SlideShare a Scribd company logo

NuGet (anti-)patterns - Tales from the Trenches

Xavier Decoster
Xavier Decoster

Xavier Decoster discusses NuGet package versioning, repositories, and lessons learned. He covers semantic versioning, maintaining a smooth upgrade path, splitting package repositories, not deleting packages once published, and having fallback repositories. Decoster also discusses binding redirects, sample packages, uninstalling packages completely, and package promotion between repositories.

Technology
1 of 25
#comdaybe NuGet (Anti-)Patterns: Tales from the Trenches Xavier Decoster
Who am I? Xavier Decoster Founder of MyGet.org NuGet contributor Author of Pro NuGet MEET member http://www.xavierdecoster.com @xavierdecoster
In this session
Agenda • What is NuGet (not) • Package versioning • Package repositories • Lessons learned
What is NuGet? • Solution-level Package Management for .NET • Tools: – NuGet.Core – NuGet.exe – NuGet Gallery (nuget.org) – NuGet-Based Microsoft Package Manager • Your new search engine!
What is NuGet not? • Perfect • Tool that magically fixes all your problems • Replacement for software installers
Package versioning A single dot can separate heaven from hell…
#1 – Semantic Versioning Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … 1 . 0 . 2 - alph a + 2013.06.20.143010 Read the full specification at http://semver.org/ Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, …
#1 – Semantic Versioning • NuGet versioning algorithm differs from SemVer SemVer NuGet v x SemVer Versioning Scheme major.minor.patch[-prerelease][+build] v v NuGet pre-release package major.minor.patch-prerelease v v NuGet release package major.minor.patch x v MSDN Versioning Scheme major.minor.build.revision[-prerelease]
#2 – Avoid 3-dots versioning schemes • Even though supported by NuGet – Not supported in SemVer – Not supported in combination with pre- release tag in patch… ergh.. build number • Instead use 2-Dots SemVer notation • Optionally with pre-release tag
#3 – Maintain a smooth upgrade path • Don’t change Package ID along the way! –Your packages will get stuck –So will your consumers
#3 – Maintain a smooth upgrade path • Version Precedence – 1.0.1-alpha00001 < 1.0.1-alpha00256 < 1.0.1-alpha < 1.0.1 – Question: Where does 1.0.1-alpha2 fit? MyGet.Core 1.0.1-alpha00001 MyGet.Core 1.0.1-alpha MyGet.Core 1.0.1 MyGet.Core 1.0.1-alpha00256 …
#4 – The effects of tight coupling… • Small packages > large packages • Specific functionality > Multifunctional packages
Package repositories As important as your VCS!
#5 – Package Restore • A package repository is for … packages – What’s a source repository for? • Impact of package restore – No more duplication of binaries – Less merge conflicts (no binary diff) – Maintain overview of consumed packages in single place – Less network I/O (NuGet cache) – Package source is now critical system (as is your source repository…) • Contra-argument: single point of failure – Good remark: now deal with it! – What if I’m disconnected from the package source(s)?
#6 – Split package repositories • Don’t pollute consumers’ repository with your internal DEV builds – MyGet.org is great at this: set up as many feeds as you want and promote packages from one to another (including nuget.org!) MyGet.Core 1.0.1-alpha00001 MyGet.Core 1.0.1-alpha MyGet.Core 1.0.1 MyGet.Core 1.0.1-alpha00256 … Different levels of support Different audience Different versioning scheme Different SLA? MyGet.Core 1.0.1-alpha00001 MyGet.Core 1.0.1-alpha MyGet.Core 1.0.1 MyGet.Core 1.0.1-alpha00256 …
#7 – Once published, don’t delete packages • Breaks package restore! • Forces consumers to upgrade! • Using own NuGet server or file share? – Remove user permissions to delete! • Maintains upgrade path • Still available through package restore • Supported by NuGet.org and MyGet.org “Attempting to force a user to do something is both an exercise in futility and a great way to guarantee that you have less users overall” - Rob Reynolds, creator of Chocolatey.org
#8 – Have a fallback repository • Backup consumed packages –Mirror them on MyGet.org –Download them • Especially when using Package Restore –From NuGet.org –From any external feed • Each consumer has local cache (incl. the build server!) –%LocalAppData%NuGetCache
Lessons learned General guidance & advise from the trenches…
#9 – Spot Binding Redirects • Mitigates potential risk for conflicts – During assembly resolution • Investigate why – Package versions not aligned? <configuration> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="myAssembly" publicKeyToken="32ab4ba45e0a69a1" culture="neutral" /> <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0"/> </dependentAssembly> </assemblyBinding> </runtime> </configuration>
#10 – Use Sample Package or Readme.txt • Don’t pollute your actual packages • Provide a readme.txt – If you can’t automate the manual instructions – If you want to have your consumers read some specific info – Automatically presented to consumer during installation • Use a sample package when appropriate – Separate package  Different package ID – Convention: {packageID}.Sample • SignalR  SignalR.Sample – Sample package depends on actual package you want to ship
#11 – Uninstall Should Leave No Traces • Obvious, but often neglected/forgotten – Be a good citizen • Uninstall reverses installation + any side-effects – Unless modifications happened • Uninstall – Any files copied (binaries, sources, content, scripts…) – Tools package: any system modifications (PowerShell modules, registry keys, environment variables…)
demo Package sources, feeds, packages and their versions playing along… Package Promotion
Q&A
Thanks! http://www.xavierdecoster.com @xavierdecoster Come get your MyGet stickers, you might get lucky! 

Recommended

Intro to NuGet
Intro to NuGetIntro to NuGet
Intro to NuGet
wlscaudill
 
Understanding NuGet implementation for Enterprises
Understanding NuGet implementation for EnterprisesUnderstanding NuGet implementation for Enterprises
Understanding NuGet implementation for Enterprises
J S Jodha
 
Developing NuGet
Developing NuGetDeveloping NuGet
Developing NuGet
Jeff Handley
 
Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014
Maarten Balliauw
 
2011 - Dotnet Information Day: NUGET
2011 - Dotnet Information Day: NUGET2011 - Dotnet Information Day: NUGET
2011 - Dotnet Information Day: NUGET
Daniel Fisher
 
Using Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and JenkinsUsing Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and Jenkins
Micael Gallego
 
Organize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterpriseOrganize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterprise
Maarten Balliauw
 
Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...
Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...
Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...
Ajith Ramawickrama
 

Recommended

Intro to NuGet
Intro to NuGetIntro to NuGet
Intro to NuGet
wlscaudill
 
Understanding NuGet implementation for Enterprises
Understanding NuGet implementation for EnterprisesUnderstanding NuGet implementation for Enterprises
Understanding NuGet implementation for Enterprises
J S Jodha
 
Developing NuGet
Developing NuGetDeveloping NuGet
Developing NuGet
Jeff Handley
 
Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014Using NuGet the way you should - TechDays NL 2014
Using NuGet the way you should - TechDays NL 2014
Maarten Balliauw
 
2011 - Dotnet Information Day: NUGET
2011 - Dotnet Information Day: NUGET2011 - Dotnet Information Day: NUGET
2011 - Dotnet Information Day: NUGET
Daniel Fisher
 
Using Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and JenkinsUsing Docker to build and test in your laptop and Jenkins
Using Docker to build and test in your laptop and Jenkins
Micael Gallego
 
Organize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterpriseOrganize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterprise
Maarten Balliauw
 
Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...
Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...
Install .Net Core, SQL Server V-Next on Linux and deploy .Net core applicatio...
Ajith Ramawickrama
 
TechDay - Cambridge 2016 - OpenNebula at Knight Point Systems
TechDay - Cambridge 2016 - OpenNebula at Knight Point SystemsTechDay - Cambridge 2016 - OpenNebula at Knight Point Systems
TechDay - Cambridge 2016 - OpenNebula at Knight Point Systems
OpenNebula Project
 
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic UsageOpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebula Project
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 
L'affaire CentOS
L'affaire CentOSL'affaire CentOS
L'affaire CentOS
SUSE
 
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
Ian Choi
 
Dockerized tests with dockerized jenkins
Dockerized tests with dockerized jenkinsDockerized tests with dockerized jenkins
Dockerized tests with dockerized jenkins
Fernando Valverde
 
OpenNebula TechDay Boston 2015 - installing and basic usage
OpenNebula TechDay Boston 2015 - installing and basic usageOpenNebula TechDay Boston 2015 - installing and basic usage
OpenNebula TechDay Boston 2015 - installing and basic usage
OpenNebula Project
 
Enabling new client operating systems in Uyuni. AlmaLinux as an example.
Enabling new client operating systems in Uyuni. AlmaLinux as an example.Enabling new client operating systems in Uyuni. AlmaLinux as an example.
Enabling new client operating systems in Uyuni. AlmaLinux as an example.
Uyuni Project
 
DevOps: Cooking Drupal Deployment
DevOps: Cooking Drupal DeploymentDevOps: Cooking Drupal Deployment
DevOps: Cooking Drupal Deployment
Gerald Villorente
 
OpenStack: running manually installed components on VirtualBox
OpenStack: running manually installed components on VirtualBoxOpenStack: running manually installed components on VirtualBox
OpenStack: running manually installed components on VirtualBox
Ian Choi
 
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebula Project
 
How to master OpenStack in 2 hours
How to master OpenStack in 2 hoursHow to master OpenStack in 2 hours
How to master OpenStack in 2 hours
OpenCity Community
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperations
Luca Mazzaferro
 
Linux Distribution Automated Testing
Linux Distribution Automated Testing Linux Distribution Automated Testing
Linux Distribution Automated Testing
Aleksander Baranowski
 
The Ring programming language version 1.8 book - Part 85 of 202
The Ring programming language version 1.8 book - Part 85 of 202The Ring programming language version 1.8 book - Part 85 of 202
The Ring programming language version 1.8 book - Part 85 of 202
Mahmoud Samir Fayed
 
Uyuni Community Hours 27.11.2020
Uyuni Community Hours 27.11.2020Uyuni Community Hours 27.11.2020
Uyuni Community Hours 27.11.2020
Uyuni Project
 
Build server
Build serverBuild server
Build server
Christophe Vanlancker
 
OpenNebula - Key Aspects in CentOS
OpenNebula - Key Aspects in CentOSOpenNebula - Key Aspects in CentOS
OpenNebula - Key Aspects in CentOS
OpenNebula Project
 
Docker installation
Docker installationDocker installation
Docker installation
Mohammadreza Amini
 
Minimal OpenStack LinuxCon NA 2015
Minimal OpenStack LinuxCon NA 2015Minimal OpenStack LinuxCon NA 2015
Minimal OpenStack LinuxCon NA 2015
Sean Dague
 
Using nu get the way you should svcc
Using nu get the way you should svccUsing nu get the way you should svcc
Using nu get the way you should svcc
Maarten Balliauw
 
Organize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterpriseOrganize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterprise
Maarten Balliauw
 

More Related Content

What's hot

OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic UsageOpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebula Project
 
OpenStack: running manually installed components on VirtualBox
OpenStack: running manually installed components on VirtualBoxOpenStack: running manually installed components on VirtualBox
OpenStack: running manually installed components on VirtualBox
Ian Choi
 
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebula Project
 

What's hot (20)

TechDay - Cambridge 2016 - OpenNebula at Knight Point Systems
TechDay - Cambridge 2016 - OpenNebula at Knight Point SystemsTechDay - Cambridge 2016 - OpenNebula at Knight Point Systems
TechDay - Cambridge 2016 - OpenNebula at Knight Point Systems
 
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic UsageOpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
OpenNebulaConf 2013 - Hands-on Tutorial: 2. Installing and Basic Usage
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
L'affaire CentOS
L'affaire CentOSL'affaire CentOS
L'affaire CentOS
 
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
OpenStack : DevStack installation using VirtualBox & Ubnutu (Juno with Neutron)
 
Dockerized tests with dockerized jenkins
Dockerized tests with dockerized jenkinsDockerized tests with dockerized jenkins
Dockerized tests with dockerized jenkins
 
OpenNebula TechDay Boston 2015 - installing and basic usage
OpenNebula TechDay Boston 2015 - installing and basic usageOpenNebula TechDay Boston 2015 - installing and basic usage
OpenNebula TechDay Boston 2015 - installing and basic usage
 
Enabling new client operating systems in Uyuni. AlmaLinux as an example.
Enabling new client operating systems in Uyuni. AlmaLinux as an example.Enabling new client operating systems in Uyuni. AlmaLinux as an example.
Enabling new client operating systems in Uyuni. AlmaLinux as an example.
 
DevOps: Cooking Drupal Deployment
DevOps: Cooking Drupal DeploymentDevOps: Cooking Drupal Deployment
DevOps: Cooking Drupal Deployment
 
OpenStack: running manually installed components on VirtualBox
OpenStack: running manually installed components on VirtualBoxOpenStack: running manually installed components on VirtualBox
OpenStack: running manually installed components on VirtualBox
 
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alf...
 
How to master OpenStack in 2 hours
How to master OpenStack in 2 hoursHow to master OpenStack in 2 hours
How to master OpenStack in 2 hours
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperations
 
Linux Distribution Automated Testing
Linux Distribution Automated Testing Linux Distribution Automated Testing
Linux Distribution Automated Testing
 
The Ring programming language version 1.8 book - Part 85 of 202
The Ring programming language version 1.8 book - Part 85 of 202The Ring programming language version 1.8 book - Part 85 of 202
The Ring programming language version 1.8 book - Part 85 of 202
 
Uyuni Community Hours 27.11.2020
Uyuni Community Hours 27.11.2020Uyuni Community Hours 27.11.2020
Uyuni Community Hours 27.11.2020
 
Build server
Build serverBuild server
Build server
 
OpenNebula - Key Aspects in CentOS
OpenNebula - Key Aspects in CentOSOpenNebula - Key Aspects in CentOS
OpenNebula - Key Aspects in CentOS
 
Docker installation
Docker installationDocker installation
Docker installation
 
Minimal OpenStack LinuxCon NA 2015
Minimal OpenStack LinuxCon NA 2015Minimal OpenStack LinuxCon NA 2015
Minimal OpenStack LinuxCon NA 2015
 

Similar to NuGet (anti-)patterns - Tales from the Trenches

Visug - organize your chickens - nuget for the enterprise
Visug - organize your chickens - nuget for the enterpriseVisug - organize your chickens - nuget for the enterprise
Visug - organize your chickens - nuget for the enterprise
Xavier Decoster
 
NuGet (Anti-)Patterns - Tales from the Trenches
NuGet (Anti-)Patterns - Tales from the TrenchesNuGet (Anti-)Patterns - Tales from the Trenches
NuGet (Anti-)Patterns - Tales from the Trenches
Xavier Decoster
 
Building an OpenMRS Distribution - Lessons from KenyaEMR
Building an OpenMRS Distribution - Lessons from KenyaEMRBuilding an OpenMRS Distribution - Lessons from KenyaEMR
Building an OpenMRS Distribution - Lessons from KenyaEMR
rowanseymour
 
Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...
Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...
Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...
Suthep Sangvirotjanaphat
 
JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...
JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...
JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...
GeeksLab Odessa
 

Similar to NuGet (anti-)patterns - Tales from the Trenches (20)

Using nu get the way you should svcc
Using nu get the way you should svccUsing nu get the way you should svcc
Using nu get the way you should svcc
 
Organize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterpriseOrganize your chickens: NuGet for the enterprise
Organize your chickens: NuGet for the enterprise
 
Controlling Component Chaos with NuGet and Versioning
Controlling Component Chaos with NuGet and VersioningControlling Component Chaos with NuGet and Versioning
Controlling Component Chaos with NuGet and Versioning
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at Scale
 
Visug - organize your chickens - nuget for the enterprise
Visug - organize your chickens - nuget for the enterpriseVisug - organize your chickens - nuget for the enterprise
Visug - organize your chickens - nuget for the enterprise
 
NuGet (Anti-)Patterns - Tales from the Trenches
NuGet (Anti-)Patterns - Tales from the TrenchesNuGet (Anti-)Patterns - Tales from the Trenches
NuGet (Anti-)Patterns - Tales from the Trenches
 
Release management with NuGet/Chocolatey/JIRA
Release management with NuGet/Chocolatey/JIRARelease management with NuGet/Chocolatey/JIRA
Release management with NuGet/Chocolatey/JIRA
 
Building an OpenMRS Distribution - Lessons from KenyaEMR
Building an OpenMRS Distribution - Lessons from KenyaEMRBuilding an OpenMRS Distribution - Lessons from KenyaEMR
Building an OpenMRS Distribution - Lessons from KenyaEMR
 
Tuscany : Applying OSGi After The Fact
Tuscany : Applying OSGi After The FactTuscany : Applying OSGi After The Fact
Tuscany : Applying OSGi After The Fact
 
NuGet Packages Presentation (DoT NeT).pptx
NuGet Packages Presentation (DoT NeT).pptxNuGet Packages Presentation (DoT NeT).pptx
NuGet Packages Presentation (DoT NeT).pptx
 
Magento 2 Workflows
Magento 2 WorkflowsMagento 2 Workflows
Magento 2 Workflows
 
4 maven junit
4 maven junit4 maven junit
4 maven junit
 
Kernel Recipes 2014 - Advanced Quilt
Kernel Recipes 2014 - Advanced QuiltKernel Recipes 2014 - Advanced Quilt
Kernel Recipes 2014 - Advanced Quilt
 
Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...
Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...
Mvc dev rocks 00 apr 26, 2014 - creating and using nu get in your own house...
 
Evolution of NuGet
Evolution of NuGetEvolution of NuGet
Evolution of NuGet
 
Node Summit 2016: Building your DevOps for Node.js
Node Summit 2016: Building your DevOps for Node.jsNode Summit 2016: Building your DevOps for Node.js
Node Summit 2016: Building your DevOps for Node.js
 
Development Environment Tips
Development Environment TipsDevelopment Environment Tips
Development Environment Tips
 
Java User Group Cologne
Java User Group CologneJava User Group Cologne
Java User Group Cologne
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack Summit
 
JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...
JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...
JS Lab2017_Андрей Кучеренко _Разработка мультипакетных приложения: причины, с...
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

NuGet (anti-)patterns - Tales from the Trenches

  • 1. #comdaybe NuGet (Anti-)Patterns: Tales from the Trenches Xavier Decoster
  • 2. Who am I? Xavier Decoster Founder of MyGet.org NuGet contributor Author of Pro NuGet MEET member http://www.xavierdecoster.com @xavierdecoster
  • 4. Agenda • What is NuGet (not) • Package versioning • Package repositories • Lessons learned
  • 5. What is NuGet? • Solution-level Package Management for .NET • Tools: – NuGet.Core – NuGet.exe – NuGet Gallery (nuget.org) – NuGet-Based Microsoft Package Manager • Your new search engine!
  • 6. What is NuGet not? • Perfect • Tool that magically fixes all your problems • Replacement for software installers
  • 7. Package versioning A single dot can separate heaven from hell…
  • 8. #1 – Semantic Versioning Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … 1 . 0 . 2 - alph a + 2013.06.20.143010 Read the full specification at http://semver.org/ Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, … Major Breaking changes Minor Backwards compatible API additions/changes Patch Bugfixes not affecting the API Prerelease Alpha, Beta, …, RC1, RC2, … Build Time stamp, VCS metadata, …
  • 9. #1 – Semantic Versioning • NuGet versioning algorithm differs from SemVer SemVer NuGet v x SemVer Versioning Scheme major.minor.patch[-prerelease][+build] v v NuGet pre-release package major.minor.patch-prerelease v v NuGet release package major.minor.patch x v MSDN Versioning Scheme major.minor.build.revision[-prerelease]
  • 10. #2 – Avoid 3-dots versioning schemes • Even though supported by NuGet – Not supported in SemVer – Not supported in combination with pre- release tag in patch… ergh.. build number • Instead use 2-Dots SemVer notation • Optionally with pre-release tag
  • 11. #3 – Maintain a smooth upgrade path • Don’t change Package ID along the way! –Your packages will get stuck –So will your consumers
  • 12. #3 – Maintain a smooth upgrade path • Version Precedence – 1.0.1-alpha00001 < 1.0.1-alpha00256 < 1.0.1-alpha < 1.0.1 – Question: Where does 1.0.1-alpha2 fit? MyGet.Core 1.0.1-alpha00001 MyGet.Core 1.0.1-alpha MyGet.Core 1.0.1 MyGet.Core 1.0.1-alpha00256 …
  • 13. #4 – The effects of tight coupling… • Small packages > large packages • Specific functionality > Multifunctional packages
  • 15. #5 – Package Restore • A package repository is for … packages – What’s a source repository for? • Impact of package restore – No more duplication of binaries – Less merge conflicts (no binary diff) – Maintain overview of consumed packages in single place – Less network I/O (NuGet cache) – Package source is now critical system (as is your source repository…) • Contra-argument: single point of failure – Good remark: now deal with it! – What if I’m disconnected from the package source(s)?
  • 16. #6 – Split package repositories • Don’t pollute consumers’ repository with your internal DEV builds – MyGet.org is great at this: set up as many feeds as you want and promote packages from one to another (including nuget.org!) MyGet.Core 1.0.1-alpha00001 MyGet.Core 1.0.1-alpha MyGet.Core 1.0.1 MyGet.Core 1.0.1-alpha00256 … Different levels of support Different audience Different versioning scheme Different SLA? MyGet.Core 1.0.1-alpha00001 MyGet.Core 1.0.1-alpha MyGet.Core 1.0.1 MyGet.Core 1.0.1-alpha00256 …
  • 17. #7 – Once published, don’t delete packages • Breaks package restore! • Forces consumers to upgrade! • Using own NuGet server or file share? – Remove user permissions to delete! • Maintains upgrade path • Still available through package restore • Supported by NuGet.org and MyGet.org “Attempting to force a user to do something is both an exercise in futility and a great way to guarantee that you have less users overall” - Rob Reynolds, creator of Chocolatey.org
  • 18. #8 – Have a fallback repository • Backup consumed packages –Mirror them on MyGet.org –Download them • Especially when using Package Restore –From NuGet.org –From any external feed • Each consumer has local cache (incl. the build server!) –%LocalAppData%NuGetCache
  • 19. Lessons learned General guidance & advise from the trenches…
  • 20. #9 – Spot Binding Redirects • Mitigates potential risk for conflicts – During assembly resolution • Investigate why – Package versions not aligned? <configuration> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="myAssembly" publicKeyToken="32ab4ba45e0a69a1" culture="neutral" /> <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0"/> </dependentAssembly> </assemblyBinding> </runtime> </configuration>
  • 21. #10 – Use Sample Package or Readme.txt • Don’t pollute your actual packages • Provide a readme.txt – If you can’t automate the manual instructions – If you want to have your consumers read some specific info – Automatically presented to consumer during installation • Use a sample package when appropriate – Separate package  Different package ID – Convention: {packageID}.Sample • SignalR  SignalR.Sample – Sample package depends on actual package you want to ship
  • 22. #11 – Uninstall Should Leave No Traces • Obvious, but often neglected/forgotten – Be a good citizen • Uninstall reverses installation + any side-effects – Unless modifications happened • Uninstall – Any files copied (binaries, sources, content, scripts…) – Tools package: any system modifications (PowerShell modules, registry keys, environment variables…)
  • 23. demo Package sources, feeds, packages and their versions playing along… Package Promotion
  • 24. Q&A

Editor's Notes

  1. As a developer, we allhate friction. It’s the thingthatannoysus the most in ourday-to-day job. Low bandwidth, slow builds, mergeconflicts, anddependencyconflicts, justto name a few.The introduction of a package manager into the .NET world has been one of the most excitingthings in years: every decent programming stack has a package management system to deal withdependencies. NuGet has been aroundfor over 2 years, andmanydevelopersand open source projects have found there way towards the NuGet Gallery. However, whenitcomestousing NuGet in the organizationyouquicklyfind a lack of strategy. I oftenfind a situationwhich is “grownorganically”, causing more problemsthanitsolves. Andthentheyfindthemselvesquitefrustrated.
  2. Thissession is goingto cover some common pitfalls in terms of package versioning. I’llalsohighlight the importance of package repositoriesand share a few lessonslearnedalong the way.
  3. Package versioning is almost the first instant roadblockwhenyou start creating NuGet packages.A single dot can separate youfromdependencyhell or a smooth package management experience.The package version is also part of the combinedkeythatmakes a NuGet package unique: the package ID and the package Version.
  4. This is not a new or revolutionary idea. In fact, you probably do something close to this already. The problem is that &quot;close&quot; isn&apos;t good enough. Without compliance to some sort of formal specification, version numbers are essentially useless for dependency management. By giving a name and clear definition to the above ideas, it becomes easy to communicate your intentions to the users of your software. Once these intentions are clear, flexible (but not too flexible) dependency specifications can finally be made.
  5. DEMO: package restoreDisable internet connectivityand show how the cache canbeused as a fallbackExplain a fallbackrepositoryshouldbemaintainedifusingprimarilyexternal package sources