Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
#comdaybeNuGet (Anti-)Patterns:Tales from the TrenchesXavier Decoster
Who am I?Xavier DecosterFounder of MyGet.orgNuGet contributorAuthor of Pro NuGetMEET memberhttp://www.xavierdecoster.com@x...
In this session
Agenda• What is NuGet (not)• Package versioning• Package repositories• Lessons learned
What is NuGet?• Solution-level PackageManagement for .NET• Tools:– NuGet.Core– NuGet.exe– NuGet Gallery (nuget.org)– NuGet...
What is NuGet not?• Perfect• Tool that magically fixes allyour problems• Replacement for softwareinstallers
Package versioningA single dot can separate heaven from hell…
#1 – Semantic VersioningMajor Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting...
#1 – Semantic Versioning• NuGet versioning algorithm differs from SemVerSemVer NuGetv x SemVer Versioning Scheme major.min...
#2 – Avoid 3-dots versioning schemes• Even though supported by NuGet– Not supported in SemVer– Not supported in combinatio...
#3 – Maintain a smooth upgrade path• Don’t change Package ID along the way!–Your packages will get stuck–So will your cons...
#3 – Maintain a smooth upgrade path• Version Precedence– 1.0.1-alpha00001 < 1.0.1-alpha00256 < 1.0.1-alpha < 1.0.1– Questi...
#4 – The effects of tight coupling…• Small packages > large packages• Specific functionality > Multifunctional packages
Package repositoriesAs important as your VCS!
#5 – Package Restore• A package repository is for … packages– What’s a source repository for?• Impact of package restore– ...
#6 – Split package repositories• Don’t pollute consumers’ repository with your internal DEV builds– MyGet.org is great at ...
#7 – Once published, don’t delete packages• Breaks package restore!• Forces consumers to upgrade!• Using own NuGet server ...
#8 – Have a fallback repository• Backup consumed packages–Mirror them on MyGet.org–Download them• Especially when using Pa...
Lessons learnedGeneral guidance & advise from the trenches…
#9 – Spot Binding Redirects• Mitigates potential risk for conflicts– During assembly resolution• Investigate why– Package ...
#10 – Use Sample Package or Readme.txt• Don’t pollute your actual packages• Provide a readme.txt– If you can’t automate th...
#11 – Uninstall Should Leave No Traces• Obvious, but often neglected/forgotten– Be a good citizen• Uninstall reverses inst...
demoPackage sources, feeds, packages and their versions playingalong…Package Promotion
Q&A
Thanks!http://www.xavierdecoster.com@xavierdecosterCome get your MyGetstickers, you might get lucky!
Upcoming SlideShare
Loading in …5
×

NuGet (anti-)patterns - Tales from the Trenches

1,718 views

Published on

Published in: Technology
  • Be the first to comment

NuGet (anti-)patterns - Tales from the Trenches

  1. 1. #comdaybeNuGet (Anti-)Patterns:Tales from the TrenchesXavier Decoster
  2. 2. Who am I?Xavier DecosterFounder of MyGet.orgNuGet contributorAuthor of Pro NuGetMEET memberhttp://www.xavierdecoster.com@xavierdecoster
  3. 3. In this session
  4. 4. Agenda• What is NuGet (not)• Package versioning• Package repositories• Lessons learned
  5. 5. What is NuGet?• Solution-level PackageManagement for .NET• Tools:– NuGet.Core– NuGet.exe– NuGet Gallery (nuget.org)– NuGet-Based Microsoft PackageManager• Your new search engine!
  6. 6. What is NuGet not?• Perfect• Tool that magically fixes allyour problems• Replacement for softwareinstallers
  7. 7. Package versioningA single dot can separate heaven from hell…
  8. 8. #1 – Semantic VersioningMajor Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting the APIPrerelease Alpha, Beta, …, RC1, RC2, …Build Time stamp, VCS metadata, …1 . 0 . 2 - alpha+ 2013.06.20.143010Read the full specification at http://semver.org/Major Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting the APIPrerelease Alpha, Beta, …, RC1, RC2, …Build Time stamp, VCS metadata, …Major Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting the APIPrerelease Alpha, Beta, …, RC1, RC2, …Build Time stamp, VCS metadata, …Major Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting the APIPrerelease Alpha, Beta, …, RC1, RC2, …Build Time stamp, VCS metadata, …Major Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting the APIPrerelease Alpha, Beta, …, RC1, RC2, …Build Time stamp, VCS metadata, …Major Breaking changesMinor Backwards compatible API additions/changesPatch Bugfixes not affecting the APIPrerelease Alpha, Beta, …, RC1, RC2, …Build Time stamp, VCS metadata, …
  9. 9. #1 – Semantic Versioning• NuGet versioning algorithm differs from SemVerSemVer NuGetv x SemVer Versioning Scheme major.minor.patch[-prerelease][+build]v v NuGet pre-release package major.minor.patch-prereleasev v NuGet release package major.minor.patchx v MSDN Versioning Scheme major.minor.build.revision[-prerelease]
  10. 10. #2 – Avoid 3-dots versioning schemes• Even though supported by NuGet– Not supported in SemVer– Not supported in combination with pre-release tag in patch… ergh.. buildnumber• Instead use 2-Dots SemVernotation• Optionally with pre-release tag
  11. 11. #3 – Maintain a smooth upgrade path• Don’t change Package ID along the way!–Your packages will get stuck–So will your consumers
  12. 12. #3 – Maintain a smooth upgrade path• Version Precedence– 1.0.1-alpha00001 < 1.0.1-alpha00256 < 1.0.1-alpha < 1.0.1– Question: Where does 1.0.1-alpha2 fit?MyGet.Core1.0.1-alpha00001MyGet.Core1.0.1-alphaMyGet.Core1.0.1MyGet.Core1.0.1-alpha00256…
  13. 13. #4 – The effects of tight coupling…• Small packages > large packages• Specific functionality > Multifunctional packages
  14. 14. Package repositoriesAs important as your VCS!
  15. 15. #5 – Package Restore• A package repository is for … packages– What’s a source repository for?• Impact of package restore– No more duplication of binaries– Less merge conflicts (no binary diff)– Maintain overview of consumed packages in single place– Less network I/O (NuGet cache)– Package source is now critical system (as is your source repository…)• Contra-argument: single point of failure– Good remark: now deal with it!– What if I’m disconnected from the package source(s)?
  16. 16. #6 – Split package repositories• Don’t pollute consumers’ repository with your internal DEV builds– MyGet.org is great at this: set up as many feeds as you want and promotepackages from one to another (including nuget.org!)MyGet.Core1.0.1-alpha00001MyGet.Core1.0.1-alphaMyGet.Core1.0.1MyGet.Core1.0.1-alpha00256…Different levels ofsupportDifferent audienceDifferent versioningschemeDifferent SLA?MyGet.Core1.0.1-alpha00001MyGet.Core1.0.1-alphaMyGet.Core1.0.1MyGet.Core1.0.1-alpha00256…
  17. 17. #7 – Once published, don’t delete packages• Breaks package restore!• Forces consumers to upgrade!• Using own NuGet server or fileshare?– Remove user permissions to delete!• Maintains upgrade path• Still available through packagerestore• Supported by NuGet.org andMyGet.org“Attempting to force a user to do something is both an exercise in futility and agreat way to guarantee that you have less users overall”- Rob Reynolds, creator of Chocolatey.org
  18. 18. #8 – Have a fallback repository• Backup consumed packages–Mirror them on MyGet.org–Download them• Especially when using Package Restore–From NuGet.org–From any external feed• Each consumer has local cache (incl. the buildserver!)–%LocalAppData%NuGetCache
  19. 19. Lessons learnedGeneral guidance & advise from the trenches…
  20. 20. #9 – Spot Binding Redirects• Mitigates potential risk for conflicts– During assembly resolution• Investigate why– Package versions not aligned?<configuration><runtime><assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"><dependentAssembly><assemblyIdentity name="myAssembly" publicKeyToken="32ab4ba45e0a69a1" culture="neutral" /><bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0"/></dependentAssembly></assemblyBinding></runtime></configuration>
  21. 21. #10 – Use Sample Package or Readme.txt• Don’t pollute your actual packages• Provide a readme.txt– If you can’t automate the manual instructions– If you want to have your consumers read some specific info– Automatically presented to consumer during installation• Use a sample package when appropriate– Separate package  Different package ID– Convention: {packageID}.Sample• SignalR  SignalR.Sample– Sample package depends on actual package you want to ship
  22. 22. #11 – Uninstall Should Leave No Traces• Obvious, but often neglected/forgotten– Be a good citizen• Uninstall reverses installation + any side-effects– Unless modifications happened• Uninstall– Any files copied (binaries, sources, content, scripts…)– Tools package: any system modifications (PowerShell modules,registry keys, environment variables…)
  23. 23. demoPackage sources, feeds, packages and their versions playingalong…Package Promotion
  24. 24. Q&A
  25. 25. Thanks!http://www.xavierdecoster.com@xavierdecosterCome get your MyGetstickers, you might get lucky!

×