NuGet Package Restore, Multiple Repositories, And CI Servers
In the old way, you right click on your solution in VS and choose Enable package restore. This causes VS to modify your csproj files, and create .nuget folder containing nuget.exe and some other files.
NuGet Package Restore, Multiple Repositories, and CI Servers
To authenticate to GitHub Packages with the dotnet command-line interface (CLI), create a nuget.config file in your project directory specifying GitHub Packages as a source under packageSources for the dotnet CLI client.
If you specify a RepositoryURL in your nuget.config file, the published package will automatically be connected to the specified repository. For more information, see "Publishing a package using a nuget.config file." For information on linking an already-published package to a repository, see "Connecting a repository to a package."
When publishing, you need to use the same value for OWNER in your csproj file that you use in your nuget.config authentication file. Specify or increment the version number in your .csproj file, then use the dotnet pack command to create a .nuspec file for that version. For more information on creating your package, see "Create and publish a package" in the Microsoft documentation.
To connect multiple packages to the same repository, you can include the same GitHub repository URL in the RepositoryURL fields in all .csproj project files. GitHub matches the repository based on that field.
Using packages from GitHub in your project is similar to using packages from nuget.org. Add your package dependencies to your .csproj file, specifying the package name and version. For more information on using a .csproj file in your project, see "Working with NuGet packages" in the Microsoft documentation.
If you're using a GITHUB_TOKEN to authenticate to a GitHub Packages registry within a GitHub Actions workflow, the token cannot access private repository-based packages in a different repository other than where the workflow is running in. To access packages associated with other repositories, instead generate a personal access token (classic) with the read:packages scope and pass this token in as a secret.
In my case there are multiple related projects in a git repo being packed and pushed together. Rather than duplicating package properties across project files, a common.props file supplies shared NuGet properties.
This may happen when true is set in packed project files or specified when packing. The default is .symbols.nupkg which may result in the same package getting pushed. While dotnet nuget push can skip duplicates, GPR cannot currently. One workaround is setting snupkg in the project file.
If you're like most other people, you don't like that solution, because it feels inefficient. And so what? Let's look at some numbers.The AutoFixture repository is 28.6 MB, and that's a pretty big code base (181,479 lines of code).
The Hyprlinkr repository is 32.2 MB.
The Albedo repository is 8.85 MB.
The ZeroToNine repository is 4.91 MB.
The sample code repository for my new Pluralsight course is 69.9 MB.
The repository for Grean's largest production application is 32.5 MB.
Last year I helped one of my clients build a big, scalable REST API. We had several repositories, of which the largest one takes up 95.3 MB on my disk.
All of these repositories contain NuGet packages, but keep in mind that even if we'd used Package Restore instead, these repositories wouldn't have been empty - they would still have taken up some space on disk.
The more moving parts you add to a system, the greater the risk of failure. If you use a Distributed Version Control System (DVCS) and keep all NuGet packages in the repository, you can work when you're off-line. With Package Restore, you've added a dependency on at least one package source.What happens if you have no network connection?
What happens if your package source (e.g. NuGet.org) is down?
You may think that this is unlikely to happen, but apparently, NuGet.org was down today:
NuGet itself is a nice system, and I often encourage organizations to adopt it for internal use. You may have reusable components that you want to share within your organization, but not with the whole world. In Grean, we have such components, and we use MyGet to host the packages. This is great, but if you use Package Restore, now you depend on multiple services (NuGet.org and MyGet.org) to be available at the same time.
My problem was that at first, I didn't understand what was wrong. Even though I store NuGet packages in my repositories, all of a sudden I got this error message. It turned out that this happened at the time when NuGet switched to enabling Package Restore by default, and I hadn't gotten around to disable it again.
When you wrote that post, NuGet package dependencies were specificed (in part) by packages.config files. Then came project.json. The Microsoft-recommened approach these days is PackageReference. The first approach caches the "restored" NuGet packages in the respository, but the latter two (as Peter said) only cache in a global location (namely %userprofile%\.nuget\packages). I expect that you are using the PackageReference approach now, is that correct?
Two core resource types make up CodeArtifact: domains and repositories. Domains provide an easy way manage multiple repositories within an organization. Repositories store packages and their assets. You can connect repositories to other CodeArtifact repositories, or popular public package repositories such as nuget.org, using upstream and external connections. For more information about these concepts, see AWS CodeArtifact Concepts.
We have shown you how to set up CodeArtifact in minutes and easily integrate it with NuGet. You can build and push your package faster, from hours or days to minutes. You can also integrate CodeArtifact directly in your Visual Studio environment with four simple steps. With CodeArtifact repositories, you inherit the durability and security posture from the underlying storage of CodeArtifact for your packages.
Izabel - when I removed the telerik package, everything resumed building successfully. It was the addition of the telerik nuget source that caused the issue. Nuget does not allow ordering, it can and will check all sources for a package regardless of if they host it or not. we are not blocking the telerik website, was able to get to the url when I rdp'd into the build server host. application in question is a mixed webforms/mvc .net 4.71 and .netstandard application, the particular package that triggered this error is a .netstandard class library.
The project websites at www.nuget.org and host tool downloads and detailed documentation as well as links to further resources and provide a repository and features to upload your open source NuGet packages. With the NuGet Gallery a repository of open source libraries and tools is available and the need for repository management arises.
The NuGet Gallery is the central repository used by all package authors and consumers. To reduce duplicate downloads and improve download speeds for your developers and CI servers, you should proxy the NuGet Gallery with the repository manager. If you use other external repositories, you should also proxy them as well.
Once you have set up your hosted and proxy repositories for NuGet packages, and potentially created a repository group, you can access them with the nuget tool on the command line. Copy the Package Source URL from the NuGet tab of the repository/group configuration you want to access and add it to nuget on the command line with e.g.:
Alternatively to manual uploads, the nuget command line tool allows you to deploy packages to a repository with the push command. The command requires you to use the API Key and the Package Source path. Both of them are available in the NuGet tab of the hosted NuGet repository to where you want to deploy. Using the delete command of nuget allows you to remove packages in a similar fashion. Further information about the command line tool is available in the on-line help.
A cache stores a hierarchy of files under a key. Use the cache to store data that makes your job faster, but, in the case of a cache miss or zero cache restore, the job still runs successfully. For example, you might cache NPM package directories (known as node_modules). The first time your job runs, it downloads all your dependencies, caches them, and (provided your cache is valid) the cache is used to speed up your job the next time it is run.
To do that, back in the Package Manager UI, switch over to the Updates tab, where you can see those packages included in your project for which a newer version is available in the selected repository, in our case nuget.org.
You can create a private access token (PAT) to access NuGet packages of a private NuGet feed in Azure DevOps. This token can be passed to the Dockerfile as a build argument and then inside the Dockerfile be added to the nuget.config file. This allows you to restore private NuGet packages locally and in your Azure DevOps pipeline without committing your secret PAT to source control.
This week we ran into a problem when we tried to restore Nuget packages inside a Docker container from several private Nuget feeds. To restore Nuget packages from a private feed, we used the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable and passed a Personal Access Token into the Dockerfile. This worked fine with packages from nuget.org and our private Nuget feed.
Since the authentication is not in the nuget.config file, we have to add it during the CI pipeline. To change the content of the file, we use stream editor sed inside the Dockerfile. We will replace the last tag of the nuget.config file, , with the packageSourceCredentials section. Inside this section, we provide a username and password. For both values, we provide our Personal Access Token.Additionally, we have to copy the nuget.config file inside the build container and provide the file path to the file during the dotnet restore command. The final code of the Dockerfile looks like this: