I was building Jenkins pipeline last week and had to research how can I build dotnet code from Azure DevOps Git repository and use Azure DevOps NuGet feed. Despite the promise of harmony perfectness with Jenkins and Azure DevOps, there’s no connector between Jenkins and Azure DevOps Artifacts. Also, integration requires continuous maintenance because of Personal Access Token (PAT) temporality.

But if you really need, see how I implemented my Jenkins + Azure DevOps Artifacts and Git integration.

What credentials are needed?

You have to create 3 types of a token:

  1. Jenkins API Token for Azure DevOps Service Hook. It’s used to trigger Jenkins build after code is pushed. Jenkins user owning this API token should have permissions: Overall(Read), Job(Build), Job(Read).
  2. Azure DevOps Personal Access Token (PAT) for accessing Git repository from Jenkins. When you create this PAT add the Code(read) scope to it. Expiration up to 1 year.
  3. Azure DevOps Personal Access Token (PAT) for accessing NuGet feed. This PAT is created automatically by Azure Artifacts Credential Provider and has scope Packaging(Read & write). Expires after 3 months.

So, the first thing you probably have to do is create Jenkins build user and temporarily keep its password because you have to log in under its account to create API token on Jenkins side. I discourage you from using your personal user account because whether you leave company builds shouldn’t stop working.

Make NuGet looking for packages in Azure DevOps

Create NuGet.Config

In the root of a project, I make NuGet.Config file with settings like:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <packageSources>
        <clear /> <!-- ensure only the sources defined below are used -->
        <add key="YourFeedName" value="https://YourOrgName.pkgs.visualstudio.com/_packaging/YourFeedName/nuget/v3/index.json" />
    </packageSources>
</configuration>

You shouldn’t care about NuGet configuration in profiles of developers or build agents and the easiest way to avoid the care is to manage it as code.

Authorize with Azure Artifacts Credential Provider

Just configuration is not enough, you need authorization. You have to deploy Azure Artifacts Credential Provider and authorize.

  1. Download Azure Artifacts Credential Provider (windows, linux / mac).
  2. Unpack it under %userprofile%\.nuget\ (Windows) or $HOME/.nuget/ (Linux / Mac).
  3. Execute: dotnet restore --interactive
  4. Go to https://microsoft.com/devicelogin, enter the code displayed by previous CLI command then authenticate.

When authorization is made PAT with scope Packaging(Read & write) is created for 3 months and stored under %appdata%\Local\MicrosoftCredentialProvider\ (Windows) or $HOME/.local/share/MicrosoftCredentialProvider/ (Linux / Mac).

You have to do it in the profile of Jenkins build agent to make it able to download and publish NuGet packages.

Make Jenkins able to pull from Azure DevOps Git repository

  1. Manually create PAT with scope Code(read). You can set expiration up to 1 year for it.
  2. On Jenkins master create credentials. As login use your Azure DevOps (Azure AD / Microsoft account) user login (whose PAT was created).
  3. When configuring build project, use this credentials.

Create Jenkins build project

You have to do it before creating an Azure DevOps service hook.

Make Azure DevOps triggering Jenkins when code pushed

  1. Login to Jenkins under the build user account. I appealed to make it at the beginning of this article (you can reset it’s password any time).
  2. Create an API token (give it a meaningful name) and copy to the buffer.
  3. Go to Azure DevOps at /<project>/_settings/serviceHooks and create the hook you need.

Recap

  1. Create a Jenkins build user.
  2. Create NuGet.Config in the code repository.
  3. Configure NuGet authorization in the profile of a Jenkins build agent.
  4. Create PAT for Jenkins to pull from Azure DevOps Git repository.
  5. Create API Token under Jenkins build user account for Azure DevOps.
  6. Create a service hook in Azure DevOps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s