APRIL 13, 2023 | SLIDE 1
www.realdolmen.com
NUGET (ANTI-)PATTERNS:
TALES FROM THE TRENCHES
APRIL 13, 2023 | SLIDE 2
WHO AM I?
Xavier Decoster
Antwerp, Belgium
Technical Consultant, RealDolmen
Co-founder of MyGet.org
Microsoft Extended Experts Team
Author of Apress Pro NuGet
http://www.xavierdecoster.com
@xavierdecoster
APRIL 13, 2023 | SLIDE 3
IN THIS SESSION
APRIL 13, 2023 | SLIDE 4
IN THIS SESSION
Package Versioningv1.3.0v1.4.0v1.4.1
…
General Anti-Patterns
Package Repositories
APRIL 13, 2023 | SLIDE 5
#0 – USE PACKAGE RESTORE
A source repository is for … sources What’s a package repository for?
Impact of package restore No more duplication of same binaries Less merge conflicts (no binary diff) Maintain overview of consumed packages in single place Less network I/O (NuGet cache)
Contra-argument: single point of failure Good remark: now deal with it! Disconnected from package source(s)?
APRIL 13, 2023 | SLIDE 6
#1 – USE SEMANTIC VERSIONING
NuGet versioning algorithm differs from SemVer
Major Breaking changes
Minor Backwards compatible API additions/changes
Patch Bugfixes not affecting the API
PreRelease Tag Alpha, Beta, …, RC1, RC2, …
Build Build stamp, metadata, …
SemVer
NuGet
v x SemVer Versioning Scheme
major.minor.patch[-prerelease][+build]
v v NuGet pre-release package
major.minor.patch-prerelease
v v NuGet release package major.minor.patch
x v Legacy Versioning Scheme
major.minor.build.revision
APRIL 13, 2023 | SLIDE 7
#2 – DON’T USE 3-DOTS VERSIONING
Even though NuGet supports it Not supported in SemVer Not supported in combination with pre-release tag
Instead use 2-Dots SemVer notation
Optionally with pre-release tag
major.minor.build.revision
major.minor.patch
major.minor.patch-preReleaseTag
APRIL 13, 2023 | SLIDE 8
#3 – MAINTAIN A SMOOTH UPGRADE PATH
Don’t change Package ID along the way! Your packages will get stuck So will your consumers
APRIL 13, 2023 | SLIDE 9
#3 – MAINTAIN A SMOOTH UPGRADE PATH
Continuous Integration
Quality Assurance
Production
MyGet.Core1.0.1-alpha00001
MyGet.Core1.0.1-alpha
MyGet.Core1.0.1
MyGet.Core1.0.1-alpha00256
…
Version Precedence 1.0.1-alpha00001 < 1.0.1-alpha00256 < 1.0.1-alpha < 1.0.1 Question: Where does 1.0.1-alpha2 fit?
Don’t change Package ID along the way!
APRIL 13, 2023 | SLIDE 10
#4 – SPLIT PACKAGE REPOSITORIES BY AUDIENCE
Continuous Integration
Quality Assurance
Production
MyGet.Core1.0.1-alpha00001
MyGet.Core1.0.1-alpha
MyGet.Core1.0.1
MyGet.Core1.0.1-alpha00256
…
Don’t pollute consumers’ repository with your internal DEV builds MyGet.org is great at this: set up as many feeds as you want
and promote packages from one to another (including nuget.org!)
APRIL 13, 2023 | SLIDE 11
#5 – ONCE PUBLISHED, DON’T DELETE PACKAGES Unlist packages instead!
Maintains upgrade path Still available through package restore Supported by NuGet.org and MyGet.org
Using own NuGet server or file share? Remove user permissions to delete!
Deleting Breaks package restore! Forces consumers to upgrade!
“Attempting to force a user to do something is both an exercise in futility and a great way to guarantee that you have less users
overall” - Rob Reynolds
APRIL 13, 2023 | SLIDE 12
#6 – HAVE A FALLBACK REPOSITORY
Backup consumed packages Mirror them on MyGet.org Download them
Especially when using Package Restore From NuGet.org From any external feed
Each consumer has local cache %LocalAppData%\NuGet\Cache
APRIL 13, 2023 | SLIDE 13
#7 – LOOK FOR BINDING REDIRECTS
Mitigates potential risk for conflicts During assembly resolution
Investigate why Package versions not aligned?
Package upgrades & version alignment can reduce the number of binding redirects
<configuration> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="myAssembly" publicKeyToken="32ab4ba45e0a69a1" culture="neutral" /> <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0"/> </dependentAssembly> </assemblyBinding> </runtime></configuration>
APRIL 13, 2023 | SLIDE 14
#8 – USE SAMPLE PACKAGE OR README.TXT
Don’t pollute your actual packages
Provide a readme.txt If you can’t automate the manual instructions If you want to have your consumers read some specific info Automatically presented to consumer during installation
Use a sample package when appropriate Separate package Different package ID Convention: {packageID}.Sample
E.g.: NUnit NUnit.Sample Sample package depends on actual package you want to ship
APRIL 13, 2023 | SLIDE 15
#8 – USE SAMPLE PACKAGE OR README.TXT
APRIL 13, 2023 | SLIDE 16
#9 – UNINSTALL SHOULD LEAVE NO TRACES
Obvious, but often neglected/forgotten Be a good citizen
Uninstall reverses installation + any side-effects Unless modifications happened
Uninstall Any files copied (binaries, sources, content, scripts…) Tools package: any system modifications (PowerShell modules,
registry keys, environment variables…)
APRIL 13, 2023 | SLIDE 17
THANK YOU!Questions?
http://www.xavierdecoster.com@xavierdecoster
Come get your MyGet stickers, you might get
lucky!