Azure Functions no longer compile on build server after upgrade from .NET 7 to .NET 8

I have numerous Azure Functions setup that build through Azure Pipelines on the vmImage: 'windows-latest' build server. They were initially setup with .NET 7 and have worked fine for a year or so.

I recently upgraded the projects to .NET 8 (just updated the version) and they will no longer compile on the build server. They compile and run just fine locally.

The build process is these steps:

• Use .NET 8.0.x
• Install nuget > 6.0.0
• Nuget cache (skip restore if packages are already there)
• dotnet restore
• dotnet build

The dotnet build step is the one now failing. It seems to be trying to download dependency packages (these are not directly installed into my project) from the azure pipeline artifact instead of from an upstream source.

Failed to download package 'Microsoft.NETCore.Targets.3.0.0' from 'https://pkgs.dev.azure.com/MYPROJECT/someguid/_packaging/anotherguid/nuget/v3/flat2/microsoft.netcore.targets/3.0.0/microsoft.netcore.targets.3.0.0.nupkg'.
Response status code does not indicate success: 401 (Unauthorized).

There are dozens of these pages, each with dozens of package dependencies.

What hasn't worked:

• As best I can tell the 401 should really be a 404 (it doesn't exist). The permission configuration is correct as best I can tell and these projects work fine as a .NET 7 target with no authentication issues
• I've checked everything around the configuration of the artifacts and upstream sources are enabled to check from nuget.org. Many other packages have trickled down into the local artifacts - and again, it works when target is .NET 7
• I've tried manually importing the "missing" dependencies into the project directly. This doesn't seem to make any difference and you still get the same errors
• Bumping nuget to 6.11 - no difference

What does work:

• Rolling back to .NET 7.0. I can freely move "forward" to a failing build and "backward" to a success build by changing back the targeting

What are the specific changes?

• Update the .csproj to net8.0 from net7.0

• Update the following nuget packages (not updating them gives a bizarre Invalid combination of TargetFramework and AzureFunctionsVersion is set error)

  Microsoft.Extensions.DependencyInjection -> 8.0.1
  Microsoft.Azure.Functions.Worker.Extensions.Abstractions -> 1.3.0
  Microsoft.Azure.Functions.Worker -> 2.0.0
  Microsoft.Azure.Functions.Worker.Extensions.Storage -> 6.6.0
  Microsoft.Azure.Functions.Worker.Sdk -> 2.0.0
  

Pipelines always seems like a guessing game when these sort of things happen, so hoping someone else has run into this or has a good guess I can try. The functions still build just fine on .NET 7, but I'd really like to get them updated to .NET 8 moving forward.

I'm guessing it may be related to the functions worker package updates, but I can't seem to separate the two.

From your description of the issue, the 401 error exists in the dotnet build step.

Refer to this doc: Why is my build, publish, or test step failing to restore packages?

Most dotnet commands, including build, publish, and test include an implicit restore step. This will fail against authenticated feeds, even if you ran a successful dotnet restore in an earlier step, because the earlier step will have cleaned up the credentials it used.

The cause of the 401 error is that dotnet restore step will have cleaned up the credentials it used. Then the valid credentials cannot be read in the dotnet build step.

To solve this issue, you can add NuGet Authenticate task before dotnet restore task for NuGet authentication.

Here is Pipeline example:

steps:
- task: UseDotNet@2
  inputs:
    packageType: 'sdk'
    version: '8.0.x'
- task: NuGetToolInstaller@1
  inputs:
    versionSpec: '6.0.x'
- task: NuGetAuthenticate@1
  displayName: 'NuGet Authenticate'

- task: DotNetCoreCLI@2
  inputs:
    command: 'restore'

- task: DotNetCoreCLI@2
  inputs:
    command: 'build'

The NuGet credentials generated by NuGet Authenticate task will be effective throughout the agent job. It can solve the 401 authentication error in dotnet build task.