{NuGet}

A dependencies confusion usecase

Dependencies confusion basics

# NuGet

Build (CICD/Dev)

Repo 1
(public)

Repo 2
(private)

?

Dependencies confusion basics

# NuGet

Build (CICD/Dev)

Repo 1
(public)

Repo 2
(private)

Artifactory

?

NuGet: It's effective

# NuGet

NuGet: It's effective

# NuGet

NuGet: It's clear

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear/>
    <add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
    <add key="private" value="https://repo.private/index.json" />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" allowInsecureConnections="True" />
  </packageSources>
  <packageSourceCredentials>
    <private>
      <add key="Username" value="SuperAdmin" />
      <add key="ClearTextPassword" value="MyPassword" />
    </private>
  </packageSourceCredentials>
</configuration>
NuGet

NuGet: Lowest applicable version

NuGet

NuGet: Which one ?

NuGet
<add key="private" value="https://repo.private/index.json" />
	<package version="1.0.0-beta" name="HelloWorldPackage" />
	<package version="1.0.1" name="HelloWorldPackage" />
    <package version="1.1.0" name="HelloWorldPackage" />
	<package version="1.1.1" name="HelloWorldPackage" />
	<package version="1.1.2" name="HelloWorldPackage" />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" allowInsecureConnections="True" />
	<package version="1.0.0" name="HelloWorldPackage" />

Application want:

<PackageReference Include="HelloWorldPackage" Version="1" />

NuGet: Direct dependency wins

NuGet

NuGet: Which one ?

NuGet
<add key="private" value="https://repo.private/index.json" />
	<package version="1.0.0-beta" name="HelloWorldPackage" />
	<package version="1.0.1" name="HelloWorldPackage" />
    <package version="1.1.0" name="HelloWorldPackage" />
	<package version="1.1.1" name="HelloWorldPackage" />
	<package version="1.1.2" name="HelloWorldPackage" />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" allowInsecureConnections="True" />
	<package version="1.1.2" name="HelloWorldPackage" />

Application want:

<PackageReference Include="HelloWorldPackage" Version="1.1.2" />

NuGet: /NuGet/Home/issues/5611

NuGet

NuGet: No change, solution ?

NuGet
<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <!-- Define mappings by adding package patterns beneath the target source. -->
    <!-- Contoso.* packages and NuGet.Common will be restored from contoso.com,
         everything else from nuget.org. -->
    <packageSourceMapping>
        <!-- key value for <packageSource> should match key values from <packageSources> element -->
        <packageSource key="nuget.org">
            <package pattern="*" />
        </packageSource>
        <packageSource key="private">
            <package pattern="Contoso.*" />
            <package pattern="NuGet.Common" />
        </packageSource>
    </packageSourceMapping>
</configuration>

NuGet: Versionning

NuGet

Code

By Tr4l

Made with Slides.com

Code

  • 58

More from Tr4l