All Collections
Build
Restore Private AzureDevOps Package Management feeds using PAT.
Restore Private AzureDevOps Package Management feeds using PAT.

Can I use Private AzureDevOps feeds for AppCenter Build?

Jihye E avatar
Written by Jihye E
Updated over a week ago

Azure Artifacts is an extension that hosts NuGet, npm, and Maven packages alongside all your other AzureDevOps assets: source code, builds, releases, etc.

It's possible that, you're using AzureDevOps package feeds for your solution for a couple of scenarios,

  1. For an in-house Application that uses libraries from another custom solution, uploaded as a feed nuget/NPM package to AzureDevOps . 

  2. Your solution uses multiple feeds (NPM, Maven, NuGet) and you're using AzureDevOps Package Management to consolidate them all to use a single mechanism to restore packages.

If your solution uses AzureDevOps Feeds, you can let AppCenter know about it by modifying the nuget.config (create if you don't have one) placed in the same level as your Solution/csproj file.
This is similar to restoring private nuget feeds, but the problem comes in with the Authentication.

Your AzureDevOps may use Microsoft Accounts, AzureDevOps backed by AAD (Azure Active Directory), Work/School/Personal Accounts, or a combination of these. You may be stuck with 401 errors and Build failures during the restore step.

In such cases, where the typical username/password fails, you can create personal access tokens (PAT) to authenticate access.

The sample nuget.config now looks like, 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
    <add key="VSTSFeed" value="https://vstsaccount.pkgs.visualstudio.com/_packaging/FeedName/nuget/v3/index.json " />
  </packageSources>
  <activePackageSource>
    <add key="All" value="(Aggregate source)" />
  </activePackageSource>
  <packageSourceCredentials>
    <VSTSFeed>
      <add key="Username" value="%USER_VARIABLE%" />      
      <add key="ClearTextPassword" value="%PAT%" />
    </VSTSFeed>
  </packageSourceCredentials>
</configuration>

Be sure to create Custom Environment variables in AppCenter Build Configuration Settings with the same name specified by the value field (USER_VARIABLE and PAT, in our example) and "secretize" the PAT variable.

Since the password key is "ClearTextPassword", it's a terrible idea and a security concern if you're saving nuget.config with a clear PAT. So it's best to make use of AppCenter Environment variables.

(When your PAT expires, you can simply get a new one and update the PAT variable value there)

Hope this helps! Cheers! 

Did this answer your question?