Essentials on Azure DevOps Services

and GitHub
Conditions and Terms of Use
Microsoft Confidential

Copyright and Trademarks

© 2018 Microsoft Corporation. All rights reserved.

http://www.microsoft.com/en-us/legal/intellectualproperty/Permissions/default.aspx
Module 5: Azure Artifacts

Module Overview

Microsoft Confidential
Overview
• Package Management
• NuGet
• Azure Artifacts

Microsoft Confidential
Module 5: Azure Artifacts

Lesson 1: Package Management

Overview
• Development Pain Points
• Software Dependencies Concepts
• What is Dependency?
• Packaging
• Package Componentization
• Azure Artifacts

Microsoft Confidential
Development Pain Points
• Our small team grows into multiple teams
• Our codebase is growing
• We need to look into componentization
• Our teams need an effective way to share components

Microsoft Confidential
Software Dependencies Concepts
• Management
o Locating, installing, uninstalling, upgrading, versioning

• “DLL Hell” became infamous

• Version control challenges
• Reuse of frameworks, code
• Do you?
o Store compiled code in version control
o Duplicate components
o Have inefficient processes with managing dependencies

Microsoft Confidential
What is Dependency?
• Dependency is a relationship between two entities whereby one cannot perform some function – or exist –
without the other.
• Dependencies are modeled in graphs such as the one below using nodes and edges:

Microsoft Confidential
Packaging
• Packaging begins with the compiled code (assemblies), symbols, and/or other files that you want to
deliver as a package
• Independent from compiling or otherwise generating the files that go into the package, although you can
draw from information in a project file to keep the compiled assemblies and packages in sync

Microsoft Confidential
Package Componentization
• Addresses many of the challenges of referencing binaries
• Simplifies installation and maintenance of reusable components
• Efficient process for managing dependencies

Microsoft Confidential
Azure Artifacts
• Share and re-use code with packages
• Private, hosted, and authenticated feeds let you share, discover & maintain packages and dependencies
• Seamless integration with build and release management tools
• A friction-free way to bring in an open-source component to your enterprise
• NuGet, npm and Maven, Python packages

Microsoft Confidential
Lesson Knowledge Check
1. What is Azure Artifacts?
2. True/False: npm packages cannot be hosted with Azure Artifacts.

Microsoft Confidential
Lesson Summary
• In this lesson, you learned about:
o Development Pain Points
o Software Dependencies Concepts
o Dependency
o Packaging
o Package Componentization
o Azure Artifacts

Microsoft Confidential
Module 5: Azure Artifacts

Lesson 2: NuGet
Overview
• NuGet
• NuGet Process
• NuGet Tools
• Creating Packages
• Manifest File

Microsoft Confidential
NuGet
• An essential tool for any modern development platform is a mechanism through which developers can
create, share, and consume useful code. Often such code is bundled into "packages" that contain compiled
code (as DLLs) along with other content needed in the projects that consume these packages.
• NuGet provides the central nuget.org repository with support for private hosting.
• NuGet provides the tools developers need for creating, publishing, and consuming packages.
• Most importantly, NuGet maintains a reference list of packages used in a project and the ability to restore
and update those packages from that list.

Microsoft Confidential
NuGet Process

Microsoft Confidential
NuGet Tools
• NuGet.exe
• Dotnet CLI
• Package Manager Console
• Package Manager UI
• Manage NuGet UI
• MSBuild

Microsoft Confidential
Creating Packages
1. Create class library
2. Configure project properties. Set Assembly information
3. Compile in Release mode
4. Generate the initial manifest file with nuget spec
5. Edit the manifest and change licenseUrl, projectUrl, iconUrl, releaseNotes and tags
6. Run nuget pack from a command prompt in the folder where the .csproj is located
7. Publish the .nupkg file

Microsoft Confidential
Manifest File
• Describes the package's contents and is itself included in the package.
• Drives both the creation of the package and instructs NuGet on how to install the package into a project.
For example, the manifest identifies other package dependencies such that NuGet can also install those
dependencies when the main package is installed.
• Contains both required and optional properties.

Microsoft Confidential
Demo 1: NuGet
Lesson Knowledge Check
1. Name a few NuGet tools.
2. What is a Manifest file?

Microsoft Confidential
Lesson Summary
• In this lesson, you learned about:
o NuGet
o NuGet Process
o NuGet Tools
o Creating Packages
o Manifest File

Microsoft Confidential
Module 5: Azure Artifacts

Lesson 3: Azure Artifacts

Overview
• License
• Definitions
• Supported Package Types
• Feed Views
• Consuming Packages
• Upstream Sources
• Organizing Feeds
• Badges
• Auditing

Microsoft Confidential
License
• Azure Artifacts is required for each user that consumes packages from (e.g., nuget restore or npm install) or
produces packages to (e.g., nuget push or npm publish) Azure Artifacts feeds.
• Azure Artifacts is also required for each user that consumes or publishes symbols.
• License bundled with Visual Studio Enterprise subscription.
• Additional licenses can be purchased from Visual Studio Marketplace.

Microsoft Confidential
Definitions
• Azure Artifacts groups packages in feeds - what the NuGet client calls ''package sources.”
• Project-scoped feeds vs. Organization-scoped feeds
o Until recently, all feeds were scoped to an organization.
o Project-scoped feeds live inside the project that they were created in, and can only be seen when accessing the
Azure Artifacts hub within that project
o New organization will automatically have one feed scoped to the organization, and all subsequent feeds created
will be scoped to a project
o All existing organization-scoped feeds will remain organization-scoped

• Public feeds can be used to share your packages publicly, with anyone on the Internet; these users don't
have to be a member of your organization or enterprise, or even have an Azure DevOps account at all.
o Public feeds are project-scoped feeds that live inside a public project.

Microsoft Confidential
Definitions (continued)
• Views enable you to share subsets of the package-versions in your feed with consumers.
o A common use for views is to share package-versions that have been tested, validated, or deployed but hold back
packages still under development and packages that didn't meet a quality bar.
• Upstream sources enable you to use a single feed to store both the packages you produce and the
packages you consume from "remote feeds“ : both public feeds (e.g. npmjs.com and nuget.org) and
authenticated feeds (i.e. other Azure DevOps Services feeds in your organization or enterprise).

Microsoft Confidential 35
Supported Package Types
Package Type Components
NuGet .NET assemblies
Npm Node.js packages
Maven POM and JAR files
Python Python

Microsoft Confidential
Feed Views
• @local – contains all packages published directly to the feed (e.g. by nuget push or npm publish) and all
packages saved from upstream sources
• @prerelease – can be deleted or renamed to something you want
• @release - can be deleted or renamed to something you want

Microsoft Confidential
Consuming Packages

Microsoft Confidential
Upstream Sources
• Upstream sources enable you to use a single feed to store both the packages you produce and the
packages you consume from "remote feeds”
o Both public feeds (e.g. npmjs.com and nuget.org) and authenticated feeds (i.e. other Azure DevOps Services feeds
in your organization or enterprise)
• Upstream sources enable you to manage all of your product's dependencies in a single feed
• Configure upstream sources for Universal Packages
• Notifications for disabled upstream sources

Microsoft Confidential
Organizing Feeds
• Consider organizing feeds by:
o Product/Application/Service/APIs
o By Team/Department

Microsoft Confidential
Badges
• Share your packages anywhere you can share an image with badges
• Add a badge directly into your project's home page in Azure DevOps Services or in any
Markdown/README file so readers can easily discover and consume your package

Microsoft Confidential
Auditing
• Azure Artifacts feeds events are now available in the audit logs. These logs can be accessed
from Organization Settings -> Auditing.
• The following events are now available for feeds:
• Create, delete, or modify an organization or project-scoped feed
• Create, delete or modify a feed view
• Set or delete a package retention policy on any given feed
• Permissions changes

Microsoft Confidential 43
Demo 2: Azure Artifacts
Lesson Knowledge Check
1. Consuming package feed does not require a license (True/False)?
2. What are Upstream sources?

Microsoft Confidential
Lesson Summary
• In this lesson, you learned about:
o License
o Definitions
o Supported Package Types
o Feed Views
o Consuming Packages
o Upstream Sources
o Organizing Feeds
o Badges
o Auditing

Microsoft Confidential
Module Summary
• In this module, you learned about:
o Package Management
o NuGet
o Azure Artifacts

Microsoft Confidential
Lab: Azure Artifacts

Microsoft Confidential
Microsoft Confidential