{NuGet}

A dependencies confusion usecase

Dependencies confusion basics
(the one with no typo, or LLM package)

# NuGet

Build (CICD/Dev)

Repo 1
(public)

Repo 2
(private)

?

Parler de NuGet me donne envie de revoir Green Book...

Did you use NuGet ?

# NuGet

Du coup, j'imagine que plein de dev utilise NuGet sans le savoir

NuGet: It's effective

# NuGet

Solution, user and computer level. With unlimited parent.

NuGet: It's effective

# NuGet

NuGet: It's clear

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear/>
    <add key="Microsoft Visual Studio Offline Packages" value="C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\" />
    <add key="private" value="https://repo.private/index.json" />
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" allowInsecureConnections="True" />
  </packageSources>
  <packageSourceCredentials>
    <private>
      <add key="Username" value="SuperAdmin" />
      <add key="ClearTextPassword" value="MyPassword" />
    </private>
  </packageSourceCredentials>
</configuration>
NuGet

NuGet: Versioning

NuGet
<!-- Accepts any version 6.1 and above.
     Will resolve to the smallest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="6.1" />
<!-- Accepts any 6.x.y version.
     Will resolve to the highest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="6.*" />
<!-- Accepts only version 6.1.0. -->
<PackageReference Include="ExamplePackage" Version="[6.1.0]" />
<!-- Accepts any version above, but not including 4.1.3. Could be
     used to guarantee a dependency with a specific bug fix. 
     Will resolve to the smallest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="(4.1.3,)" />
<!-- Accepts any version up below 5.x, which might be used to prevent pulling in a later
     version of a dependency that changed its interface. However, this form is not
     recommended because it can be difficult to determine the lowest version. 
     Will resolve to the smallest acceptable stable version.
     -->
<PackageReference Include="ExamplePackage" Version="(,5.0)" />
<!-- Accepts any 1.x or 2.x version, but not 0.x or 3.x and higher.
     Will resolve to the smallest acceptable stable version.-->
<PackageReference Include="ExamplePackage" Version="[1,3)" />

<!-- Accepts 1.3.2 up to 1.4.x, but not 1.5 and higher.
     Will resolve to the smallest acceptable stable version. -->
<PackageReference Include="ExamplePackage" Version="[1.3.2,1.5)" />

Quel cauchemar pour les gens qui font SBOUM

NuGet: /NuGet/Home/issues/5611

NuGet
NuGet

NuGet: Even System package ?

NuGet

NuGet: Use case

NuGet
  • Push "public" package on "internal" repo
    (no page, may be fastest)
  • Push "internal" named packed on nuget
    (no page, index maybe cached)
    Slow down internal repo with some DDoS?
  • Not stable/easy to reproduce

NuGet: No change, solution ?

NuGet
<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <!-- Define mappings by adding package patterns beneath the target source. -->
    <!-- Contoso.* packages and NuGet.Common will be restored from contoso.com,
         everything else from nuget.org. -->
    <packageSourceMapping>
        <!-- key value for <packageSource> should match key values from <packageSources> element -->
        <packageSource key="nuget.org">
            <package pattern="*" />
        </packageSource>
        <packageSource key="private">
            <package pattern="Contoso.*" />
            <package pattern="NuGet.Common" />
        </packageSource>
    </packageSourceMapping>
</configuration>

Recent on the life of NuGet, not used so much

NuGet: DevOPS -> Check the fix!

NuGet
**/.classpath
**/.dockerignore
**/.env
**/.git
**/.gitignore
**/.project
[...]
**/NuGet.Config

Not sure why this land on a .dockerignore

NuGet: DevOPS -> Check the fix!

NuGet
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS builder
ARG NUGET_USER
ARG NUGET_PASSWORD
WORKDIR /app
COPY ./ .
RUN dotnet nuget add source -u $NUGET_USER -p $NUGET_PASSWORD --store-password-in-clear-text --name private "https://nuget.pkg.github.com/private/index.json" \
  && dotnet publish -c Release -o out ./Api

FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS runner
WORKDIR /app

[...]
Folder structure:

aapi
[...]
api
+  Api
+  .dockerignore
+  Dockerfile
+  Registry.sln
nuget.config

nuget.config can be higher than dockerfile, then not inside the builder

NuGet: DevOPS -> Check the fix!

NuGet
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS builder
ARG NUGET_USER
ARG NUGET_PASSWORD
WORKDIR /app
COPY Api/ .
COPY Registry.sln .
RUN dotnet nuget add source -u $NUGET_USER -p $NUGET_PASSWORD --store-password-in-clear-text --name private "https://nuget.pkg.github.com/private/index.json" \
  && dotnet publish -c Release -o out ./Api

FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS runner
WORKDIR /app

[...]
Folder structure:

api
+  Api
+  .dockerignore
+  Dockerfile
+  Registry.sln
+  nuget.config

... or the nuget.config is here but not copied.

NuGet 🐔

By Tr4l

Made with Slides.com

NuGet 🐔

  • 188

More from Tr4l