I'm using the GitHub Package to host some private NuGet packages.
I notice the feed includes upstream packages (e.g. Newtonsoft.Json, EntityFramework) in my private feed. How do I exclude them?
On Azure Artifacts, as shown in this link, we can turn it off through setting But how do we do the samethe for GitHub package feed?
Related
I have an Azure Pipelines job setup to authenticate to a private NuGet feed in Azure Artifacts, and then build my .NET project that relies on a NuGet package in the feed. However, my private package is a pretty common name. How can I ensure that it only installs that specific package from my private feed, and doesn't try to fallback to the NuGet general gallery? I do not want it to pull in an incorrect package that has the same name and version name as my private package.
Once you configure multiple sources/feeds, NuGet will look for a package in all these sources together with no guarantee of where the package will be downloaded from. However, you could make the AzDo artifacts feed as the only configured feed and then upstream other sources from it. This way NuGet will get all packages from the configured AzDo artifacts source and AzDo artifacts will source other packages not available with it from the upstreamed sources in the order defined. More info can be found here: https://learn.microsoft.com/en-us/azure/devops/artifacts/concepts/upstream-sources?view=azure-devops
I want to package and publish a .net standard based code as a nuget package using VSTS build. I have created a private nuget feed (in VSTS Artifacts) to which I would like to publish nuget package along with symbols package.
I tried using dotnet CLI tasks to build and publish but it only publish .nupkg and not *.snupkg to the nuget feed.
I googled alot but I only found articles related to publishing to nuget.org and not to a private feed.
Publish *.snupkg symbol package to private feed in VSTS
You can publish the .snupkg symbol package to NuGet.org, or to any NuGet server that opts into this experience. But azure devops private feed does not have this experience.
You can get the detailed info from this wiki NuGet Package Debugging & Symbols Improvements:
When publishing packages, both the symbols package and the .nupkg will be easily published to NuGet.org, or to any NuGet server that opts into this experience.
Reason:
As we know, when we consume .snupkg in Visual Studio, we add a new symbol server location under Symbol file (.pdb) locations:
But Visual Studio can only parse the symbol file (.pdb) directly rather than the .snupkg package, so we need a NuGet server to help us read the .pdb file from the .snupkg package. Azure devops feed is more inclined to be a shared repository of packages.
So, we have to publish *.snupkg symbol package to NuGet.org, or to any NuGet server that opts into this experience.
If you do not want share your package on the nuget.org, You can host your own NuGet server or you can use a lightweight solution to resolve this issue (You can debug the nuget package with private feed).
Hope this helps.
You may well want to just embed the symbol PDB in the main NuGet package itself. IMO that's the best approach here today - it's much simpler, removing the need for the symbol server at all and works well with all repository types, private VSTS/Azure DevOps feeds public repos. The only downside is that clients have to download modestly bigger NuGet packages even if they don't use the debug info, but that seems minor.
Adding the PDB in the NuGet package is normally just a matter of adding this to your project file:
<AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.pdb</AllowedOutputExtensionsInPackageBuildOutputFolder>
See NuGet #4142 and Include pdb files into my nuget (nupkg) files.
Azure Artifacts does not currently support .snupkgs but it does have a symbol server to which you can publish if you're building using Azure Pipelines. This doc walks through setting up a pipeline that publishes symbols.
You can publish the snupkg files to Azure DevOps, but at this point, you cannot consume them from with VS to debug. Here is how I did it:
1) setup a "Use .Net Core" task to upgrade the .net sdk to the version that supports this (as below)
2) setup a custom dotnet pack command (as below)
3) push it to Azure using the dotnet push command (as below)
This results in the snupkg being pushed to Azure DevOps Artifacts, thus:
I have a NuGet package in one private NuGet Feed. I want to include that NuGet package in a different private NuGet Feed. How do I add a package to NuGet from my local computer?
Thank you
It depends on the feed you want to add the package to. If it's an HTTP feed that supports the NuGet protocol, like nuget.org or an Azure Devops Artifacts feed, then you can use nuget.exe push. Some HTTP feeds may have a web page you can use to upload the package to. If you have a local file feed (even if it's a network share, it's still operating system file IO), then you can use nuget add, but nuget push may work as well.
Unless you give us more information about your private feed, we can only give you this generic advice.
I created the feed to store private npm package there.
When I publish my private package from the project - some another public packages are published to this feed.
Can I somehow prevent publishing of public packages to the feed?
Is it ok to store public packages on the VSTS feed?
Daniel Mann is correct - you most likely have the npmjs upstream source. Because npm only supports a single registry, the upstream source is required to use both public and private packages in the same project. This is by design and recommended by the Azure Artifacts team. The "Source" column on your package list should show that these packages come from npmjs directly.
I created a build and release pipeline for my NuGet package using VSTS.
But after running the build and release pipeline successfully, the feed includes the nuget.org reference which was added. How can I prevent this?
This is by design. You enabled upstream sources and installed these packages through this feed. Refer to this documentation for details: Saving packages from upstream sources: continuity.
When you enable an upstream source, packages installed from the
upstream source via the feed will automatically be saved in the feed.