this post was submitted on 03 Aug 2023
2 points (100.0% liked)
.NET
1465 readers
1 users here now
Getting started
Useful resources
IDEs and code editors
- Visual Studio (Windows/Mac)
- Rider (Windows/Mac/Linux)
- Visual Studio Code (Windows/Mac/Linux)
Tools
Rules
- Rule 1: Follow Lemmy rules
- Rule 2: Be excellent to each other, no hostility towards users for any reason
- Rule 3: No spam of tools/companies/advertisements
Related communities
Wikipedia pages
- .NET (open source & cross platform)
- .NET Framework (proprietary & Windows-only)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Azure Artifacts has been great for private stuff. Have you tried Github packages yet? Works well enough for public packages. I don't know what your use case is, but what prevents you from using nuget.org?
No. Thank you for the suggestion. We use Azure Devops, but I would expect it to have good integration with GitHub. But creating a public project in Azure Devops may make more sense (so that all packages are in one place).
The only thing is possible name collisions. I didn't start looking into this, but it is a possibility. Otherwise I think we will end up doing this.
Aah yes, naming collisions. I hadn't considered that. I'm curious what kind packages you want to make available to the public are also prone to naming collisions that can be solved by a namespace convention. Are you publishing libraries, applications, VS extensions or templates?
We are publishing libraries (mostly client libraries). There are lots of legacy stuff. It's safer to own the whole feed instead of pushing it to nuget.org and hoping for the best :)
I also use Azure Devops + GitHub - What kind of integration are you looking for? I have my source in Github, and use Azure as build server
If you're using Azure as the build server, you can also publish your Nugets into a private feed in Azure
Not really "looking for" it but what I meant was "pushing to GitHub packages from Azure Pipelines."
That's what we do at the moment for private feeds.
Wish I could upvote more than once. Azure artifacts has some fucky authentication requirements (cleartextpassword is the dumbest field I’ve ever heard of - especially since it’s not clear text or a password, it’s a base64ed PAT) but there’s plenty of first party support to make it less painful, and it’s a problem you only have to ‘fix’ once.
Our prior solution was verdaccio for NPM and a shared drive location for Nuget, and….well, it beats the tar out of either of those. Being able to see exactly what’s in the feed, when it got there, who put it there….all grade a stuff. Handling SSO and such seamlessly is nice too, and being able to scope access with tons of granularity….well it seems like a rake waiting to be stepped on, honestly, but if you need to manage access it seems like a big win.
Public feeds - yes. Why reinvent the wheel? Will be easier to find and use if it’s on nuget.org.
If OP’s goal is to be able to source control all the public packages that their projects use, for security or peace of mind purposes (or to make it the sole source of packages to avoid dependency injection/confusion attacks)…there’s actually a feature of Azure Artifacts where you can pull packages from an ‘upstream’ like nuget.org and host public packages in a private feed. It’s got a gui, and it’s pretty convenient as far as such things go.