Managing software dependencies, whether those created in-house or from third parties can be a pain in the behind. Whether dependencies feel like wild chickens or people run around like chickens dealing with dependencies, the NuGet package manager can be a cure. Let us guide you to creating enterprise (chicken) NuGets and dealing with them in a structured, easy-to-maintain manner. From developer workstation to build server, NuGet tastes great! We'll provide you the dip sauce.
6. Welcome to Dependency Hell
frustration
“A term for the of software users who have
installed software packages which have dependencies on
specific versions of other software packages.” (Wikipedia)
7. Cause and Effect
• Reinventing the wheel
– We don’t need that dependency
– “If they can do it, we can do it, but better”
What happened to reuse of components?
• Marketing-Driven Versioning
– People are waiting for v2 to buy
– Let’s call it v4 Platform Update SP3 November Edition
KB2348063 RTW Refresh
We lost ownership of AssemblyVersion ?
8. Package Management
• NuGet to the Rescue!
“NuGet is a Visual Studio extension that makes
it easy to install and update open source
libraries and tools in Visual Studio.”
• Simple concept
– Find Packages
– (Re)Use Packages
– Produce Packages
11. Semantic Versioning
• Think about your versioning! (semver.org)
Major Breaking changes
Minor Backwards compatible API additions/changes
Patch Bugfixes not affecting the API
– Always specify lowerbound
– Use a version range (lowerbound + upperbound)
when versioning of package you depend on is messed
up
13. Hosting your own repository
• NuGet = public feed
– Privacy
– Intellectual property
• NuGet maintained by package authors
– Author removes v1.0.45 and you depend on it
16. NuGet.Server limitations
• Only 1 feed per installation
• No UI
– up to you to build it
• No granular security
– only 1 API-key for entire feed
• Conclusion: requires you to develop if you want
something more useful
17. Meet MyGet
• www.myget.org
• NaaS
– Register and off you go!
• Supports Enterprise scenarios
– Granular security
– Package mirroring
– Proxying
20. Typical source control...
• Contains /References (if you are lucky)
– ...and also
Project/_bin_deployable_assemblies
– ...and also /References/old
– ...and also /..././../.././References
• Usually references GAC-ed assemblies
21. Dependencies
• Software has dependencies. Deal with it.
• But are those YOUR intellectual property?
– YOUR reason to build software?
– YOUR product?
• No. They are dependencies. And they don’t
belong in source control.
22. Continuous Package Integration
• Can I get rid of all these referenced assemblies
duplicated all-over my source control system?
Yes!
• Do I need to install and maintain NuGet on all my
build agents?
No!
24. 3rd parties don’t belong in your VCS
• Replace them with NuGet packages
• Do commit packagesrepositories.config file
• Use Enable-PackageRestore
25. Problem!
• NuGet feed is subject to change...
– PackageSource msbuild property to the rescue
(NuGet.settings.targets in $(SolutionDir).nuget folder)
• Now what...
– Host your own feed and mirror packages
– Or use MyGet for that
26. Organize your chickens
• Feed structuring
– Scoped by quality: Build, QA, Production, …
– Scoped by audience: public, restricted access
– Other:
• Scoped by product version, milestone…
• Scoped by target platform
27. Guidance
• Publishing a package brings great
responsibility
– Breaking changes in your packages should be
versioned accordingly!
– Consumers might choose to no longer consume
any packages you published
28. Guidance
• Package Integration ≠ Integration Testing
– CI builds reflect output of source control input
– Same input always produces same output
Do not auto-update packages during automated builds
32. Automate deployments
• Build results in .nupkg
• Octopus deploys to its tentacles
– Test tentacles
– Staging tentacles
– Production tentacles
• www.octopusdeploy.com
33.
34. Chocolatey
• NuGet
– developer library packages
• Chocolatey
– applications and tools packager
– “yum” or “apt-get” for Windows
• www.chocolatey.org
36. Build Continuous
Test
Delivery of the
MyGet website
Package using:
Push TeamCity
NuGet
Release / Publish
MyGet
Deploy Octopus
DEMO Delivery
Continuous
37. Conclusion
Dependencies & people are chickens
Deal with them! NuGet can help
Set up your own NuGet repository
Continuous package integration
NuGet is a package manager
NuGet is a protocol
Xavier: Terugverwijzen naar “Marketing versioning”
Start with empty MVC template + addNuGet.ServerpkgRun siteDrop pkgs in packages folderRefresh browserFeed toevoegen in VS & show pkgs
Inloggen en feed aanmakenPackage pushen vanuit NPEFeed toevoegen aan VSOp MyGet feed security instellenPackage installen in VS en tonen dat er basic auth bijkomtPackage van NuGet toevoegen op MyGet en tonen dat je alle dependencies kan meepakken, mirroring, … en dat je ook gewoon van uw packages.config kan toevoegen
- Het feit dat NuGet.org geen garanties biedt op content- Wat als mensen packages verwijderen? BUILD breaks, DEVS unhappy again
Now isnot the time to take a nap (NaaP) NuGet is more than a package (system), it’s a protocol to:Distributesfunctionality (automateanything!, cfrScaffolding!)Distribute websites (akadeployments!)Distribute software in general