using nu get the way you should svcc
DESCRIPTION
Using NuGet the way you should Consuming NuGet packages, that’s what everyone does. Open source projects create NuGet packages and post them on NuGet.org. Meanwhile, all of us are still working with shared projects and fighting relative paths, versioning and so on. In this talk, we’ll use Visual Studio, NuGet and TeamCity to work with NuGet the way you should. Project references must die! Add Package Reference and good continuous integration is everything you will ever need.TRANSCRIPT
Using NuGetthe way you shouldMaarten Balliauw@maartenballiauw
Who am I?
• Maarten Balliauw• Antwerp, Belgium• Developer Advocate, JetBrains• Founder, MyGet• AZUG• Focus on web• Big passion: Azure• http://blog.maartenballiauw.be • @maartenballiauw Shameless self promotion: Pro NuGet - http://amzn.to/pronuget2
Agenda
• NuGet• File | New Project…• The state of NuGet• Every project is a package• Creating packages• Distributing packages• Consuming packages
NuGet
A brief NuGet introduction...
• Package management system for .NET• Visual Studio extension, command line, console
• Simplifies incorporating 3rd party libraries• Developer focused• Free, open source
• Use packages from the official feed• Publish your own packages• Create & use your own feed
File | New Project...
DemoFile | New Project...
That was trouble!
•Dependencies on NuGet packages•Dependencies on projects•Dependencies on file system layout•Breaking changes in dependencies
Dependency hell
“Dependencies, also in real life, are trouble. Have you ever had to depend on a plumber showing up?”- Maarten Balliauw
Dependencies before NuGet
•Projects in solution•Reference in-house projects:
• Either the assemblies (typically unversioned / all 1.0.0.0)
• Either the actual project / linked files (unversioned by design)
•Reference third party assemblies (e.g. JSON.NET)
Dependencies with NuGet
•Projects in solution•Reference in-house projects:
• Either the assemblies (typically unversioned / all 1.0.0.0)• Either the actual project / linked files (unversioned by design)
•Reference third party packages (e.g. JSON.NET)• Semantic Versioning to announce breaking changes
(happy times as long as package authors respect that)
The state of NuGet
The state of NuGet
•We are consumers!• Even quite some overconsumption I dare say…
•We sort of know about Semantic Versioning• If the mayor version changes, we’re doomed
•Are we producing?• Some are, e.g. OSS and some companies
•Did we solve our dependency issues?
Where are we, 3 years in?
.NET is late to the party!
•Others have been doing package management for decades• Perl (CPAN.org)• Linux (RPM/YUM/APT-GET/...)• PHP (PEAR, Composer)• Node (npm)• Ruby (Gems)
•We can learn a great deal from these!
What are the others doing?{ "name" : "IniTech.Framework.Formatters", "version" : "1.0.0 ", "author" : "Maarten Balliauw", "bugs" : { "url" : "https://github.com/initech/framework-formatters/issues" }, "description" : "Formatters specific to the IniTech organization.", "homepage" : "https://github.com/initech/framework-formatters", "keywords" : [ "framework", "formatters", "initech" ], "license" : "Proprietary", "main" : "index.js", "repository" : { "type" : "git", "url" : "https://github.com/initech/framework-formatters" }, "scripts" : { "test" : "echo \"Error: no test specified\" && exit 1" }, "dependencies" : { "date-format" : "0.0.2", "format" : "~0.2.1", "moment" : "~2.5.1" }}
What are the others doing?
•Name and version of the project•Dependencies (and version range) of the project
•Every project is a package!• It can have dependencies• It can be depended on
What was in that package.json?
Every project is a package
Supporting componentization
•Every project is a package• Clearly identifyable• Proper Semantic Versioning
•Every project becomes discoverable• Nice description, release notes, ...• Add it to a private feed so developers can find it
•Dependencies (can) stay out of source control•Dependencies are versioned
But… NuGet only has packages.config!
•Nodejs: packages.json•Composer (PHP): composer.json•NuGet:
• packages.config: dependencies• <projectname>.nuspec: package description• NuGet.config: other settings• It’s 2-3 files in our world, but it is all there.
•Let’s become producers!
Creating packages
All we need is one file
•XML file which can be generated• nuget.exe spec• Install-Package NuSpec && Install-Nuspec
•Run nuget.exe pack to create package
<projectname>.nuspec
DemoCreating packages
Think about versioning!
• www.semver.org
• SemVer states intentions• It’s the only way toavoid dependencyversioning hell.But not bullet-proof.
Enforce Explicit Semantic Versioning
Major Breaking changes
Minor Backwards compatible changese.g. API additions
Patch Bugfixes not affecting the API<dependency id="ExamplePackage" version="1.3.2" />
1.0 = 1.0 ≤ x(,1.0] = x ≤ 1.0(,1.0) = x < 1.0[1.0] = x == 1.0(1.0) = invalid(1.0,) = 1.0 < x(1.0,2.0) = 1.0 < x < 2.0[1.0,2.0] = 1.0 ≤ x ≤ 2.0empty = latest version
Distributing packages
Which medium?
• In source control (please don’t)
• Local / network folder (slow > ~50 packages)
• NuGet.Server (slow > ~50 packages)
• NuGet Gallery (clone of www.nuget.org)• MyGet (www.myget.org, SaaS) • ProGet (www.inedo.com/proget)• TeamCity NuGet artifacts (www.jetbrains.com/teamcity)• Sonatype (www.sonatype.com/nexus) • Artifactory (www.jfrog.com)
We will need a “package source” or feed
How do they get there?
•Manual upload•As part of our continuous integration process• All benefits of CI (e.g. testing)• Plus reporting on which packages we are using• Plus publishing packages for consumption
DemoContinuous Integration& Distributing Packages with TeamCity
What did we just see?
•Creating packages using .nuspec•NuGet configuration inheritance•Continuous Integration on TeamCity
• How to run package restore• How to build a package• How to see packages that are being used
•How to consume a package
NuGet configuration inheritance
•Make settings common to projects!• NuGet walks up the directory tree to find NuGet.config files
•Or even push them to developer machines• %AppData%\NuGet\NuGet.config• %ProgramData%\NuGet\Config\*.config• ...
•See http://bit.ly/nuget-config-inheritance •Configure feeds, proxy, credentials, ...
More recommendations…
•Don’t just update blindly• Not everyone respects SemVer…• It would take us back to the original problem
•Don’t autoupdate during builds• Continuous Integration: Same Input = Same Output• Be explicit about versioning
Deploying from NuGet packages
•Using a simple, handcrafted script•Using a tool like OctopusDeploy.com
• Which is even cooler combined with Chocolatey.org
•TeamCity supports various ways of deploying (e.g. WebDeploy)
DemoDeploying packaged applicationswith a handcrafted script
Considerations
•TeamCity internal NuGet feed• Only build artifacts
• No way to add external packages that are being used• May not be a problem for your setup
• But maybe it is: a feed is much like source control for dependencies
• Add dependencies that are being used, NuGet.org, component vendors, ...
• If it is, create your own feed, e.g. MyGet.org
Create a package source / feed
•That’s a cool library! And that one too!• Avoid overconsumption by limiting packages• May not block developers but at least the build will fail
•Your own feed will only contain packages you know• Keep versions under control• Keep licensing under control• Easy way to audit external packages in use
For your team or the entire organization
DemoPushing packages from TeamCity
But I’m using NuGet. It’s broken!!!
•Tied to Visual Studio•Merging sucks (XML merge, yuck!)•Updating fails often•Disk space pollution•Project re-targeting•Pessimistic package version picker / fixed versions
http://blog.nuget.org/20141010/nuget-is-broken.html
DemoASP.NET vNext approach is the way forward!
Conclusions
Conclusions
• NuGet• File | New Project…• The state of NuGet• Every project is a package• Creating packages• Distributing packages• Consuming packages
What have we learned?
“Project references must die. Embrace NuGet by consuming and creating packages. It’s a logical evolution.”- Maarten Balliauw
Thank you!http://blog.maartenballiauw.be@maartenballiauwhttp://amzn.to/pronuget2