Ensuring a NuGet package can only be installed from a specific feed - nuget

I have an Azure Pipelines job setup to authenticate to a private NuGet feed in Azure Artifacts, and then build my .NET project that relies on a NuGet package in the feed. However, my private package is a pretty common name. How can I ensure that it only installs that specific package from my private feed, and doesn't try to fallback to the NuGet general gallery? I do not want it to pull in an incorrect package that has the same name and version name as my private package.

Once you configure multiple sources/feeds, NuGet will look for a package in all these sources together with no guarantee of where the package will be downloaded from. However, you could make the AzDo artifacts feed as the only configured feed and then upstream other sources from it. This way NuGet will get all packages from the configured AzDo artifacts source and AzDo artifacts will source other packages not available with it from the upstreamed sources in the order defined. More info can be found here: https://learn.microsoft.com/en-us/azure/devops/artifacts/concepts/upstream-sources?view=azure-devops

Related

Publish *.snupkg symbol package to private feed in VSTS

I want to package and publish a .net standard based code as a nuget package using VSTS build. I have created a private nuget feed (in VSTS Artifacts) to which I would like to publish nuget package along with symbols package.
I tried using dotnet CLI tasks to build and publish but it only publish .nupkg and not *.snupkg to the nuget feed.
I googled alot but I only found articles related to publishing to nuget.org and not to a private feed.
Publish *.snupkg symbol package to private feed in VSTS
You can publish the .snupkg symbol package to NuGet.org, or to any NuGet server that opts into this experience. But azure devops private feed does not have this experience.
You can get the detailed info from this wiki NuGet Package Debugging & Symbols Improvements:
When publishing packages, both the symbols package and the .nupkg will be easily published to NuGet.org, or to any NuGet server that opts into this experience.
Reason:
As we know, when we consume .snupkg in Visual Studio, we add a new symbol server location under Symbol file (.pdb) locations:
But Visual Studio can only parse the symbol file (.pdb) directly rather than the .snupkg package, so we need a NuGet server to help us read the .pdb file from the .snupkg package. Azure devops feed is more inclined to be a shared repository of packages.
So, we have to publish *.snupkg symbol package to NuGet.org, or to any NuGet server that opts into this experience.
If you do not want share your package on the nuget.org, You can host your own NuGet server or you can use a lightweight solution to resolve this issue (You can debug the nuget package with private feed).
Hope this helps.
You may well want to just embed the symbol PDB in the main NuGet package itself. IMO that's the best approach here today - it's much simpler, removing the need for the symbol server at all and works well with all repository types, private VSTS/Azure DevOps feeds public repos. The only downside is that clients have to download modestly bigger NuGet packages even if they don't use the debug info, but that seems minor.
Adding the PDB in the NuGet package is normally just a matter of adding this to your project file:
<AllowedOutputExtensionsInPackageBuildOutputFolder>$(AllowedOutputExtensionsInPackageBuildOutputFolder);.pdb</AllowedOutputExtensionsInPackageBuildOutputFolder>
See NuGet #4142 and Include pdb files into my nuget (nupkg) files.
Azure Artifacts does not currently support .snupkgs but it does have a symbol server to which you can publish if you're building using Azure Pipelines. This doc walks through setting up a pipeline that publishes symbols.
You can publish the snupkg files to Azure DevOps, but at this point, you cannot consume them from with VS to debug. Here is how I did it:
1) setup a "Use .Net Core" task to upgrade the .net sdk to the version that supports this (as below)
2) setup a custom dotnet pack command (as below)
3) push it to Azure using the dotnet push command (as below)
This results in the snupkg being pushed to Azure DevOps Artifacts, thus:

Add NuGet Package to Private NuGet Feed

I have a NuGet package in one private NuGet Feed. I want to include that NuGet package in a different private NuGet Feed. How do I add a package to NuGet from my local computer?
Thank you
It depends on the feed you want to add the package to. If it's an HTTP feed that supports the NuGet protocol, like nuget.org or an Azure Devops Artifacts feed, then you can use nuget.exe push. Some HTTP feeds may have a web page you can use to upload the package to. If you have a local file feed (even if it's a network share, it's still operating system file IO), then you can use nuget add, but nuget push may work as well.
Unless you give us more information about your private feed, we can only give you this generic advice.

How to publish a nuget package privately using Nuget Gallery

I have created a nuget package and I want to share it with my team using Nuget Gallery.
I need to publish the nuget package privately.
So I have managed to build the Nuget Gallery from Nuget Gallery build steps
When I run the build, Google Chrome shows up with "localhost" website address showing Nuget Gallery.
1) How do I add the nuget package that I have created recently to the local Nuget Gallery?
2) How do I publish the Nuget Gallery and share with my team after I have managed to add nuget package in that gallery?
Thanks
You can also create your own Nuget server running in your local network by using the Microsoft NuGet.Server available in nuget.org ;-)
If you haven't seen it already, have a look at the docs on hosting a private nuget feed. TeamCity has a NuGet feed built-in, so you may not need to host a NuGetGallery yourself.
Depending on where/how you host your private feed, it might have a UI that you can use to upload packages (such as the NuGet Gallery). But if you're creating packages as part of a CI pipeline, it's probably easier to just use nuget push and use the -Source parameter to specify which source you want to push to, assuming your nuget.config has more than once source defined.

Command to update packages repo in PackageManager console

I need to update package repo before building a solution in TFS Build Definition. I want to implement this using CommandLine build task.
Could someone tell me how to write a command to update package repo using a path.
According to your prior question, there are just missing some external packages during your TFS build pipeline.
Usually TFS use Package Management that hosts NuGet, npm, and Maven packages alongside all your other TFS assets: source code, builds, releases, etc, also be able to handle the external packages.
You could directly add external packages to a TFS Package Management feed. When you restore the packages, select the feed. All need packages will be restored entirely. To achieve this, just use Push NuGet packages to specify the packages you want to publish and the target feed location.
More details please refer Get started with NuGet Package Management in TFS

Can I use my OctopusDeploy built-in Package Repository in Manage NuGet Packages?

I have a working Octopus Deploy server which has a library of packages I built.
I have an assembly which depends on one of the assemblies which I have deployed in Octopus Deploy and which is currently in that repository. I tried adding it as a package source in NuGet Package Manager, with my repository's URL (something like:
http://myoctoserver/app#/library
).
It will not populate the list Manage NuGet Packages of Visual Studio 2013, although the Microsoft and .NET and the nugget.org will populate.
Documentation doesn't appear to address this at OctopusDeploy.com. Is this something that can be done, or does my organization need to make an external NuGet feed?
Octopus Server provides a write-only repository and it can't be consumed by other NuGet clients.
There are many options available to you depending on your budget / hardware
ProGet
MyGet
NuGet.Lucene
NuGet Gallery
Octopus built in package repository is not mean't to be consumed by others.
The nuget packages there, are built specifically for Octopus. They have different structure. These packages are meant to be unpacked directly to a specific location, and run by either Windows service or IIS.
Also, from docs:
It is important to understand that the Octopus server provides a
write-only repository; intended for hosting application packages only
. Packages that are pushed to the Octopus server can't be consumed by
other NuGet clients like Visual Studio. If you need a NuGet feed for
sharing libraries between your development projects, a separate NuGet
repository is required.
http://docs.octopusdeploy.com/display/OD/Package+repositories
We host internal nuget server ourselves, which works very nicely.