Introduction:
Azure Artifacts enables developers to efficiently manage all their dependencies from one place. With Azure Artifacts, developers can publish packages to their feeds and share them within their team, across organizations, and even publicly across the internet. Azure Artifacts also allows developers to consume packages from different feeds and public registries such as NuGet.org or npmjs.com. Azure Artifacts supports the following package types: NuGet, Npm, Maven, Gradle, Python, Cargo, and Universal Packages.
Get started with Azure Artifacts
With Azure Artifacts, you can publish and consume different types of packages. Select your package type to get started:
Azure Artifacts: Best Practices
Managing software packages can be a complex and time-consuming process, particularly when working with large-scale projects. Fortunately, Azure Artifacts provides a robust platform for package management that can help streamline the process and improve collaboration among development teams.
However, to get the most out of Azure Artifacts, it's essential to follow best practices that ensure the integrity and quality of your packages. In this section, we'll cover some of the most important best practices for producing, consuming, and managing packages in Azure Artifacts. Whether you're a seasoned developer or just starting with Azure Artifacts, these tips will help you optimize your workflow and ensure the success of your projects.
Create and publish packages
Creating and publishing packages is a critical step in any package management workflow. In this section, we'll cover best practices for creating and publishing packages in Azure Artifacts.
Each repository should only reference one feed:
A feed is a fundamental organizational structure for hosting packages. While you can have multiple feeds for a project, it's best to limit a project to referencing just one feed. If you want to use packages from multiple feeds, it's recommended to use upstream sources. This enables you to access packages from multiple feeds and public registries.
Automatically publish newly created packages to your feed:
This will update the@localview of your feed with the new packages. See Feed views to learn more about feed views and upstream sources.Enable retention policies to automatically clean up old package versions:
By deleting older package versions, you can optimize client performance and free up storage space. When setting up your retention policies you have the flexibility to select the number of versions of a package to keep. This allows you to easily manage package versions and improve your package management workflow.
Promote your package to the correct view:
To make a package available to early adopters, you can select it from your feed and promote it to the @prerelease view. Once you've deemed the package to be of sufficient quality for a full release, you can promote it to the @release view. By promoting package versions to a view, you can prevent them from being deleted by retention policies. To learn more about feed views, check out the Feed views article.
If external teams are consuming your packages, ensure that
@releaseand@prereleaseviews are visible across the organizations:If these views aren't visible, teams won't have access to your packages.
Consume Packages
In this section, we'll cover best practices for consuming packages with Azure Artifacts, including configuring package sources, managing package versions, and ensuring secure and efficient package consumption.
Configure upstream sources for your feed:
Adding upstream sources to your feed is the recommended approach for consuming packages from public registries like NuGet.org or npmjs.com. See Understand upstream sources and how to configure upstream sources for more details.
Sources not in your organization but in the same Microsoft Entra tenant should be added using the feed locator:
The syntax for the feed locator is as follows:
azure-feed://<organization>/<projectName>/<feed>@<view>Ensure that the order of the sources matches your desired package resolution order:
The feed will sequentially check each upstream source, and return the package from the first source that has it.
Place public upstreams FIRST in your resolution order:
This prevents other sources from overriding well-known packages with altered or incompatible versions.
Conclusion
In conclusion, Azure Artifacts streamlines dependency management for developers by providing a centralized platform to publish, share, and consume packages across teams, organizations, and the wider internet. Supporting a variety of package types, from NuGet to Npm, Maven to Cargo, it offers flexibility and efficiency, enhancing the development process and fostering collaboration.