Azure Artifacts - Sharing project-scoped feeds with other projects

Asked 13/11, 2020 at 13:30 Answered 29/7, 2022 at 22:9

Solved azure-devops artifacts azure-artifacts

We have a number of projects within my organisation. One such project has created a project-scoped Azure Artifact feed that they wish to share with our other projects.

However, when the other projects access their Artifacts page, from the feed drop-down they can only see the "Organization scoped feeds" and nothing under "Project-scoped feeds". What do we need to do make this feed visible and available to the other projects, particularly for use in their pipelines.

I'm at a loss, as I've drawn a complete blank so far.

Bazooka answered 13/11, 2020 at 13:30 Comment(1)

Hi, Not get your latest information, are the answers below helpful for you? Or if you have any concern, feel free to share it here – Dozen 17/11, 2020 at 8:9

According to the doc: To see a project-scoped feed in the list you have to be navigated to the project the feed is scoped to. We could know that we cannot see the project-scoped feed in another project.

particularly for use in their pipelines.

When connecting to a private project scoped feed from an Azure DevOps pipeline that is in the same organization but in a different project, the project that the feed is scoped to must allow access to the other project's build service. The build service must also be separately added to the feed permissions, regardless of the scope of the feed.

Add build service account: Build service account is Project Collection Build Service (Org name), we need configure feed permission in the project-scoped feed for this service. then we could access the project-scoped feed in the pipeline.

We also need open project settings->settings and ensure the option Limit job authorization scope to current project for non-release pipelines and Limit job authorization scope to current project for release pipelines is disabled. We could refer to the pic below.

Then we could access and use the project-scoped feed in another project pipeline.

Dozen answered 16/11, 2020 at 2:42 Comment(2)

Thanks, the combination of these two finally worked for me. Just for the clarification, the second step applies to the project consuming the feed and restoring packages from it, not the project owning the feed. – Computer 1/2, 2023 at 18:31

Is there any equivalent for user accounts, not just pipelines? I want to give users of a different project access to the feed in Visual Studio without giving access to the project itself. – Leshalesher 8/8, 2023 at 9:6

This is a very old post. But, in case, someone is still facing the problem and the above solutions have not worked like me then please follow as below.

Step One:

Select project hosting the feed
Select Project settings
Select Permissions
Select groups tab
Select Contributors
Select Members tab
Click Add
Select [Name of the project Consuming the Feed] Build Services ([Organization Name]) ex: FeedConsumer Build Services (xyz)
Click Save

Step Two:

Select project hosting the feed
Select Artifacts
Select your feed.
Select Feed Settings
Select Permissions
Click Add Users/Groups button
Select [Name of the project Consuming the Feed] Build Services ([Organization Name]) ex: FeedConsumer Build Services (xyz)
Select the role as a contributor
Click Save

Step Four:

Add nuGet.config file to the consumer project's root path where there is a .csproj or .sln file.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <packageSources>
        <clear />
        <add key="[Feed Name]" value="https://pkgs.dev.azure.com/[Company Name]/[Project Name]/_packaging/[Feed Name]/nuget/v3/index.json" />
    </packageSources>
</configuration>

Follow these steps to get the above xml

Select project hosting the feed
Select Artifacts
Select the required feed
Click Connect to Feed
Select NuGet.exe
It should be there in Project Setup

This should allow you to use the feed in one project to another project without giving you an unauthorized error. Happy Coding!!

Reference: https://learn.microsoft.com/en-us/azure/devops/artifacts/how-to/project-scoped-feeds-pipeline-project-permissions?view=azure-devops

Subordinate answered 29/7, 2022 at 22:9 Comment(2)

Upon searching the entire Internet this was the most accurate and detailed instructions I found. You should send this to MS so that they update their documentation. Thank you very much my friend – Hamid 18/5, 2023 at 5:36

This works as advertised - thank you! – Twicetold 7/9, 2023 at 19:0

Project-scoped feeds can't be 'shared' with other projects per se, but that doesn't really restrict how they are used. You can certainly have identities with permission to both, including build identities. Make sure the identity has "Read project-level information" permission in the project security settings for the project which contains the feed, as well as appropriate permissions on the feed itself. You can think of it similarly to Git repos -- you don't see other projects' Git repos, but there's nothing stopping you from using Git repos in multiple projects if you have permission to access them.

Another option is Upstream Sources.

Trombidiasis answered 13/11, 2020 at 16:39 Comment(3)

that's odd because I have definitely seen in other similar instances where a project-scoped feed owned by one team project, was available/visible from the dropdown list of another team project feed. – Bazooka 13/11, 2020 at 17:41

If View project-level information of the project hosting the feed is granted, its Boards and Repos can be accessed as well. Most of the time, this is not intended. Although the access to the Repos can be further restricted albeit more steps have to be taken. However I couldn't find a way to disable the view access to the Boards. – Odie 20/1, 2021 at 17:2

"View project-level information" is required to access a project, period. The Azure DevOps infrastructure rejects requests to projects where the calling identity does not have that permission. – Trombidiasis 21/1, 2021 at 15:48

Recommended topics

Hot tags