Open
Conversation
- Add NuGetAuthenticate@1 task before restore to authenticate to internal ADO feeds (1ES pools block direct nuget.org access) - Reorder NuGet.Config to prioritize internal ADO feeds over nuget.org so packages resolve through upstream sources first Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
liliankasem
force-pushed
the
fix/ci-nuget-restore
branch
2 times, most recently
from
2825e3b to
5ff5afd
Compare
satvu
approved these changes
Apr 20, 2026
liliankasem
force-pushed
the
fix/ci-nuget-restore
branch
2 times, most recently
from
1c28259 to
2ec1dd6
Compare
1ES CFSClean policy blocks direct access to api.nuget.org in CI. - Add nuget-upstream feed (ADO feed with nuget.org as upstream source) to NuGet.Config so packages resolve through the internal feed - Strip direct nuget.org source in CI restore step (kept for local dev) - Add NuGetAuthenticate for ADO feed auth - Remove networkIsolationPolicy overrides (CFS is org-enforced)
liliankasem
force-pushed
the
fix/ci-nuget-restore
branch
from
2ec1dd6 to
2cf5724
Compare
Rely on networkIsolationPolicy: Preferred, GitHub, NuGet to allow nuget.org access.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
NuGet restore fails on 1ES hosted agents with:
1ES pool agents block direct outbound access to
api.nuget.org:443.Fix
NuGetAuthenticate@1task before NuGet restore — authenticates to internal ADO feeds so packages can resolve through their upstream sources (which proxy nuget.org).NuGet.Config— move internal ADO feeds beforenuget.orgso the restore tries authenticated internal feeds first. nuget.org is kept as a fallback for local dev.Changes
eng/ci/templates/steps/restore-nuget.yml— added NuGetAuthenticate stepNuGet.Config— reordered feeds (internal first, nuget.org last)