We are using Azure DevOps as source code management system.
I am searching for a tool which scans the git repositories and searches for used deprecated Nuget packages inside those repositories.
Does anybody know such a tool or is there any other way to find those packages easily without checking each repository by hand?
Related
I am new to DevOps. I will explain my structure first.
Project 1>
Repo 1
Repo 2
I am trying to make two build pipelines one that will build Repo 1 and a second that will build repo 2.
Repo 2 has a dependency on Repo1.dll.
I understand that I can publish the Repo1.dll and then download the artifact in repo2's pipeline.
My trouble is, our developers normal workflow is to have both repo's running in debug on their machines using a project reference. I am having trouble understanding how to reference Repo 1 from Repo 2 in a way that the artifact can be used in DevOps and project reference can be used on the developers machines.
How should c# references be handled when working with DevOps artifacts?
The best way to do this is using the NuGet.
When you build Repo 1 and create the nuget package Package1. Then publish this package Package1 to the Azure devops feed.
Now, add this package Package1 to the solution2 in the Visual Studio from the feed.
When we update the repo1, we need to build the NuGet package, publish it to the feed, then update the refernces package version to refer to the package you just publish.
I am looking for practical options to develop and test private nuget packages.
We have a set of "core" code that is delivered securely through an Azure Artifact Feed. We have various "consuming" applications that use the core nuget packages.
As a small-medium team, one person may be developing the core nuget as well as consuming it.
Today we check-in / merge the code for the nuget package. Make sure the Pull request is approved / passes. Then the build updates the Azure Artifact feed.
Then we come back to the "consuming" app and can update the package. Works great if you fix / add the feature the first time. However, slows down productivity when treating this as an iterative development approach.
Looking for simple options for a small team. Random thoughts on options:
Push nuget "alpha" package straight from developer's machine to Azure Artifact feed. Symbol server too?
Do something with an Azure build to allow "feature" branches to publish to Azure Artifact feed somehow?
Push to local nuget feed. Include pdbs so it can be debugged?
Temporarily break the nuget reference directly for local copy of dll(s)?
Re-think using nuget packages as a whole?
Push nuget "alpha" package straight from developer's machine to Azure Artifact feed. Symbol server too?
It depends on whether you need to debug it. If you need do debug this "alpha" package, you have to push the symbol package to the symbol server.
Note: You do not need to push the "alpha" package to the symbol server, just the symbol package.
Do something with an Azure build to allow "feature" branches to
publish to Azure Artifact feed somehow?
There is a task Push NuGet packages, we could use it to publish to Azure Artifact feed during build, no matter which branch it is on. It depends on whether you have enough permissions for the Azure Artifact feed, you can check it from Artifacts->Settings->Feed settings->Permissions:
Push to local nuget feed. Include pdbs so it can be debugged?
No, you also have to include the source code. Check this thread for some more details.
And there is a lightweight solution how to debugged nuget package on local feed on a network share.
Temporarily break the nuget reference directly for local copy of
dll(s)?
Re-think using nuget packages as a whole?
The answer is yes, when we develop the project on the local, use project reference is better than nuget, check my another post for some more details:
Ticket: Project reference VS NuGet.
Hope this helps.
Our client is using TFS, and we are using GitHub
I would like to sync the projects from TFS to Github and from GItHub to TFS as batch process whenever the changes are made in either of them.
Can someone suggest easiest way of doing the same?
Thanks in advance
git-tfs which is a two-way bridge between TFS (Team Foundation Server) and git. However if you are using TFS2013 and later, you could use Git as the source control option. You could directly use normal git command such as git pull, git push.
For the command to the get from github, just use the normal git command such as: git-scm.com/docs/git-pull –
In Azure Devops or Github, both of them use git as their Version Control, so you can have both as separate git remotes.
You could just use some git commands to handle this. Which command please take a look at this blog.
For automated process, then you could use one CI build definition to achieve it. Detail steps as below:
Create a CI build with a PowerShell or cmd Task;
Select the VSTS git repo in Get sources step;
Enable continuous integration andspecify include all branches for
Branch filters:
Two samples for your reference:
How to synchronize VSTS and Github respositories when commits are made
Syncing my Github repo to MS Visual Studio Team Services
Besides, you could also use some 3-rd party extension to handle this, such as this one--Git Tools for Azure DevOps
Azure Pipelines Build and Release extension that helps you synchronise one Git Repository with another.
You can use this extension with any Git repository: TFS, GitHub, Azure DevOps, Git, etc.
I want to package and publish a .net standard based code as a nuget package using VSTS build. I have created a private nuget feed (in VSTS Artifacts) to which I would like to publish nuget package along with symbols package.
I tried using dotnet CLI tasks to build and publish but it only publish .nupkg and not *.snupkg to the nuget feed.
I googled alot but I only found articles related to publishing to nuget.org and not to a private feed.
Publish *.snupkg symbol package to private feed in VSTS
You can publish the .snupkg symbol package to NuGet.org, or to any NuGet server that opts into this experience. But azure devops private feed does not have this experience.
You can get the detailed info from this wiki NuGet Package Debugging & Symbols Improvements:
When publishing packages, both the symbols package and the .nupkg will be easily published to NuGet.org, or to any NuGet server that opts into this experience.
Reason:
As we know, when we consume .snupkg in Visual Studio, we add a new symbol server location under Symbol file (.pdb) locations:
But Visual Studio can only parse the symbol file (.pdb) directly rather than the .snupkg package, so we need a NuGet server to help us read the .pdb file from the .snupkg package. Azure devops feed is more inclined to be a shared repository of packages.
So, we have to publish *.snupkg symbol package to NuGet.org, or to any NuGet server that opts into this experience.
If you do not want share your package on the nuget.org, You can host your own NuGet server or you can use a lightweight solution to resolve this issue (You can debug the nuget package with private feed).
Hope this helps.
You may well want to just embed the symbol PDB in the main NuGet package itself. IMO that's the best approach here today - it's much simpler, removing the need for the symbol server at all and works well with all repository types, private VSTS/Azure DevOps feeds public repos. The only downside is that clients have to download modestly bigger NuGet packages even if they don't use the debug info, but that seems minor.
Adding the PDB in the NuGet package is normally just a matter of adding this to your project file:
<AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.pdb</AllowedOutputExtensionsInPackageBuildOutputFolder>
See NuGet #4142 and Include pdb files into my nuget (nupkg) files.
Azure Artifacts does not currently support .snupkgs but it does have a symbol server to which you can publish if you're building using Azure Pipelines. This doc walks through setting up a pipeline that publishes symbols.
You can publish the snupkg files to Azure DevOps, but at this point, you cannot consume them from with VS to debug. Here is how I did it:
1) setup a "Use .Net Core" task to upgrade the .net sdk to the version that supports this (as below)
2) setup a custom dotnet pack command (as below)
3) push it to Azure using the dotnet push command (as below)
This results in the snupkg being pushed to Azure DevOps Artifacts, thus:
I need to update package repo before building a solution in TFS Build Definition. I want to implement this using CommandLine build task.
Could someone tell me how to write a command to update package repo using a path.
According to your prior question, there are just missing some external packages during your TFS build pipeline.
Usually TFS use Package Management that hosts NuGet, npm, and Maven packages alongside all your other TFS assets: source code, builds, releases, etc, also be able to handle the external packages.
You could directly add external packages to a TFS Package Management feed. When you restore the packages, select the feed. All need packages will be restored entirely. To achieve this, just use Push NuGet packages to specify the packages you want to publish and the target feed location.
More details please refer Get started with NuGet Package Management in TFS