organize your chickens: nuget for the enterprise
DESCRIPTION
Managing software dependencies, whether those created in-house or from third parties can be a pain in the behind. Whether dependencies feel like wild chickens or people run around like chickens dealing with dependencies, the NuGet package manager can be a cure. Let us guide you to creating enterprise (chicken) NuGets and dealing with them in a structured, easy-to-maintain manner. From developer workstation to build server, NuGet tastes great! We'll provide you the dip sauce.TRANSCRIPT
Organize Your Chickens - NuGet for the EnterpriseMaarten Balliauw@maartenballiauwRealDolmen
NuGet for the Enterprise
Organize Your Chickens
Who am I?• Maarten Balliauw• Antwerp, Belgium• www.realdolmen.com • Focus on web
– ASP.NET, ASP.NET MVC, PHP, Azure, …– MVP Windows Azure (formerly ASP.NET)
• http://blog.maartenballiauw.be • @maartenballiauw • Author: Pro NuGet - http://amzn.to/pronuget
Agenda• NuGet• Scenarios– Host your own NuGet repository– Continuous Package Integration– Abusing NuGet– NuGet Inception
• Conclusion
Chickens?!
NuGet
Welcome to Dependency Hell“A term for the frustration of software users who have installed
software packages which have dependencies on specific
versions of other software packages.” (Wikipedia)
Cause and Effect• Reinventing the wheel
– We don’t need that dependency– “If they can do it, we can do it, but better” What happened to reuse of components?
• Marketing-Driven Versioning– People are waiting for v2 to buy– Let’s call it v4 Platform Update SP3 November Edition KB2348063 RTW
Refresh We lost ownership of AssemblyVersion ?
Package Management• NuGet to the Rescue!
• Simple concept– Find Packages– (Re)Use Packages– Produce Packages
“NuGet is a Visual Studio extension that makes it easy to install and update open source libraries and tools in Visual Studio.”
DEMOFinding & consuming a NuGet package
DEMOCreating & publishing a NuGet package
Semantic Versioning• Think about your versioning! (semver.org)
– Always specify lowerbound– Use a version range (lowerbound + upperbound) when
versioning of package you depend on is messed up
Major Breaking changes
Minor Backwards compatible API additions/changes
Patch Bugfixes not affecting the API
Hosting a repository
Hosting your own repository• NuGet = public feed– Privacy– Intellectual property
• NuGet maintained by package authors– Author removes v1.0.45 and you depend on it
Solutions• Folder / File share• NuGet.Server package• NuGet Gallery (or Orchard Gallery)• MyGet
DEMONuGet.Server
NuGet.Server limitations• Only 1 feed per installation• No UI– up to you to build it
• No granular security– only 1 API-key for entire feed
• Conclusion: requires you to develop if you want something more useful
Meet MyGet• www.myget.org• NaaS– Register and off you go!
• Supports Enterprise scenarios– Granular security– Package mirroring– Proxying
DEMOMyGet
Continuous Package Integration
Typical source control...• Contains /References (if you are lucky)– ...and also Project/_bin_deployable_assemblies
– ...and also /References/old– ...and also /..././../.././References
• Usually references GAC-ed assemblies
Dependencies• Software has dependencies. Deal with it.
• But are those YOUR intellectual property?– YOUR reason to build software?– YOUR product?
• No. They are dependencies. And they don’t belong in source control.
Continuous Package Integration• Can I get rid of all these referenced assemblies
duplicated all-over my source control system?Yes!
• Do I need to install and maintain NuGet on all my build agents?No!
DEMOPackage Restore
3rd parties don’t belong in your VCS• Replace them with NuGet packages• Do commit packages\repositories.config
file• Use Enable-PackageRestore
Problem!• NuGet feed is subject to change...– PackageSource msbuild property to the rescue(NuGet.settings.targets in $(SolutionDir)\.nuget folder)
• Now what...– Host your own feed and mirror packages– Or use MyGet for that
Organize your chickens• Feed structuring– Scoped by quality: Build, QA, Production, …– Scoped by audience: public, restricted access– Other: • Scoped by product version, milestone…• Scoped by target platform
Guidance• Publishing a package brings great
responsibility– Breaking changes in your packages should be
versioned accordingly!– Consumers might choose to no longer consume
any packages you published
Guidance• Package Integration ≠ Integration Testing– CI builds reflect output of source control input– Same input always produces same output
Do not auto-update packages during automated builds
Abusing NuGet
Abusing NuGet?Change of perspective
NuGet is a package managerNuGet is a protocol for distributing packages
NuGet as a Protocol
Automate deployments• Build results in .nupkg• Octopus deploys to its tentacles– Test tentacles– Staging tentacles– Production tentacles
• www.octopusdeploy.com
Chocolatey• NuGet– developer library packages
• Chocolatey– applications and tools packager– “yum” or “apt-get” for Windows
• www.chocolatey.org
DEMOChocolatey
DEMOContinuous Delivery
Build
Test
Package
Push
Release / Publish
Deploy
Continuous Delivery of the MyGet website using:
TeamCity NuGet MyGet Octopus
Dependencies & people are chickensDeal with them! NuGet can help
Set up your own NuGet repository
Continuous package integration
NuGet is a package managerNuGet is a protocol
Conclusion
THANK YOU!
http://blog.maartenballiauw.be@maartenballiauw
http://amzn.to/pronugetor Install-Package ProNuGet
#tdvs