this error. User '7de7da78-xxxx-xxxx-xxxx-xxxx3612a661' lacks permission to complete this action. You need to have 'AddPackage'.

I made many searches on web trying to fix it myself, and found many people with similar issues, like this, this or this.

The most referred solution is to add Build Account as collaborator, and I added it as contributor in project settings project-settings

and collaborator in feed settings feed settings

But nothing changed, still 403.

Any suggestion?

Solution

  • Azure DevOps Artifact Feed, error 403 on push package from azure pipeline

    Since you have arleady add the Build Account as collaborator, please try to check if the scope restrictions on single project builds is Enable:

    1. Click the "Project Settings" at the bottom left of the screen.

    2. Go to Pipelines > Settings.

    3. Disbale "Limit job authorization scope to current project" if it enabled.

    enter image description here