6. Welcome to Dependency Hell
“A term for the frustration of software users who have installed
software packages which have dependencies on specific
versions of other software packages.”
Source: Wikipedia
www.visug.be
7. Cause and Effect
• Reinventing the wheel
– We don’t need that dependency
– “If they can do it, we can do it, but better”
What happened to reuse of components?
• Marketing does the versioning
– People are waiting for v2 to buy
– Let’s call it v4 Platform Update SP3 November
Edition KB2348063 RTW Refresh
We lost ownership of AssemblyVersion ?
www.visug.be
8. Package Management
• NuGet to the Rescue!
“NuGet is a Visual Studio extension that makes it easy to install
and update open source libraries and tools in Visual Studio.”
• Simple concept
– Find Packages
– (Re)Use Packages
– Produce Packages
www.visug.be
9. Semantic Versioning
• Think about your versioning! (semver.org)
Major Breaking changes
Minor Backwards compatible API
additions/changes
Patch Bugfixes not affecting the
API
– Always specify lowerbound
– Use a version range (lowerbound +
upperbound) when versioning of package you
depend on is messed up
www.visug.be
10. Advanced usage scenarios
• Host your own NuGet repository
• Continuous (Package) Integration
• (Ab)using NuGet
www.visug.be
12. Hosting your own repository
• NuGet = public feed
– Privacy
– Intellectual property
• NuGet maintained by package authors
– Author removes v1.0.45 and you depend on it
www.visug.be
15. NuGet.Server limitations
• Only 1 feed per installation
• No UI: up to you to build it
• No granular security: only 1 API-key for
entire feed
• Conclusion: requires you to develop if you
want something more useful
www.visug.be
16. Meet MyGet
• www.myget.org
• NaaS
– Register and off you go! (no dev)
• Supports Enterprise scenarios
– Granular security
– Package mirroring
www.visug.be
17. Log in to www.myget.org and get started
MYGET DEMO
www.visug.be
19. Typical source control...
• Contains /References (if you are lucky)
– ...and also
Project/_bin_deployable_assemblies
– ...and also /References/old
– ...and also /..././../.././References
• Usually references GAC-ed assemblies
www.visug.be
20. Dependencies
• Software has dependencies. Deal with it.
• But are those YOUR intellectual property?
– YOUR reason to build software?
– YOUR product?
• No. They are dependencies. And they
don’t belong in source control.
www.visug.be
21. Continuous (Package) Integration
• Can I get rid of all these referenced assemblies
duplicated all-over my source control system?
Yes!
• Do I need to install and maintain NuGet on all
my build agents?
No!
www.visug.be
23. 3rd parties don’t belong in your
SCM
• Replace them with NuGet packages
• Commit packages/repositories.config files
• Use NuGetPowerTools Enable-
PackageRestore
• Set package-source location(s)
(NuGet.settings.targets in $(SolutionDir).nuget folder)
www.visug.be
24. Problem!
• NuGet feed is subject to change...
– PackageSource msbuild property to the rescue
• Now what...
– Host your own feed and mirror packages
– Or use MyGet for that
www.visug.be
25. Organize your chickens
• Feed structuring
– Scoped by quality: Build, QA, Production, …
– Scoped by audience: public, restricted access
– Other:
• Scoped by product version, milestone…
• Scoped by target platform
www.visug.be
27. Guidance
• Publishing a package brings great
responsibility
– Breaking changes in your packages should be
versioned accordingly!
– Consumers might choose to no longer
consume any packages you published
www.visug.be
28. Guidance
• Package Integration ≠ Integration Testing
– CI builds reflect output of source control input
– Same input always produces same output
Do not auto-update packages during
automated builds
www.visug.be
29.
30. (Ab)using NuGet?
• Change of perspective
NuGet is a package
manager
NuGet is a protocol for
distributing packages
www.visug.be
36. Orchard / WebMatrix / …
• NuGet not bound to VS
• Orchard CMS: modules & themes
• WebMatrix: install page helpers on the fly
• Your app: offer plugins through a repo
www.visug.be
38. Conclusion
• Dependencies & people are chickens
Deal with them! NuGet can help
• Set up your own NuGet repository for various
reasons
• Continuous package integration
• NuGet is a package manager
NuGet is a protocol
www.visug.be
39. http://blog.maartenballiauw.be
@maartenballiauw
http://www.xavierdecoster.com
@xavierdecoster
Any questions?
THANK YOU!
www.visug.be
Editor's Notes
Maarten
Maarten
Xavier
Xavier
Xavier
XavierMaarten
Maarten
Xavier: Terugverwijzen naar “Marketing versioning”
Xavier
Maarten
Maarten
Maarten
XavierStart with empty MVC template + addNuGet.ServerpkgRun siteDrop pkgs in packages folderRefresh browserFeed toevoegen in VS & show pkgs
Xavier
Maarten
MaartenInloggen en feed aanmakenPackage pushen vanuit NPEFeed toevoegen aan VSOp MyGet feed security instellenPackage installen in VS en tonen dat er basic auth bijkomtPackage vanNuGet toevoegen op MyGet en tonen dat je alle dependencies kan meepakken, mirroring, … en dat je ook gewoon van uw packages.config kan toevoegen
Xavier
Xavier
Xavier
Maarten
Maarten
Xavier- Het feit dat NuGet.org geen garanties biedt op content- Wat als mensen packages verwijderen? BUILD breaks, DEVS unhappy again
Maarten -> Xavier
Xavier
Xavier
Xavier
Maarten
Maarten
TODO Scaffolding? Toevoegen van functies?Eventueel de NuGet.exe plugins ook nog tonen?