We are using Azure Devops to publish a private nuget server. Currently we have only published 5 of our own nuget packages, however a subset of third-party nuget packages are also showing. I do not have any upstream sources enabled.
Is this normal behavior? I am able to delete them, but it's not clear how they are ending up there in the first place. We are not pushing them. Any help is appreciated.
Rob
Try to open the packages that not yours, and check the Publisher in the package. Publisher lists Who and How publish the package.
Related
General: I develop an Azure DevOps extension with tasks and pipeline decorators. Testing on local Azure DevOps Server instance. Extension loaded through manage extensions from local hard drive. Let's say that I installed the extension first time with version 1.0.0 and a node_modules dependency "3rdPartyDep" with version 2.0.0, which has transitive dependencies with vulnerabilities.
Scenario:
Upgrade "3rdPartyDep" to version 3.0.0 with fixed vulnerabilities. Build new version of my extension, say 1.0.1. Create the .vsix, update the extension in the Azure DevOps Server.
Run a pipeline, which fails because I did not check the "3rdPartyDep" changes and there are breaking changes and the extension fails to run.
Rollback the "3rdPartyDep" library to 2.0.0 because I have no time now to check what is broken in there right now as I have other things to debug and implement, repackage the extension, increase version to 1.0.2, update extension in Azure DevOps Server.
Run the pipeline. It fails with the same exception, as if I didn't rollback. I look into the agent taks folder and I see that the node_modules with the "3rdPartyDep" library is pointing to 3.0.0, which is wrong because I rolled back the version.
I open the generated .vsix archive and check that the node_modules inside contains the correct 2.0.0 version, so no problems of packaging or building from my side.
I make a conclusion that Azure DevOps stores somewhere a cached version of the extension with the node_modules including the wrong version of the "3rdPartyDep". I search that cache folder over internet to find out where it is, and I also search with a search tool all my machine, including words in file. Nowhere to be found. There is no location on my machine with such node_modules containing the 3.0.0 version. It might be stored in some encrypted DB?
I uninstall completely the extension, and install it back. I see that Azure DevOps has a history for the extension, and the cache is not cleared. Any pipeline fails, even if my .vsix does not contain this dependency.
I'm stuck.
Questions:
Where extensions are actually cached inside Azure DevOps Server?
Why updating, uninstalling and installing does not fix the problem?
Is there any way to fix this? What can I do? I do not want to reinstall the server completely. Moreover, this raises concerns about how node_modules are managed and cached and what happens at the clients and the cloud.
You could try the following items:
Try to clean the browser cache, and check whether you have increase the version number in the task.json.
Try to perform Delete task -- Save definition -- add task again process.
Delete Azure DevOps Server cache, which can be followed in this link.
Uninstall the extension from CollectionSettings, remove the extension from local Manage Extensions. Then upload again the extension and install it in the collection.
I am trying to publish a package to gitlab pypi registry. What is the repository url we need to use to publish to a group package registry?.
I tried using this https://gitlab.example.com/api/v4/groups/id/packages/pypi
but it is throwing 404 now found.
The api https://gitlab.example.com/api/v4/groups/id/packages/ returns a empty array for me.
But when I manually take the registry from the UI pypy, npm etc are present.
Publishing to individual project repositories is working fine.
https://gitlab.example.com/api/v4/projects/id/packages/pypi
I run into the same problem.
As far as I understand, groups don't have their own registries. If you go in your group settings, you won't see the option to activate it.
Groups are only placeholders to organize projects, they don't hold any data.
What you see in the UI when clicking on the group registry is the aggregation of all the registries of the projects inside that group.
This is only a search UI, not a registry per se.
Bottom-line is that you have to publish your artefacts to a specific project.
Note that you can have a dedicated project to hold only your registry, and have all your code repositories publish in the same registry.
I'm trying to use EventHub from a WebJob as described https://github.com/Azure/azure-webjobs-sdk/wiki/EventHub-support and Any Example of WebJob using EventHub?.
The problem is that the SO question refers to the nuget package Microsoft.Azure.WebJobs.ServiceBus.1.2.0-alpha-10291 and as far as I can see, that package isn't available anymore.
Does anybody know if there's a new release in the pipe or any other workaround?
BR,
Max.
That library is available from MyGet repository and is being updated sometimes. For adding that, you need to add that repository to NuGet settings:
Package Manager Settings => create a new package source => Use https://www.myget.org/F/azure-appservice/ as a link for the repository.
Now, you should have the library and its dependencies.
I would like to use Azure git deployment with a product I am working on. We reference a 3rd party library which is privately supplied and not available on Nuget.
Azure syncs with the git repo as you would expect, but when it compiles it fails with errors saying it is unable to find the types within the 3rd party library.
The library is checked in to git in the bin folder.
How can I get Azure to reference this library when compiling?
There should be nothing special about doing this on Azure Web Apps vs doing it locally. If your assembly is committed and you reference it from its committed location, everything should just work.
If it doesn't, please try running through the steps in this document to help identify the issue.
You should be able to use standard NuGet practices to make this work. Looking at the documentation for Package Sources you just need to add the package source (like myget.org) to the nuget.config file place this at the same level as you *.sln file.
I am involved in some TFS setup at my new job and one of my tasks is to setup the location of the common framework assemblies in TFS so that the other projects can reference them. The only way I can think of is to branch the assemblies from the framework folder into all of the other projects. The issue with this is that anytime I want to update all of the projects with the new assemblies I need to merge each branch one at a time. Is there not a way to merge all at once?
I mentioned that we should use NuGet but that would rely on the developer doing a get on the new version, they want to push it to the project to ensure that it is being used...
Any advice would be much appreciated!
NuGet is the right way to do it. Make your Framework build publish your NuGet package to a local NuGet Server from where is it is referenced by everyone. This way, when you upgrade framework, everyone will get it and you don't have to push it.
After doing lots of looking around I believe the answer to the problem is here in these two articles:
http://geekswithblogs.net/jakob/archive/2009/03/05/implementing-dependency-replication-with-tfs-team-build.aspx
http://geekswithblogs.net/jakob/archive/2010/12/08/dependency-replication-with-tfs-2010-build.aspx
I'll need to adapt some of the ideas within to TFS 2012.