Skip to content

Latest commit

 

History

History
62 lines (54 loc) · 3.33 KB

6.1. Azure Artifacts.md

File metadata and controls

62 lines (54 loc) · 3.33 KB
Raw

Azure Artifacts

  • Service that allows you to organize and control access to packages

  • Upstream sources

    • Stores your produced packages and proxies & caches packages form remote feeds
    • Remote feeds can be one of the official public sources or a private source.

  • Package Graph

    • Ensure that any dependencies of your package are also available in your feed
    • You can
      • republish them directly (not recommended)
      • or consume them from an upstream source.

  • ❗ Packages are immutable: You cannot replace / update existing version.

  • Permissions

    Permission Reader Collaborator Contributor Owner
    List and restore/install packages
    Save packages from upstream sources
    Push packages
    Unlist/deprecate packages
    Delete/unpublish package
    Edit feed permissions

Feeds

  • Developers download & use packages from feeds itself
  • You can create multiple feeds
  • Each feed can have its own set of packages
  • Public feeds (project-scoped)
    • If the project is private, the feed will be private;
      • If the project is public, the feed will be public e.g. accessible by everyone on internet.
  • Private feeds (organization-scoped or project-scoped)
    • Can be accessed by whole organization or specific selected people in the organization.
    • Consumers need Personal Access Token with read access to packaging to download packages.
  • Feeds can proxy public sources such as NuGet, npm, Maven and Python.
  • You need to create Personal Access Token with write access to packaging to push packages.
  • Feed permissions: Levels of access: Owners, Contributors, Collaborators, and Readers.

Feed views

  • Default: @local, @prerelease, @release, you can add more & delete (except @local)
    • The default URI of the feed points to @local that contains:
      • all packages published directly to the feed e.g. by npm publish
      • packages saved from upstream resources
  • You can promote packages to them
  • They get URL like ...feed@view/nuget/...

Best practices

  • Creating packages as part of a build
    • Each repository should only reference one feed
    • On package creation, automatically publish packages back to the feed.
    • Enable retention policies to automatically cleanup old package versions
    • Promote your package to the correct view (have good quality in @release view)
    • If external teams are consuming your package, ensure that your @release view and @prerelease view are visible across the organization and/or organization
  • Consuming packages from public and internal sources as part of a build
    • Each repository should have a unique feed
    • Configure upstream sources for public and internal sources
    • Sources not in your organization but in the same AAD tenant should be added using the feed locator
    • Ensure that the order of the sources matches your desired package resolution order
      • The feed will check each upstream in order, returning the package from the first source that has it.
    • To avoid confusion, place any public upstreams FIRST in your resolution order