Adding Secure Upstream NuGets in Azure DevOps Artifacts

Adding Secure Upstream NuGets in Azure DevOps Artifacts

There we were, merrily skipping down the happy-path to setting up Azure DevOps Artifacts for our .Net focused team when we realized that we couldn’t add non-public upstream NuGet providers.

Bummer.

Happy feeling gone.

We use several third party controls that are published as nugets but require us to use credentials to access them. Azure DevOps doesn’t  (as of June 2019) allow adding non-npm upstream sources nor upstream sources that require authentication. The source of our sadness… NPM only custom upstream sources and no authentication options. Since we still wanted to use the nugets AND only use our dedicated Azure DevOps Artifacts feed, we put our heads together to come up with a solution. There are a couple of ways that we could have tackled this. Ultimately, we found a simple solution that met our needs.

How to Get Other NuGet Packages into Azure DevOps Artifacts

Approach

The approach we took was to use nuget.exe to push the .nupkg files directly into our feed. This means we don’t need to maintain them in a repo and jump through pipelines hoops to publish them in the feed AND we can use a single nuget feed for our team.

The downside to this approach is it’s manual and needs to be repeated whenever newer versions of the control nugets are published. For now, we were willing to accept this. In the future, we might look at scripting and automating it.

Steps

  1. Download the nugets you need want to add to your Artifacts feed.
  2. In Azure DevOps, go to the Artifacts and click on “Connect to Feed”

3. While on the Nuget tab, click on “Download Nuget + Credential Provider”. This will let you authenticate to your Azure DevOps while using the nuget.exe. 4. Unpack the zip file and copy the contents to the folder with the nuget .nupkg files you downloaded earlier.

  1. Now run the command below using your organization URL and feed name to add the feed to your nuget sources. This command will also be shown on the same dialog that you download the tools from.
nuget.exe sources Add -Name "MyAwesomeFeed" -Source "https://MyAwesomeOrg.pkgs.visualstudio.com/_packaging/MyAwesomeFeed/nuget/v3/index.json"
  1. Finally, run the NuGet command to push the nugets into your feed. You can also find the exact command on the “Connect to Feed” dialog.
 nuget.exe push -Source "MyAwesomeFeed" -ApiKey AzureDevOps my_package.nupkg
  1. Profit.

That’s it! You can now look at your Azure DevOps Artifacts feed and see the nugets you pushed into the feed. If you find a better way to do this or write a script or extension to automate it, please email me.